X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=api%2Fuser.go;h=a2737fd0a06c9f8e3cdacc81ef1990168982cea3;hb=d1c0ccfcb84f1b8778e38b027a333d03e1f4ae9e;hp=9fd947985210e186608cc290572078a12c8388aa;hpb=85545aba62546f219a9c9730945511412a3174ef;p=perso%2FImmae%2FProjets%2FCryptomonnaies%2FCryptoportfolio%2FFront.git diff --git a/api/user.go b/api/user.go index 9fd9479..a2737fd 100644 --- a/api/user.go +++ b/api/user.go @@ -3,7 +3,10 @@ package api import ( "fmt" "regexp" + "strconv" + "time" + "github.com/dchest/passwordreset" "github.com/gin-gonic/gin" "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" @@ -13,6 +16,26 @@ const ( VALID_EMAIL_REGEX = `(?i)^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$` ) +func UserConfirmed(c *gin.Context) *Error { + user, exists := c.Get("user") + + if !exists { + return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")} + } + + if user.(db.User).Status != db.Confirmed { + return &Error{UserNotConfirmed, "user awaiting admin validation", fmt.Errorf("user '%v' not confirmed", user)} + } + + return nil +} + +func GetUser(c *gin.Context) db.User { + user, _ := c.Get("user") + + return user.(db.User) +} + func IsValidEmailAddress(email string) bool { r := regexp.MustCompile(VALID_EMAIL_REGEX) @@ -81,6 +104,30 @@ func (q SignupQuery) Run() (interface{}, *Error) { } } + configMap := make(map[string]string) + configMap["key"] = "" + configMap["secret"] = "" + + _, err = db.SetUserMarketConfig(newUser.Id, "poloniex", configMap) + if err != nil { + return nil, NewInternalError(err) + } + + if MAIL_CONFIG.IsEnabled { + mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET) + err = SendConfirmationMail(q.In.Email, mailConfirmationToken) + if err != nil { + return nil, NewInternalError(err) + } + } + + if CONFIG.FreeSMSUser != "" { + err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token)) + if err != nil { + return nil, NewInternalError(err) + } + } + return SignResult{token}, nil } @@ -115,22 +162,74 @@ func (q SigninQuery) Run() (interface{}, *Error) { return SignResult{token}, nil } -func UserConfirmed(c *gin.Context) *Error { - user, exists := c.Get("user") +type ConfirmEmailQuery struct { + In struct { + Token string + } +} - if !exists { - return &Error{NotAuthorized, "not authorized", fmt.Errorf("no user key in context")} +func (q ConfirmEmailQuery) ValidateParams() *Error { + + if q.In.Token == "" { + return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")} } - if user.(db.User).Status != db.Confirmed { - return &Error{UserNotConfirmed, "user awaiting admin validation", fmt.Errorf("user '%v' not confirmed", user)} + return nil +} + +func (q ConfirmEmailQuery) Run() (interface{}, *Error) { + var user *db.User + + email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) { + var err error + user, err = db.GetUserByEmail(email) + if err != nil { + return nil, err + } + + if user == nil { + return nil, fmt.Errorf("'%v' is not registered", email) + } + + return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil + + }, PASSWORD_RESET_SECRET) + + if err != nil && (err == passwordreset.ErrExpiredToken) { + return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")} + } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) { + return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")} + } else if err != nil { + return nil, NewInternalError(err) + } + + if user == nil { + return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)} + } + + err = db.SetUserStatus(user, db.Confirmed) + if err != nil { + return nil, NewInternalError(err) } + return nil, nil +} + +type UserAccountQuery struct { + In struct { + User db.User + } + Out struct { + Email string `json:"email"` + } +} + +func (q UserAccountQuery) ValidateParams() *Error { return nil } -func GetUser(c *gin.Context) db.User { - user, _ := c.Get("user") +func (q UserAccountQuery) Run() (interface{}, *Error) { + q.Out.Email = q.In.User.Email - return user.(db.User) + return q.Out, nil }