diff options
| author | Josh Morel <morel.josh@hotmail.com> | 2018-08-31 03:18:19 -0400 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2018-08-31 09:18:19 +0200 |
| commit | d9eaee3939bf2e93e5d775d32bce77842201faba (patch) | |
| tree | c115acb3611986b98f51b3addf29ebe66f63ee7f /server/controllers | |
| parent | 04291e1ba44032165388758e993d385a10c1c5a1 (diff) | |
| download | PeerTube-d9eaee3939bf2e93e5d775d32bce77842201faba.tar.gz PeerTube-d9eaee3939bf2e93e5d775d32bce77842201faba.tar.zst PeerTube-d9eaee3939bf2e93e5d775d32bce77842201faba.zip | |
add user account email verificiation (#977)
* add user account email verificiation
includes server and client code to:
* enable verificationRequired via custom config
* send verification email with registration
* ask for verification email
* verify via email
* prevent login if not verified and required
* conditional client links to ask for new verification email
* allow login for verified=null
these are users created when verification not required
should still be able to login when verification is enabled
* refactor email verifcation pr
* change naming from verified to emailVerified
* change naming from askVerifyEmail to askSendVerifyEmail
* undo unrelated automatic prettier formatting on api/config
* use redirectService for home
* remove redundant success notification on email verified
* revert test.yaml smpt host
Diffstat (limited to 'server/controllers')
| -rw-r--r-- | server/controllers/api/config.ts | 16 | ||||
| -rw-r--r-- | server/controllers/api/users/index.ts | 47 |
2 files changed, 58 insertions, 5 deletions
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts index 25ddd1fa6..6edbe4820 100644 --- a/server/controllers/api/config.ts +++ b/server/controllers/api/config.ts | |||
| @@ -60,7 +60,8 @@ async function getConfig (req: express.Request, res: express.Response, next: exp | |||
| 60 | serverVersion: packageJSON.version, | 60 | serverVersion: packageJSON.version, |
| 61 | signup: { | 61 | signup: { |
| 62 | allowed, | 62 | allowed, |
| 63 | allowedForCurrentIP | 63 | allowedForCurrentIP, |
| 64 | requiresEmailVerification: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION | ||
| 64 | }, | 65 | }, |
| 65 | transcoding: { | 66 | transcoding: { |
| 66 | enabledResolutions | 67 | enabledResolutions |
| @@ -159,12 +160,20 @@ async function updateCustomConfig (req: express.Request, res: express.Response, | |||
| 159 | toUpdate.transcoding.threads = parseInt('' + toUpdate.transcoding.threads, 10) | 160 | toUpdate.transcoding.threads = parseInt('' + toUpdate.transcoding.threads, 10) |
| 160 | 161 | ||
| 161 | // camelCase to snake_case key | 162 | // camelCase to snake_case key |
| 162 | const toUpdateJSON = omit(toUpdate, 'user.videoQuota', 'instance.defaultClientRoute', 'instance.shortDescription', 'cache.videoCaptions') | 163 | const toUpdateJSON = omit( |
| 164 | toUpdate, | ||
| 165 | 'user.videoQuota', | ||
| 166 | 'instance.defaultClientRoute', | ||
| 167 | 'instance.shortDescription', | ||
| 168 | 'cache.videoCaptions', | ||
| 169 | 'signup.requiresEmailVerification' | ||
| 170 | ) | ||
| 163 | toUpdateJSON.user['video_quota'] = toUpdate.user.videoQuota | 171 | toUpdateJSON.user['video_quota'] = toUpdate.user.videoQuota |
| 164 | toUpdateJSON.user['video_quota_daily'] = toUpdate.user.videoQuotaDaily | 172 | toUpdateJSON.user['video_quota_daily'] = toUpdate.user.videoQuotaDaily |
| 165 | toUpdateJSON.instance['default_client_route'] = toUpdate.instance.defaultClientRoute | 173 | toUpdateJSON.instance['default_client_route'] = toUpdate.instance.defaultClientRoute |
| 166 | toUpdateJSON.instance['short_description'] = toUpdate.instance.shortDescription | 174 | toUpdateJSON.instance['short_description'] = toUpdate.instance.shortDescription |
| 167 | toUpdateJSON.instance['default_nsfw_policy'] = toUpdate.instance.defaultNSFWPolicy | 175 | toUpdateJSON.instance['default_nsfw_policy'] = toUpdate.instance.defaultNSFWPolicy |
| 176 | toUpdateJSON.signup['requires_email_verification'] = toUpdate.signup.requiresEmailVerification | ||
| 168 | 177 | ||
| 169 | await writeJSON(CONFIG.CUSTOM_FILE, toUpdateJSON, { spaces: 2 }) | 178 | await writeJSON(CONFIG.CUSTOM_FILE, toUpdateJSON, { spaces: 2 }) |
| 170 | 179 | ||
| @@ -220,7 +229,8 @@ function customConfig (): CustomConfig { | |||
| 220 | }, | 229 | }, |
| 221 | signup: { | 230 | signup: { |
| 222 | enabled: CONFIG.SIGNUP.ENABLED, | 231 | enabled: CONFIG.SIGNUP.ENABLED, |
| 223 | limit: CONFIG.SIGNUP.LIMIT | 232 | limit: CONFIG.SIGNUP.LIMIT, |
| 233 | requiresEmailVerification: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION | ||
| 224 | }, | 234 | }, |
| 225 | admin: { | 235 | admin: { |
| 226 | email: CONFIG.ADMIN.EMAIL | 236 | email: CONFIG.ADMIN.EMAIL |
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 25d51ae5e..008c34ca4 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
| @@ -25,7 +25,10 @@ import { | |||
| 25 | usersSortValidator, | 25 | usersSortValidator, |
| 26 | usersUpdateValidator | 26 | usersUpdateValidator |
| 27 | } from '../../../middlewares' | 27 | } from '../../../middlewares' |
| 28 | import { usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator } from '../../../middlewares/validators' | 28 | import { |
| 29 | usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator, | ||
| 30 | usersAskSendVerifyEmailValidator, usersVerifyEmailValidator | ||
| 31 | } from '../../../middlewares/validators' | ||
| 29 | import { UserModel } from '../../../models/account/user' | 32 | import { UserModel } from '../../../models/account/user' |
| 30 | import { OAuthTokenModel } from '../../../models/oauth/oauth-token' | 33 | import { OAuthTokenModel } from '../../../models/oauth/oauth-token' |
| 31 | import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger' | 34 | import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger' |
| @@ -110,6 +113,17 @@ usersRouter.post('/:id/reset-password', | |||
| 110 | asyncMiddleware(resetUserPassword) | 113 | asyncMiddleware(resetUserPassword) |
| 111 | ) | 114 | ) |
| 112 | 115 | ||
| 116 | usersRouter.post('/ask-send-verify-email', | ||
| 117 | loginRateLimiter, | ||
| 118 | asyncMiddleware(usersAskSendVerifyEmailValidator), | ||
| 119 | asyncMiddleware(askSendVerifyUserEmail) | ||
| 120 | ) | ||
| 121 | |||
| 122 | usersRouter.post('/:id/verify-email', | ||
| 123 | asyncMiddleware(usersVerifyEmailValidator), | ||
| 124 | asyncMiddleware(verifyUserEmail) | ||
| 125 | ) | ||
| 126 | |||
| 113 | usersRouter.post('/token', | 127 | usersRouter.post('/token', |
| 114 | loginRateLimiter, | 128 | loginRateLimiter, |
| 115 | token, | 129 | token, |
| @@ -165,7 +179,8 @@ async function registerUser (req: express.Request, res: express.Response) { | |||
| 165 | autoPlayVideo: true, | 179 | autoPlayVideo: true, |
| 166 | role: UserRole.USER, | 180 | role: UserRole.USER, |
| 167 | videoQuota: CONFIG.USER.VIDEO_QUOTA, | 181 | videoQuota: CONFIG.USER.VIDEO_QUOTA, |
| 168 | videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY | 182 | videoQuotaDaily: CONFIG.USER.VIDEO_QUOTA_DAILY, |
| 183 | emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null | ||
| 169 | }) | 184 | }) |
| 170 | 185 | ||
| 171 | const { user } = await createUserAccountAndChannel(userToCreate) | 186 | const { user } = await createUserAccountAndChannel(userToCreate) |
| @@ -173,6 +188,10 @@ async function registerUser (req: express.Request, res: express.Response) { | |||
| 173 | auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON())) | 188 | auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON())) |
| 174 | logger.info('User %s with its channel and account registered.', body.username) | 189 | logger.info('User %s with its channel and account registered.', body.username) |
| 175 | 190 | ||
| 191 | if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) { | ||
| 192 | await sendVerifyUserEmail(user) | ||
| 193 | } | ||
| 194 | |||
| 176 | return res.type('json').status(204).end() | 195 | return res.type('json').status(204).end() |
| 177 | } | 196 | } |
| 178 | 197 | ||
| @@ -261,6 +280,30 @@ async function resetUserPassword (req: express.Request, res: express.Response, n | |||
| 261 | return res.status(204).end() | 280 | return res.status(204).end() |
| 262 | } | 281 | } |
| 263 | 282 | ||
| 283 | async function sendVerifyUserEmail (user: UserModel) { | ||
| 284 | const verificationString = await Redis.Instance.setVerifyEmailVerificationString(user.id) | ||
| 285 | const url = CONFIG.WEBSERVER.URL + '/verify-account/email?userId=' + user.id + '&verificationString=' + verificationString | ||
| 286 | await Emailer.Instance.addVerifyEmailJob(user.email, url) | ||
| 287 | return | ||
| 288 | } | ||
| 289 | |||
| 290 | async function askSendVerifyUserEmail (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
| 291 | const user = res.locals.user as UserModel | ||
| 292 | |||
| 293 | await sendVerifyUserEmail(user) | ||
| 294 | |||
| 295 | return res.status(204).end() | ||
| 296 | } | ||
| 297 | |||
| 298 | async function verifyUserEmail (req: express.Request, res: express.Response, next: express.NextFunction) { | ||
| 299 | const user = res.locals.user as UserModel | ||
| 300 | user.emailVerified = true | ||
| 301 | |||
| 302 | await user.save() | ||
| 303 | |||
| 304 | return res.status(204).end() | ||
| 305 | } | ||
| 306 | |||
| 264 | function success (req: express.Request, res: express.Response, next: express.NextFunction) { | 307 | function success (req: express.Request, res: express.Response, next: express.NextFunction) { |
| 265 | res.end() | 308 | res.end() |
| 266 | } | 309 | } |