1 files changed, 71 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go
index c1d9d6c..2848696 100644
--- a/api/user.go
+++ b/api/user.go
@@ -3,7 +3,10 @@ package api
 import (
        "fmt"
        "regexp"
+        "strconv"
+        "time"
+        "github.com/dchest/passwordreset"
        "github.com/gin-gonic/gin"
        "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db"
@@ -90,6 +93,21 @@ func (q SignupQuery) Run() (interface{}, *Error) {
                return nil, NewInternalError(err)
        }
+        if MAIL_CONFIG.IsEnabled {
+                mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET)
+                err = SendConfirmationMail(q.In.Email, mailConfirmationToken)
+                if err != nil {
+                        return nil, NewInternalError(err)
+                }
+        }
+        if CONFIG.FreeSMSUser != "" {
+                err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token))
+                if err != nil {
+                        return nil, NewInternalError(err)
+                }
+        }
        return SignResult{token}, nil
 }
@@ -143,3 +161,56 @@ func GetUser(c *gin.Context) db.User {
        return user.(db.User)
 }
+type ConfirmEmailQuery struct {
+        In struct {
+                Token string
+        }
+}
+func (q ConfirmEmailQuery) ValidateParams() *Error {
+        if q.In.Token == "" {
+                return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")}
+        }
+        return nil
+}
+func (q ConfirmEmailQuery) Run() (interface{}, *Error) {
+        var user *db.User
+        email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) {
+                var err error
+                user, err = db.GetUserByEmail(email)
+                if err != nil {
+                        return nil, err
+                }
+                if user == nil {
+                        return nil, fmt.Errorf("'%v' is not registered", email)
+                }
+                return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil
+        }, PASSWORD_RESET_SECRET)
+        if err != nil && (err == passwordreset.ErrExpiredToken) {
+                return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")}
+        } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) {
+                return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")}
+        } else if err != nil {
+                return nil, NewInternalError(err)
+        }
+        if user == nil {
+                return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)}
+        }
+        err = db.SetUserStatus(user, db.Confirmed)
+        if err != nil {
+                return nil, NewInternalError(err)
+        }
+        return nil, nil
+}

diff --git a/api/user.go b/api/user.go index c1d9d6c..2848696 100644 --- a/api/user.go +++ b/api/user.go
@@ -3,7 +3,10 @@ package api
3	import (	3	import (
4	"fmt"	4	"fmt"
5	"regexp"	5	"regexp"
		6	"strconv"
		7	"time"
6		8
		9	"github.com/dchest/passwordreset"
7	"github.com/gin-gonic/gin"	10	"github.com/gin-gonic/gin"
8		11
9	"immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db"	12	"immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db"
@@ -90,6 +93,21 @@ func (q SignupQuery) Run() (interface{}, *Error) {
90	return nil, NewInternalError(err)	93	return nil, NewInternalError(err)
91	}	94	}
92		95
		96	if MAIL_CONFIG.IsEnabled {
		97	mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour241, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET)
		98	err = SendConfirmationMail(q.In.Email, mailConfirmationToken)
		99	if err != nil {
		100	return nil, NewInternalError(err)
		101	}
		102	}
		103
		104	if CONFIG.FreeSMSUser != "" {
		105	err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token))
		106	if err != nil {
		107	return nil, NewInternalError(err)
		108	}
		109	}
		110
93	return SignResult{token}, nil	111	return SignResult{token}, nil
94	}	112	}
95		113
@@ -143,3 +161,56 @@ func GetUser(c *gin.Context) db.User {
143		161
144	return user.(db.User)	162	return user.(db.User)
145	}	163	}
		164
		165	type ConfirmEmailQuery struct {
		166	In struct {
		167	Token string
		168	}
		169	}
		170
		171	func (q ConfirmEmailQuery) ValidateParams() *Error {
		172
		173	if q.In.Token == "" {
		174	return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")}
		175	}
		176
		177	return nil
		178	}
		179
		180	func (q ConfirmEmailQuery) Run() (interface{}, *Error) {
		181	var user *db.User
		182
		183	email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) {
		184	var err error
		185	user, err = db.GetUserByEmail(email)
		186	if err != nil {
		187	return nil, err
		188	}
		189
		190	if user == nil {
		191	return nil, fmt.Errorf("'%v' is not registered", email)
		192	}
		193
		194	return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil
		195
		196	}, PASSWORD_RESET_SECRET)
		197
		198	if err != nil && (err == passwordreset.ErrExpiredToken) {
		199	return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")}
		200	} else if err != nil && (err == passwordreset.ErrMalformedToken \|\| err == passwordreset.ErrWrongSignature) {
		201	return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")}
		202	} else if err != nil {
		203	return nil, NewInternalError(err)
		204	}
		205
		206	if user == nil {
		207	return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)}
		208	}
		209
		210	err = db.SetUserStatus(user, db.Confirmed)
		211	if err != nil {
		212	return nil, NewInternalError(err)
		213	}
		214
		215	return nil, nil
		216	}