diff options
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index c1d9d6c..2848696 100644 --- a/api/user.go +++ b/api/user.go | |||
@@ -3,7 +3,10 @@ package api | |||
3 | import ( | 3 | import ( |
4 | "fmt" | 4 | "fmt" |
5 | "regexp" | 5 | "regexp" |
6 | "strconv" | ||
7 | "time" | ||
6 | 8 | ||
9 | "github.com/dchest/passwordreset" | ||
7 | "github.com/gin-gonic/gin" | 10 | "github.com/gin-gonic/gin" |
8 | 11 | ||
9 | "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" | 12 | "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" |
@@ -90,6 +93,21 @@ func (q SignupQuery) Run() (interface{}, *Error) { | |||
90 | return nil, NewInternalError(err) | 93 | return nil, NewInternalError(err) |
91 | } | 94 | } |
92 | 95 | ||
96 | if MAIL_CONFIG.IsEnabled { | ||
97 | mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET) | ||
98 | err = SendConfirmationMail(q.In.Email, mailConfirmationToken) | ||
99 | if err != nil { | ||
100 | return nil, NewInternalError(err) | ||
101 | } | ||
102 | } | ||
103 | |||
104 | if CONFIG.FreeSMSUser != "" { | ||
105 | err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token)) | ||
106 | if err != nil { | ||
107 | return nil, NewInternalError(err) | ||
108 | } | ||
109 | } | ||
110 | |||
93 | return SignResult{token}, nil | 111 | return SignResult{token}, nil |
94 | } | 112 | } |
95 | 113 | ||
@@ -143,3 +161,56 @@ func GetUser(c *gin.Context) db.User { | |||
143 | 161 | ||
144 | return user.(db.User) | 162 | return user.(db.User) |
145 | } | 163 | } |
164 | |||
165 | type ConfirmEmailQuery struct { | ||
166 | In struct { | ||
167 | Token string | ||
168 | } | ||
169 | } | ||
170 | |||
171 | func (q ConfirmEmailQuery) ValidateParams() *Error { | ||
172 | |||
173 | if q.In.Token == "" { | ||
174 | return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")} | ||
175 | } | ||
176 | |||
177 | return nil | ||
178 | } | ||
179 | |||
180 | func (q ConfirmEmailQuery) Run() (interface{}, *Error) { | ||
181 | var user *db.User | ||
182 | |||
183 | email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) { | ||
184 | var err error | ||
185 | user, err = db.GetUserByEmail(email) | ||
186 | if err != nil { | ||
187 | return nil, err | ||
188 | } | ||
189 | |||
190 | if user == nil { | ||
191 | return nil, fmt.Errorf("'%v' is not registered", email) | ||
192 | } | ||
193 | |||
194 | return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil | ||
195 | |||
196 | }, PASSWORD_RESET_SECRET) | ||
197 | |||
198 | if err != nil && (err == passwordreset.ErrExpiredToken) { | ||
199 | return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")} | ||
200 | } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) { | ||
201 | return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")} | ||
202 | } else if err != nil { | ||
203 | return nil, NewInternalError(err) | ||
204 | } | ||
205 | |||
206 | if user == nil { | ||
207 | return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)} | ||
208 | } | ||
209 | |||
210 | err = db.SetUserStatus(user, db.Confirmed) | ||
211 | if err != nil { | ||
212 | return nil, NewInternalError(err) | ||
213 | } | ||
214 | |||
215 | return nil, nil | ||
216 | } | ||