From 1da6d3db09fea100770e94c4ed5efb93042b1b02 Mon Sep 17 00:00:00 2001 From: Azareal Date: Wed, 30 Oct 2019 16:37:51 +1000 Subject: [PATCH] Don't send activation emails on blank emails. Begin work on the Email Manager. --- routes/account.go | 74 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 63 insertions(+), 11 deletions(-) diff --git a/routes/account.go b/routes/account.go index e8af7562..69cf4067 100644 --- a/routes/account.go +++ b/routes/account.go @@ -114,7 +114,6 @@ func mfaGetCookies(r *http.Request) (uid int, provSession string, signedSession if err != nil { return 0, "", "", err } - provSession, err = extractCookie("provSession", r) if err != nil { return 0, "", "", err @@ -231,18 +230,17 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user c.User) if name == "" { regError(p.GetErrorPhrase("register_need_username"), "no-username") } - // TODO: Add a dedicated function for validating emails - email := c.SanitiseSingleLine(r.PostFormValue("email")) - if headerLite.Settings["activation_type"] == 2 && email == "" { - regError(p.GetErrorPhrase("register_need_email"), "no-email") - } - // This is so a numeric name won't interfere with mentioning a user by ID, there might be a better way of doing this like perhaps !@ to mean IDs and @ to mean usernames in the pre-parser nameBits := strings.Split(name, " ") if isNumeric(nameBits[0]) { regError(p.GetErrorPhrase("register_first_word_numeric"), "numeric-name") } + // TODO: Add a dedicated function for validating emails + email := c.SanitiseSingleLine(r.PostFormValue("email")) + if headerLite.Settings["activation_type"] == 2 && email == "" { + regError(p.GetErrorPhrase("register_need_email"), "no-email") + } if c.HasSuspiciousEmail(email) { regError(p.GetErrorPhrase("register_suspicious_email"), "suspicious-email") } @@ -313,19 +311,17 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user c.User) c.Auth.SetCookies(w, uid, session) // Check if this user actually owns this email, if email activation is on, automatically flip their account to active when the email is validated. Validation is also useful for determining whether this user should receive any alerts, etc. via email - if c.Site.EnableEmails { + if c.Site.EnableEmails && email != "" { token, err := c.GenerateSafeString(80) if err != nil { return c.InternalError(err, w, r) } - // TODO: Add an EmailStore and move this there _, err = qgen.NewAcc().Insert("emails").Columns("email,uid,validated,token").Fields("?,?,?,?").Exec(email, uid, 0, token) if err != nil { return c.InternalError(err, w, r) } - - err = c.SendValidationEmail(name, email, token) + err = c.SendActivationEmail(name, email, token) if err != nil { return c.LocalError(p.GetErrorPhrase("register_email_fail"), w, r, user) } @@ -597,6 +593,62 @@ func AccountEditEmail(w http.ResponseWriter, r *http.Request, user c.User, h *c. return renderTemplate("account", w, r, h, pi) } +func AccountEditEmailAddSubmit(w http.ResponseWriter, r *http.Request, user c.User) c.RouteError { + email := r.PostFormValue("email") + + _, err := c.Emails.Get(&user, email) + if err == nil { + return c.LocalError("You have already added this email.",w,r,user) + } else if err != sql.ErrNoRows && err != nil { + return c.InternalError(err, w, r) + } + + var token string + if c.Site.EnableEmails { + token, err = c.GenerateSafeString(80) + if err != nil { + return c.InternalError(err, w, r) + } + } + err = c.Emails.Add(user.ID, email, token) + if err != nil { + return c.InternalError(err,w,r) + } + if c.Site.EnableEmails { + err = c.SendValidationEmail(user.Name, email, token) + if err != nil { + return c.LocalError(p.GetErrorPhrase("register_email_fail"), w, r, user) + } + } + + http.Redirect(w, r, "/user/edit/email/?added=1", http.StatusSeeOther) + return nil +} + +func AccountEditEmailRemoveSubmit(w http.ResponseWriter, r *http.Request, user c.User) c.RouteError { + headerLite, _ := c.SimpleUserCheck(w, r, &user) + email := r.PostFormValue("email") + + // Quick and dirty check + _, err := c.Emails.Get(&user, email) + if err == sql.ErrNoRows { + return c.LocalError("This email isn't set on this user.",w,r,user) + } else if err != nil { + return c.InternalError(err, w, r) + } + if headerLite.Settings["activation_type"] == 2 && user.Email == email { + return c.LocalError("You can't remove your primary email when mandatory email activation is enabled.",w,r,user) + } + + err = c.Emails.Delete(user.ID, email) + if err != nil { + return c.InternalError(err,w,r) + } + + http.Redirect(w, r, "/user/edit/email/?removed=1", http.StatusSeeOther) + return nil +} + // TODO: Should we make this an AnonAction so someone can do this without being logged in? func AccountEditEmailTokenSubmit(w http.ResponseWriter, r *http.Request, user c.User, token string) c.RouteError { header, ferr := c.UserCheck(w, r, &user)