2018-06-20 23:47:47 +02:00
|
|
|
package webcontroller
|
2018-06-23 21:17:53 +02:00
|
|
|
|
|
|
|
|
import (
|
2021-09-23 22:21:27 +02:00
|
|
|
"fmt"
|
2019-02-22 00:04:57 +01:00
|
|
|
"html/template"
|
2018-06-23 21:17:53 +02:00
|
|
|
"net/http"
|
2019-03-31 22:33:22 +02:00
|
|
|
"time"
|
2018-06-23 21:17:53 +02:00
|
|
|
|
2021-11-16 15:20:15 +01:00
|
|
|
"fornaxian.tech/log"
|
2021-09-23 22:21:27 +02:00
|
|
|
"fornaxian.tech/pixeldrain_api_client/pixelapi"
|
2018-06-23 21:17:53 +02:00
|
|
|
"github.com/julienschmidt/httprouter"
|
|
|
|
|
)
|
|
|
|
|
|
2021-09-23 22:21:27 +02:00
|
|
|
// formAPIError makes it easier to display errors returned by the pixeldrain
|
|
|
|
|
// API. TO make use of this function the form fields should be named exactly the
|
|
|
|
|
// same as the API parameters
|
|
|
|
|
func formAPIError(err error, f *Form) {
|
|
|
|
|
fieldLabel := func(name string) string {
|
|
|
|
|
for _, v := range f.Fields {
|
|
|
|
|
if v.Name == name {
|
|
|
|
|
return v.Label
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return name
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err, ok := err.(pixelapi.Error); ok {
|
|
|
|
|
if err.StatusCode == "multiple_errors" {
|
|
|
|
|
for _, err := range err.Errors {
|
|
|
|
|
// Modify the message to make it more user-friendly
|
|
|
|
|
if err.StatusCode == "string_out_of_range" {
|
|
|
|
|
err.Message = fmt.Sprintf(
|
|
|
|
|
"%s is too long or too short. Should be between %v and %v characters. Current length: %v",
|
|
|
|
|
fieldLabel(err.Extra["field"].(string)),
|
|
|
|
|
err.Extra["min_len"],
|
|
|
|
|
err.Extra["max_len"],
|
|
|
|
|
err.Extra["len"],
|
|
|
|
|
)
|
|
|
|
|
} else if err.StatusCode == "field_contains_illegal_character" {
|
|
|
|
|
err.Message = fmt.Sprintf(
|
|
|
|
|
"Character '%v' is not allowed in %s",
|
|
|
|
|
err.Extra["char"],
|
|
|
|
|
fieldLabel(err.Extra["field"].(string)),
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
f.SubmitMessages = append(f.SubmitMessages, template.HTML(err.Message))
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
f.SubmitMessages = append(f.SubmitMessages, template.HTML(err.Message))
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
log.Error("Error submitting form: %s", err)
|
|
|
|
|
f.SubmitMessages = []template.HTML{"Internal Server Error"}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-23 21:17:53 +02:00
|
|
|
func (wc *WebController) serveLogout(
|
|
|
|
|
w http.ResponseWriter,
|
|
|
|
|
r *http.Request,
|
|
|
|
|
p httprouter.Params,
|
|
|
|
|
) {
|
|
|
|
|
if key, err := wc.getAPIKey(r); err == nil {
|
2021-01-05 00:00:46 +01:00
|
|
|
var api = wc.api.Login(key)
|
2021-03-10 20:13:32 +01:00
|
|
|
if err = api.DeleteUserSession(key); err != nil {
|
2019-12-17 19:28:30 +01:00
|
|
|
log.Warn("logout failed for session '%s': %s", key, err)
|
2018-06-23 21:17:53 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-08 14:47:51 +02:00
|
|
|
http.Redirect(w, r, "/", http.StatusSeeOther)
|
2018-07-08 14:40:20 +02:00
|
|
|
}
|
2019-02-22 00:04:57 +01:00
|
|
|
|
2019-12-23 23:56:57 +01:00
|
|
|
func (wc *WebController) registerForm(td *TemplateData, r *http.Request) (f Form) {
|
2020-05-05 22:03:34 +02:00
|
|
|
var err error
|
2019-02-25 22:53:09 +01:00
|
|
|
// This only runs on the first request
|
|
|
|
|
if wc.captchaSiteKey == "" {
|
2021-03-10 20:13:32 +01:00
|
|
|
capt, err := td.PixelAPI.GetMiscRecaptcha()
|
2019-02-25 22:53:09 +01:00
|
|
|
if err != nil {
|
|
|
|
|
log.Error("Error getting recaptcha key: %s", err)
|
|
|
|
|
f.SubmitMessages = []template.HTML{
|
|
|
|
|
"An internal server error had occurred. Registration is " +
|
|
|
|
|
"unavailable at the moment. Please return later",
|
|
|
|
|
}
|
|
|
|
|
return f
|
|
|
|
|
}
|
|
|
|
|
if capt.SiteKey == "" {
|
|
|
|
|
wc.captchaSiteKey = "none"
|
|
|
|
|
} else {
|
|
|
|
|
wc.captchaSiteKey = capt.SiteKey
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Construct the form
|
2019-12-23 23:56:57 +01:00
|
|
|
f = Form{
|
2019-02-25 22:53:09 +01:00
|
|
|
Name: "register",
|
2020-07-31 21:21:14 +02:00
|
|
|
Title: "Register a new pixeldrain account",
|
2019-12-23 23:56:57 +01:00
|
|
|
Fields: []Field{
|
2019-02-25 22:53:09 +01:00
|
|
|
{
|
|
|
|
|
Name: "username",
|
|
|
|
|
Label: "Username",
|
|
|
|
|
Description: "used for logging into your account",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeUsername,
|
2019-02-25 22:53:09 +01:00
|
|
|
}, {
|
2020-05-05 22:03:34 +02:00
|
|
|
Name: "email",
|
2019-02-25 22:53:09 +01:00
|
|
|
Label: "E-mail address",
|
2020-07-21 12:01:02 +02:00
|
|
|
Description: `not required. your e-mail address will only be
|
|
|
|
|
used for password resets and important account
|
2020-08-03 15:36:51 +02:00
|
|
|
notifications`,
|
2022-08-04 20:19:30 +02:00
|
|
|
Type: FieldTypeEmail,
|
2019-02-25 22:53:09 +01:00
|
|
|
}, {
|
2020-05-05 22:03:34 +02:00
|
|
|
Name: "password",
|
2019-02-25 22:53:09 +01:00
|
|
|
Label: "Password",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeNewPassword,
|
2019-02-25 22:53:09 +01:00
|
|
|
}, {
|
|
|
|
|
Name: "password2",
|
|
|
|
|
Label: "Password verification",
|
|
|
|
|
Description: "you need to enter your password twice so we " +
|
|
|
|
|
"can verify that no typing errors were made, which would " +
|
|
|
|
|
"prevent you from logging into your new account",
|
2022-08-04 20:19:30 +02:00
|
|
|
Type: FieldTypeNewPassword,
|
2019-02-25 22:53:09 +01:00
|
|
|
}, {
|
|
|
|
|
Name: "recaptcha_response",
|
2020-05-05 22:03:34 +02:00
|
|
|
Label: "reCaptcha",
|
2019-02-25 22:53:09 +01:00
|
|
|
Description: "the reCaptcha turing test verifies that you " +
|
|
|
|
|
"are not an evil robot that is trying to flood the " +
|
2020-05-05 22:03:34 +02:00
|
|
|
"website with fake accounts. Please click the white box " +
|
|
|
|
|
"to prove that you're not a robot",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeCaptcha,
|
2019-03-31 22:33:22 +02:00
|
|
|
CaptchaSiteKey: wc.captchaKey(),
|
2019-02-22 00:04:57 +01:00
|
|
|
},
|
|
|
|
|
},
|
2019-02-25 22:53:09 +01:00
|
|
|
SubmitLabel: "Register",
|
|
|
|
|
PostFormHTML: template.HTML("<p>Welcome to the club!</p>"),
|
2019-02-22 00:04:57 +01:00
|
|
|
}
|
|
|
|
|
|
2019-02-25 22:53:09 +01:00
|
|
|
if f.ReadInput(r) {
|
2020-05-05 22:03:34 +02:00
|
|
|
if f.FieldVal("password") != f.FieldVal("password2") {
|
2019-02-25 22:53:09 +01:00
|
|
|
f.SubmitMessages = []template.HTML{
|
|
|
|
|
"Password verification failed. Please enter the same " +
|
|
|
|
|
"password in both password fields"}
|
|
|
|
|
return f
|
|
|
|
|
}
|
2019-03-31 22:33:22 +02:00
|
|
|
log.Debug("capt: %s", f.FieldVal("recaptcha_response"))
|
2020-05-05 22:03:34 +02:00
|
|
|
|
|
|
|
|
if err = td.PixelAPI.UserRegister(
|
2019-02-25 22:53:09 +01:00
|
|
|
f.FieldVal("username"),
|
2020-05-05 22:03:34 +02:00
|
|
|
f.FieldVal("email"),
|
|
|
|
|
f.FieldVal("password"),
|
2019-02-25 22:53:09 +01:00
|
|
|
f.FieldVal("recaptcha_response"),
|
2020-05-05 22:03:34 +02:00
|
|
|
); err != nil {
|
|
|
|
|
formAPIError(err, &f)
|
2019-02-25 22:53:09 +01:00
|
|
|
} else {
|
|
|
|
|
// Request was a success
|
|
|
|
|
f.SubmitSuccess = true
|
|
|
|
|
f.SubmitMessages = []template.HTML{
|
|
|
|
|
`Registration completed! You can now <a href="/login">log in ` +
|
|
|
|
|
`to your account</a>.<br/>We're glad to have you on ` +
|
|
|
|
|
`board, have fun sharing!`}
|
|
|
|
|
}
|
2019-02-22 00:04:57 +01:00
|
|
|
}
|
2019-02-25 22:53:09 +01:00
|
|
|
return f
|
|
|
|
|
}
|
2019-02-22 00:04:57 +01:00
|
|
|
|
2019-12-23 23:56:57 +01:00
|
|
|
func (wc *WebController) loginForm(td *TemplateData, r *http.Request) (f Form) {
|
|
|
|
|
f = Form{
|
2019-03-31 22:33:22 +02:00
|
|
|
Name: "login",
|
|
|
|
|
Title: "Log in to your pixeldrain account",
|
2019-12-23 23:56:57 +01:00
|
|
|
Fields: []Field{
|
2019-03-31 22:33:22 +02:00
|
|
|
{
|
|
|
|
|
Name: "username",
|
|
|
|
|
Label: "Username / e-mail",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeUsername,
|
2019-03-31 22:33:22 +02:00
|
|
|
}, {
|
|
|
|
|
Name: "password",
|
|
|
|
|
Label: "Password",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeCurrentPassword,
|
2019-03-31 22:33:22 +02:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
SubmitLabel: "Login",
|
|
|
|
|
PostFormHTML: template.HTML(
|
2019-12-17 19:28:30 +01:00
|
|
|
`<p>If you don't have a pixeldrain account yet, you can ` +
|
2019-03-31 22:33:22 +02:00
|
|
|
`<a href="/register">register here</a>. No e-mail address is ` +
|
2019-12-17 19:28:30 +01:00
|
|
|
`required.</p>` +
|
|
|
|
|
`<p>Forgot your password? If your account has a valid e-mail ` +
|
|
|
|
|
`address you can <a href="/password_reset">request a new ` +
|
|
|
|
|
`password here</a>.</p>`,
|
2019-03-31 22:33:22 +02:00
|
|
|
),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if f.ReadInput(r) {
|
2021-03-10 20:13:32 +01:00
|
|
|
if session, err := td.PixelAPI.PostUserLogin(
|
2021-01-12 14:07:55 +01:00
|
|
|
f.FieldVal("username"),
|
|
|
|
|
f.FieldVal("password"),
|
2021-12-20 20:42:02 +01:00
|
|
|
"website login",
|
2021-01-12 14:07:55 +01:00
|
|
|
); err != nil {
|
2021-03-11 18:52:55 +01:00
|
|
|
log.Debug("Login failed: %s", err)
|
2020-05-05 22:03:34 +02:00
|
|
|
formAPIError(err, &f)
|
2019-03-31 22:33:22 +02:00
|
|
|
} else {
|
|
|
|
|
// Request was a success
|
|
|
|
|
f.SubmitSuccess = true
|
|
|
|
|
f.SubmitMessages = []template.HTML{"Success!"}
|
2020-02-05 11:56:08 +01:00
|
|
|
|
|
|
|
|
// Set the autentication cookie
|
2019-03-31 22:33:22 +02:00
|
|
|
f.Extra.SetCookie = &http.Cookie{
|
2020-02-19 14:36:55 +01:00
|
|
|
Name: "pd_auth_key",
|
2021-01-12 14:07:55 +01:00
|
|
|
Value: session.AuthKey.String(),
|
2020-02-19 14:36:55 +01:00
|
|
|
Path: "/",
|
|
|
|
|
Expires: time.Now().AddDate(50, 0, 0),
|
|
|
|
|
Domain: wc.sessionCookieDomain,
|
|
|
|
|
|
|
|
|
|
// Strict means the Cookie will only be sent when the user
|
|
|
|
|
// reaches a page by a link from the same domain. Lax means any
|
|
|
|
|
// page on the domain gets the cookie and None means embedded
|
2021-10-19 12:07:04 +02:00
|
|
|
// content also gets the cookie.
|
|
|
|
|
//
|
|
|
|
|
// Users who see pixeldrain links in iframes also expect their
|
|
|
|
|
// accounts to be logged in so we need to use None
|
|
|
|
|
SameSite: http.SameSiteNoneMode,
|
2021-03-10 20:13:32 +01:00
|
|
|
Secure: true,
|
2019-03-31 22:33:22 +02:00
|
|
|
}
|
|
|
|
|
f.Extra.RedirectTo = "/user"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return f
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-23 23:56:57 +01:00
|
|
|
func (wc *WebController) passwordResetForm(td *TemplateData, r *http.Request) (f Form) {
|
|
|
|
|
f = Form{
|
2019-12-17 19:28:30 +01:00
|
|
|
Name: "password_reset",
|
2020-07-31 21:21:14 +02:00
|
|
|
Title: "Recover lost password",
|
2019-12-23 23:56:57 +01:00
|
|
|
Fields: []Field{
|
2019-02-25 22:53:09 +01:00
|
|
|
{
|
2019-12-17 19:28:30 +01:00
|
|
|
Name: "email",
|
|
|
|
|
Label: "E-mail address",
|
2020-07-21 12:01:02 +02:00
|
|
|
Description: `we will send a password reset link to this e-mail
|
2020-08-03 15:36:51 +02:00
|
|
|
address`,
|
2022-08-04 20:19:30 +02:00
|
|
|
Type: FieldTypeEmail,
|
2019-02-25 22:53:09 +01:00
|
|
|
}, {
|
2019-12-17 19:28:30 +01:00
|
|
|
Name: "recaptcha_response",
|
|
|
|
|
Label: "Turing test (click the white box)",
|
|
|
|
|
Description: "the reCaptcha turing test verifies that you " +
|
|
|
|
|
"are not an evil robot that is trying hijack accounts",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeCaptcha,
|
2019-12-17 19:28:30 +01:00
|
|
|
CaptchaSiteKey: wc.captchaKey(),
|
2019-02-25 22:53:09 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
SubmitLabel: "Submit",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if f.ReadInput(r) {
|
2021-03-10 20:13:32 +01:00
|
|
|
if err := td.PixelAPI.PutUserPasswordReset(
|
2020-05-05 22:03:34 +02:00
|
|
|
f.FieldVal("email"),
|
|
|
|
|
f.FieldVal("recaptcha_response"),
|
|
|
|
|
); err != nil {
|
|
|
|
|
formAPIError(err, &f)
|
2019-02-25 22:53:09 +01:00
|
|
|
} else {
|
|
|
|
|
f.SubmitSuccess = true
|
2019-12-23 23:56:57 +01:00
|
|
|
f.SubmitMessages = []template.HTML{
|
|
|
|
|
"Success! Check your inbox for instructions to reset your password",
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return f
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (wc *WebController) passwordResetConfirmForm(td *TemplateData, r *http.Request) (f Form) {
|
|
|
|
|
f = Form{
|
|
|
|
|
Name: "password_reset_confirm",
|
2020-07-31 21:21:14 +02:00
|
|
|
Title: "Reset lost password",
|
2019-12-23 23:56:57 +01:00
|
|
|
Fields: []Field{
|
|
|
|
|
{
|
2020-05-05 22:03:34 +02:00
|
|
|
Name: "new_password",
|
|
|
|
|
Label: "Password",
|
2019-12-23 23:56:57 +01:00
|
|
|
Type: FieldTypeNewPassword,
|
|
|
|
|
}, {
|
2020-05-05 22:03:34 +02:00
|
|
|
Name: "new_password2",
|
|
|
|
|
Label: "Password again",
|
2019-12-23 23:56:57 +01:00
|
|
|
Description: "you need to enter your password twice so we " +
|
|
|
|
|
"can verify that no typing errors were made, which would " +
|
|
|
|
|
"prevent you from logging into your new account",
|
2022-08-04 20:19:30 +02:00
|
|
|
Type: FieldTypeNewPassword,
|
2019-12-23 23:56:57 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
SubmitLabel: "Submit",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var resetKey = r.FormValue("key")
|
|
|
|
|
if resetKey == "" {
|
|
|
|
|
f.SubmitSuccess = false
|
|
|
|
|
f.SubmitMessages = []template.HTML{"Password reset key required"}
|
|
|
|
|
return f
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if f.ReadInput(r) {
|
2020-05-05 22:03:34 +02:00
|
|
|
if f.FieldVal("new_password") != f.FieldVal("new_password2") {
|
2019-12-23 23:56:57 +01:00
|
|
|
f.SubmitMessages = []template.HTML{
|
|
|
|
|
"Password verification failed. Please enter the same " +
|
|
|
|
|
"password in both password fields"}
|
|
|
|
|
return f
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-10 20:13:32 +01:00
|
|
|
if err := td.PixelAPI.PutUserPasswordResetConfirm(resetKey, f.FieldVal("new_password")); err != nil {
|
2020-05-05 22:03:34 +02:00
|
|
|
formAPIError(err, &f)
|
2019-12-23 23:56:57 +01:00
|
|
|
} else {
|
|
|
|
|
f.SubmitSuccess = true
|
2020-05-05 22:03:34 +02:00
|
|
|
f.SubmitMessages = []template.HTML{
|
|
|
|
|
`Success! You can now <a href="/login">log in</a> with your new password`,
|
|
|
|
|
}
|
2019-02-25 22:53:09 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return f
|
2019-02-22 00:04:57 +01:00
|
|
|
}
|
2021-09-23 22:21:27 +02:00
|
|
|
|
|
|
|
|
func (wc *WebController) serveEmailConfirm(
|
|
|
|
|
w http.ResponseWriter,
|
|
|
|
|
r *http.Request,
|
|
|
|
|
p httprouter.Params,
|
|
|
|
|
) {
|
|
|
|
|
var err error
|
|
|
|
|
var status string
|
|
|
|
|
|
|
|
|
|
err = wc.api.PutUserEmailResetConfirm(r.FormValue("key"))
|
|
|
|
|
if err != nil && err.Error() == "not_found" {
|
|
|
|
|
status = "not_found"
|
|
|
|
|
} else if err != nil {
|
2022-01-11 18:53:01 +01:00
|
|
|
log.Debug("E-mail reset fail: %s", err)
|
2021-09-23 22:21:27 +02:00
|
|
|
status = "internal_error"
|
|
|
|
|
} else {
|
|
|
|
|
status = "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
td := wc.newTemplateData(w, r)
|
|
|
|
|
td.Other = status
|
|
|
|
|
|
|
|
|
|
wc.templates.Get().ExecuteTemplate(w, "email_confirm", td)
|
|
|
|
|
}
|
