view src/change_email.html.luan @ 59:02d8876dc41d

improve change email
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 29 Nov 2022 18:45:22 -0700
parents 31c895b73bd0
children
line wrap: on
line source

local Luan = require "luan:Luan.luan"
local error = Luan.error
local Io = require "luan:Io.luan"
local Http = require "luan:http/Http.luan"
local Shared = require "site:/lib/Shared.luan"
local head = Shared.head or error()
local header = Shared.header or error()
local footer = Shared.footer or error()
local base_url = Shared.base_url or error()
local call_mail_api = Shared.call_mail_api or error()
local Forum = require "site:/lib/Forum.luan"
local forum_title = Forum.title or error()
local User = require "site:/lib/User.luan"
local Db = require "site:/lib/Db.luan"
local run_in_transaction = Db.run_in_transaction or error()


local function page(contents)
	Io.stdout = Http.response.text_writer()
%>
<!doctype html>
<html>
	<head>
<%		head() %>
		<title><%=forum_title%> - Change Email</title>
	</head>
	<body>
<%		header() %>
		<div content>
			<h1>Change Email</h1>
<%
			contents()
%>
		</div>
<%		footer() %>
	</body>
</html>
<%
end

local function invalid()
	page(function()
%>
			<p>This link is no longer valid.  Please <a href="/change_email.html">try again</a>.</p>
<%
	end)
end

return function()
	local user = User.current_required()
	if user==nil then return end
	local email = Http.request.parameters.email
	local password = Http.request.parameters.password
	if email == nil and password == nil then
		page(function()
%>
			<form>
				<p>Your current email is <b><%=user.email%></b>.</p>
				<p>
					<label>Change email to</label>
					<input type="email" name="email" autofocus required>
				</p>
				<p><input type="submit"></p>
			</form>
<%
		end)
	elseif email ~= nil and password == nil then
		run_in_transaction( function()
			user = user.reload()
			user.hidden_password = User.new_password()
			user.new_email = nil
			user.save()
		end )
		local result = call_mail_api( "change_email_1", {
			base_url = base_url()
			from = forum_title.." <support@freedit.org>"
			to = user.email
			email = email
			password = user.hidden_password
		} )
		result.okay or error(result.error)
		page(function()
%>
			<p>We have sent an email to your current email address.  Click on the link in that email to change your email.</p>
<%
		end)
	elseif email ~= nil and password ~= nil then
		if password ~= user.hidden_password then
			invalid()
			return
		end
		run_in_transaction( function()
			user = user.reload()
			user.hidden_password = User.new_password()
			user.new_email = email
			user.save()
		end )
		local result = call_mail_api( "change_email_2", {
			base_url = base_url()
			from = forum_title.." <support@freedit.org>"
			to = email
			password = user.hidden_password
		} )
		result.okay or error(result.error)
		page(function()
%>
			<p>We have sent an email to <b><%=email%></b>.  Click on the link in that email to complete the change.</p>
<%
		end)
	elseif email == nil and password ~= nil then
		if password ~= user.hidden_password then
			invalid()
			return
		end
		run_in_transaction( function()
			user = user.reload()
			user.email = user.new_email or error()
			user.hidden_password = nil
			user.new_email = nil
			user.save()
		end )
		page(function()
%>
			<p>Your email has been change to <b><%=user.email%></b>.</p>
<%
		end)
	else
		error()
	end
end