Mercurial Hosting > freedit
changeset 59:02d8876dc41d
improve change email
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Tue, 29 Nov 2022 18:45:22 -0700 |
parents | 31c895b73bd0 |
children | 8b5b1bce7d6b |
files | src/api/change_email_1.json.luan src/api/change_email_2.json.luan src/api/forms.html src/change_email.html.luan src/lib/User.luan |
diffstat | 5 files changed, 26 insertions(+), 25 deletions(-) [+] |
line wrap: on
line diff
diff -r 31c895b73bd0 -r 02d8876dc41d src/api/change_email_1.json.luan --- a/src/api/change_email_1.json.luan Tue Nov 29 16:09:17 2022 -0700 +++ b/src/api/change_email_1.json.luan Tue Nov 29 18:45:22 2022 -0700 @@ -25,7 +25,7 @@ body = output_of(function() %> Change your email address to <%=email%> by clicking this link: -<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password1=<%=password%> +<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password=<%=password%> If you don't want to change your email address, then don't click on the link. <% end)
diff -r 31c895b73bd0 -r 02d8876dc41d src/api/change_email_2.json.luan --- a/src/api/change_email_2.json.luan Tue Nov 29 16:09:17 2022 -0700 +++ b/src/api/change_email_2.json.luan Tue Nov 29 18:45:22 2022 -0700 @@ -14,17 +14,17 @@ return api(function() local base_url = Http.request.parameters.base_url or user_error "missing base_url param" local from = Http.request.parameters.from or user_error "missing from param" - local email = Http.request.parameters.email or user_error "missing email param" + local to = Http.request.parameters.to or user_error "missing to param" local password = Http.request.parameters.password or user_error "missing password param" local mailer = Mail.sender() or user_error "mail not configured" mailer.send{ From = from - To = email + To = to Subject = "Change Email" body = output_of(function() %> Change your email address to this email by clicking this link: -<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password2=<%=password%> +<%=base_url%>/change_email.html?password=<%=password%> <% end) } return {
diff -r 31c895b73bd0 -r 02d8876dc41d src/api/forms.html --- a/src/api/forms.html Tue Nov 29 16:09:17 2022 -0700 +++ b/src/api/forms.html Tue Nov 29 18:45:22 2022 -0700 @@ -29,7 +29,7 @@ <h3>change_email_2</h3> <p>base_url: <input name=base_url type=url required></p> <p>from: <input name=from required></p> - <p>email: <input name=email type=email required></p> + <p>to: <input name=to type=email required></p> <p>password: <input name=password required></p> <p><input type=submit></p> </form>
diff -r 31c895b73bd0 -r 02d8876dc41d src/change_email.html.luan --- a/src/change_email.html.luan Tue Nov 29 16:09:17 2022 -0700 +++ b/src/change_email.html.luan Tue Nov 29 18:45:22 2022 -0700 @@ -50,9 +50,8 @@ local user = User.current_required() if user==nil then return end local email = Http.request.parameters.email - local password1 = Http.request.parameters.password1 - local password2 = Http.request.parameters.password2 - if email == nil then + local password = Http.request.parameters.password + if email == nil and password == nil then page(function() %> <form> @@ -65,10 +64,11 @@ </form> <% end) - elseif password1 == nil and password2 == nil then + elseif email ~= nil and password == nil then run_in_transaction( function() user = user.reload() - user.hidden_password_1 = User.new_password() + user.hidden_password = User.new_password() + user.new_email = nil user.save() end ) local result = call_mail_api( "change_email_1", { @@ -76,7 +76,7 @@ from = forum_title.." <support@freedit.org>" to = user.email email = email - password = user.hidden_password_1 + password = user.hidden_password } ) result.okay or error(result.error) page(function() @@ -84,22 +84,22 @@ <p>We have sent an email to your current email address. Click on the link in that email to change your email.</p> <% end) - elseif password1 ~= nil then - if password1 ~= user.hidden_password_1 then + elseif email ~= nil and password ~= nil then + if password ~= user.hidden_password then invalid() return end run_in_transaction( function() user = user.reload() - user.hidden_password_1 = nil - user.hidden_password_2 = User.new_password() + user.hidden_password = User.new_password() + user.new_email = email user.save() end ) local result = call_mail_api( "change_email_2", { base_url = base_url() from = forum_title.." <support@freedit.org>" - email = email - password = user.hidden_password_2 + to = email + password = user.hidden_password } ) result.okay or error(result.error) page(function() @@ -107,15 +107,16 @@ <p>We have sent an email to <b><%=email%></b>. Click on the link in that email to complete the change.</p> <% end) - elseif password2 ~= nil then - if password2 ~= user.hidden_password_2 then + elseif email == nil and password ~= nil then + if password ~= user.hidden_password then invalid() return end run_in_transaction( function() user = user.reload() - user.email = email - user.hidden_password_2 = nil + user.email = user.new_email or error() + user.hidden_password = nil + user.new_email = nil user.save() end ) page(function()
diff -r 31c895b73bd0 -r 02d8876dc41d src/lib/User.luan --- a/src/lib/User.luan Tue Nov 29 16:09:17 2022 -0700 +++ b/src/lib/User.luan Tue Nov 29 18:45:22 2022 -0700 @@ -39,8 +39,8 @@ password = doc.password name = doc.user_name created = doc.created - hidden_password_1 = doc.hidden_password_1 - hidden_password_2 = doc.hidden_password_2 + hidden_password = doc.hidden_password + new_email = doc.new_email } set_local_only(users_by_id,user.id,user) return user @@ -55,8 +55,8 @@ password = user.password user_name = user.name created = user.created or time_now() - hidden_password_1 = user.hidden_password_1 - hidden_password_2 = user.hidden_password_2 + hidden_password = user.hidden_password + new_email = user.new_email } end