Mercurial Hosting > freedit
changeset 58:31c895b73bd0
improve change email
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Tue, 29 Nov 2022 16:09:17 -0700 |
parents | 169ac5fdb320 |
children | 02d8876dc41d |
files | src/api/change_email.json.luan src/api/change_email_1.json.luan src/api/change_email_2.json.luan src/api/forms.html src/change_email.html.luan src/lib/User.luan |
diffstat | 6 files changed, 128 insertions(+), 47 deletions(-) [+] |
line wrap: on
line diff
diff -r 169ac5fdb320 -r 31c895b73bd0 src/api/change_email.json.luan --- a/src/api/change_email.json.luan Mon Nov 28 23:47:19 2022 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,33 +0,0 @@ -local Luan = require "luan:Luan.luan" -local error = Luan.error -local Html = require "luan:Html.luan" -local url_encode = Html.url_encode or error() -local Io = require "luan:Io.luan" -local output_of = Io.output_of or error() -local Http = require "luan:http/Http.luan" -local Mail = require "site:/lib/Mail.luan" -local Api = require "site:/api/Api.luan" -local api = Api.api or error() -local user_error = Api.user_error or error() - - -return api(function() - local base_url = Http.request.parameters.base_url or user_error "missing base_url param" - local from = Http.request.parameters.from or user_error "missing from param" - local email = Http.request.parameters.email or user_error "missing email param" - local password = Http.request.parameters.password or user_error "missing password param" - local mailer = Mail.sender() or user_error "mail not configured" - mailer.send{ - From = from - To = email - Subject = "Change Email" - body = output_of(function() %> -Change your email address to this email by clicking this link: - -<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password=<%=password%> -<% end) - } - return { - okay = true - } -end)
diff -r 169ac5fdb320 -r 31c895b73bd0 src/api/change_email_1.json.luan --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/api/change_email_1.json.luan Tue Nov 29 16:09:17 2022 -0700 @@ -0,0 +1,36 @@ +local Luan = require "luan:Luan.luan" +local error = Luan.error +local Html = require "luan:Html.luan" +local url_encode = Html.url_encode or error() +local Io = require "luan:Io.luan" +local output_of = Io.output_of or error() +local Http = require "luan:http/Http.luan" +local Mail = require "site:/lib/Mail.luan" +local Api = require "site:/api/Api.luan" +local api = Api.api or error() +local user_error = Api.user_error or error() + + +return api(function() + local base_url = Http.request.parameters.base_url or user_error "missing base_url param" + local from = Http.request.parameters.from or user_error "missing from param" + local to = Http.request.parameters.to or user_error "missing to param" + local email = Http.request.parameters.email or user_error "missing email param" + local password = Http.request.parameters.password or user_error "missing password param" + local mailer = Mail.sender() or user_error "mail not configured" + mailer.send{ + From = from + To = to + Subject = "Change Email" + body = output_of(function() %> +Change your email address to <%=email%> by clicking this link: + +<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password1=<%=password%> + +If you don't want to change your email address, then don't click on the link. +<% end) + } + return { + okay = true + } +end)
diff -r 169ac5fdb320 -r 31c895b73bd0 src/api/change_email_2.json.luan --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/api/change_email_2.json.luan Tue Nov 29 16:09:17 2022 -0700 @@ -0,0 +1,33 @@ +local Luan = require "luan:Luan.luan" +local error = Luan.error +local Html = require "luan:Html.luan" +local url_encode = Html.url_encode or error() +local Io = require "luan:Io.luan" +local output_of = Io.output_of or error() +local Http = require "luan:http/Http.luan" +local Mail = require "site:/lib/Mail.luan" +local Api = require "site:/api/Api.luan" +local api = Api.api or error() +local user_error = Api.user_error or error() + + +return api(function() + local base_url = Http.request.parameters.base_url or user_error "missing base_url param" + local from = Http.request.parameters.from or user_error "missing from param" + local email = Http.request.parameters.email or user_error "missing email param" + local password = Http.request.parameters.password or user_error "missing password param" + local mailer = Mail.sender() or user_error "mail not configured" + mailer.send{ + From = from + To = email + Subject = "Change Email" + body = output_of(function() %> +Change your email address to this email by clicking this link: + +<%=base_url%>/change_email.html?email=<%=url_encode(email)%>&password2=<%=password%> +<% end) + } + return { + okay = true + } +end)
diff -r 169ac5fdb320 -r 31c895b73bd0 src/api/forms.html --- a/src/api/forms.html Mon Nov 28 23:47:19 2022 -0700 +++ b/src/api/forms.html Tue Nov 29 16:09:17 2022 -0700 @@ -15,8 +15,18 @@ <p><input type=submit></p> </form> <hr> - <form action="change_email.json"> - <h3>change_email</h3> + <form action="change_email_1.json"> + <h3>change_email_1</h3> + <p>base_url: <input name=base_url type=url required></p> + <p>from: <input name=from required></p> + <p>to: <input name=to type=email required></p> + <p>email: <input name=email type=email required></p> + <p>password: <input name=password required></p> + <p><input type=submit></p> + </form> + <hr> + <form action="change_email_2.json"> + <h3>change_email_2</h3> <p>base_url: <input name=base_url type=url required></p> <p>from: <input name=from required></p> <p>email: <input name=email type=email required></p>
diff -r 169ac5fdb320 -r 31c895b73bd0 src/change_email.html.luan --- a/src/change_email.html.luan Mon Nov 28 23:47:19 2022 -0700 +++ b/src/change_email.html.luan Tue Nov 29 16:09:17 2022 -0700 @@ -38,11 +38,20 @@ <% end +local function invalid() + page(function() +%> + <p>This link is no longer valid. Please <a href="/change_email.html">try again</a>.</p> +<% + end) +end + return function() local user = User.current_required() if user==nil then return end local email = Http.request.parameters.email - local password = Http.request.parameters.password + local password1 = Http.request.parameters.password1 + local password2 = Http.request.parameters.password2 if email == nil then page(function() %> @@ -56,35 +65,57 @@ </form> <% end) - elseif password == nil then + elseif password1 == nil and password2 == nil then run_in_transaction( function() user = user.reload() - user.hidden_password = User.new_password() + user.hidden_password_1 = User.new_password() user.save() end ) - local result = call_mail_api( "change_email", { + local result = call_mail_api( "change_email_1", { base_url = base_url() from = forum_title.." <support@freedit.org>" + to = user.email email = email - password = user.hidden_password + password = user.hidden_password_1 } ) result.okay or error(result.error) page(function() %> - <p>We have sent an email to your new email address. Click on the link in that email to complete the change.</p> + <p>We have sent an email to your current email address. Click on the link in that email to change your email.</p> <% end) - elseif password ~= user.hidden_password then + elseif password1 ~= nil then + if password1 ~= user.hidden_password_1 then + invalid() + return + end + run_in_transaction( function() + user = user.reload() + user.hidden_password_1 = nil + user.hidden_password_2 = User.new_password() + user.save() + end ) + local result = call_mail_api( "change_email_2", { + base_url = base_url() + from = forum_title.." <support@freedit.org>" + email = email + password = user.hidden_password_2 + } ) + result.okay or error(result.error) page(function() %> - <p>This link is no longer valid. Please <a href="/change_email.html">try again</a>.</p> + <p>We have sent an email to <b><%=email%></b>. Click on the link in that email to complete the change.</p> <% end) - else + elseif password2 ~= nil then + if password2 ~= user.hidden_password_2 then + invalid() + return + end run_in_transaction( function() user = user.reload() user.email = email - user.hidden_password = nil + user.hidden_password_2 = nil user.save() end ) page(function() @@ -92,5 +123,7 @@ <p>Your email has been change to <b><%=user.email%></b>.</p> <% end) + else + error() end end
diff -r 169ac5fdb320 -r 31c895b73bd0 src/lib/User.luan --- a/src/lib/User.luan Mon Nov 28 23:47:19 2022 -0700 +++ b/src/lib/User.luan Tue Nov 29 16:09:17 2022 -0700 @@ -39,7 +39,8 @@ password = doc.password name = doc.user_name created = doc.created - hidden_password = doc.hidden_password + hidden_password_1 = doc.hidden_password_1 + hidden_password_2 = doc.hidden_password_2 } set_local_only(users_by_id,user.id,user) return user @@ -54,7 +55,8 @@ password = user.password user_name = user.name created = user.created or time_now() - hidden_password = user.hidden_password + hidden_password_1 = user.hidden_password_1 + hidden_password_2 = user.hidden_password_2 } end