Mercurial Hosting > hghosting
annotate src/get_password.html.luan @ 15:a6e72cd199f1
email security
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Sun, 01 Oct 2023 19:53:46 -0600 |
parents | 46f6b69e8b10 |
children | b14073ab9d07 |
rev | line source |
---|---|
0 | 1 local Luan = require "luan:Luan.luan" |
2 local error = Luan.error | |
15 | 3 local String = require "luan:String.luan" |
4 local matches = String.matches or error() | |
0 | 5 local Io = require "luan:Io.luan" |
6 local output_of = Io.output_of or error() | |
7 local Http = require "luan:http/Http.luan" | |
8 local Mail = require "luan:mail/Mail.luan" | |
9 local Shared = require "site:/lib/Shared.luan" | |
10 local head = Shared.head or error() | |
11 local header = Shared.header or error() | |
12 local config = Shared.config or error() | |
13 local new_password = Shared.new_password or error() | |
14 local get_raw_config = Shared.get_raw_config or error() | |
15 local save_raw_config = Shared.save_raw_config or error() | |
16 | |
17 | |
7
46f6b69e8b10
better handling of missing mail_info
Franklin Schmidt <fschmidt@gmail.com>
parents:
6
diff
changeset
|
18 local send_mail = config.mail_info and Mail.sender(config.mail_info).send |
0 | 19 |
20 local function handle(email) | |
15 | 21 matches( email, [[^(\w[-+~.\w]*)@[-\w]+(\\.[-\w]+)*\.[a-zA-Z]+$]] ) or error "invalid email" |
0 | 22 local change = Http.request.parameters.change ~= nil |
23 local password = config.users[email] | |
24 if password == nil or change then | |
25 password = new_password() | |
26 local raw_config = get_raw_config() | |
27 raw_config.users[email] = password | |
28 save_raw_config(raw_config) | |
29 end | |
7
46f6b69e8b10
better handling of missing mail_info
Franklin Schmidt <fschmidt@gmail.com>
parents:
6
diff
changeset
|
30 if send_mail == nil then |
46f6b69e8b10
better handling of missing mail_info
Franklin Schmidt <fschmidt@gmail.com>
parents:
6
diff
changeset
|
31 return "missing config.mail_info, your password is: "..password |
46f6b69e8b10
better handling of missing mail_info
Franklin Schmidt <fschmidt@gmail.com>
parents:
6
diff
changeset
|
32 end |
0 | 33 local function body() |
34 %> | |
35 Your password is "<%=password%>". | |
36 <% | |
37 end_function | |
38 send_mail{ | |
39 From = "Mercurial Hosting <hg@reactionary.software>" | |
40 To = email | |
41 Subject = "Your Password" | |
42 body = output_of(body) | |
43 } | |
44 return nil | |
45 end | |
46 | |
47 local function response(content) | |
48 %> | |
49 <!doctype html> | |
50 <html> | |
51 <head> | |
52 <% head() %> | |
53 <title>Mercurial - Get Password</title> | |
54 </head> | |
55 <body> | |
56 <% header() %> | |
57 <div content> | |
58 <h1>Get Password</h1> | |
59 <%=content%> | |
60 </div> | |
61 </body> | |
62 </html> | |
63 <% | |
64 end | |
65 | |
66 return function() | |
67 Io.stdout = Http.response.text_writer() | |
68 local email = Http.request.parameters.email | |
69 if email ~= nil then | |
70 local error_msg = handle(email) | |
71 if error_msg == nil then | |
72 response([[<p>Your password has been emailed to <b>]]..email..[[</b>. Use your email and password for authentication.</p>]]) | |
73 else | |
74 response([[<p error>]]..error_msg..[[</p>]]) | |
75 end | |
76 return | |
77 end | |
78 %> | |
79 <!doctype html> | |
80 <html> | |
81 <head> | |
82 <% head() %> | |
83 <title>Mercurial - Get Password</title> | |
84 </head> | |
85 <body> | |
86 <% header() %> | |
87 <div content> | |
88 <h1>Get Password</h1> | |
89 | |
90 <p>This site uses authentication for access. For authentication, your email address is your user name, and your password will be emailed to you.</p> | |
91 | |
92 <p>This page is used to register, to get your password if you forgot it, or to change your password.</p> | |
93 | |
94 <hr> | |
95 <form> | |
96 <p> | |
97 <label prompt>Your email address</label> | |
98 <input type=email name=email required> | |
99 <label prompt clickable><input type=checkbox name=change> change password</label> | |
100 </p> | |
101 <p> | |
102 <input type=submit value="Get Password"> | |
103 </p> | |
104 </form> | |
105 </div> | |
106 </body> | |
107 </html> | |
108 <% | |
109 end |