Mercurial Hosting > hghosting
view src/get_password.html.luan @ 15:a6e72cd199f1
email security
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Sun, 01 Oct 2023 19:53:46 -0600 |
parents | 46f6b69e8b10 |
children | b14073ab9d07 |
line wrap: on
line source
local Luan = require "luan:Luan.luan" local error = Luan.error local String = require "luan:String.luan" local matches = String.matches or error() local Io = require "luan:Io.luan" local output_of = Io.output_of or error() local Http = require "luan:http/Http.luan" local Mail = require "luan:mail/Mail.luan" local Shared = require "site:/lib/Shared.luan" local head = Shared.head or error() local header = Shared.header or error() local config = Shared.config or error() local new_password = Shared.new_password or error() local get_raw_config = Shared.get_raw_config or error() local save_raw_config = Shared.save_raw_config or error() local send_mail = config.mail_info and Mail.sender(config.mail_info).send local function handle(email) matches( email, [[^(\w[-+~.\w]*)@[-\w]+(\\.[-\w]+)*\.[a-zA-Z]+$]] ) or error "invalid email" local change = Http.request.parameters.change ~= nil local password = config.users[email] if password == nil or change then password = new_password() local raw_config = get_raw_config() raw_config.users[email] = password save_raw_config(raw_config) end if send_mail == nil then return "missing config.mail_info, your password is: "..password end local function body() %> Your password is "<%=password%>". <% end_function send_mail{ From = "Mercurial Hosting <hg@reactionary.software>" To = email Subject = "Your Password" body = output_of(body) } return nil end local function response(content) %> <!doctype html> <html> <head> <% head() %> <title>Mercurial - Get Password</title> </head> <body> <% header() %> <div content> <h1>Get Password</h1> <%=content%> </div> </body> </html> <% end return function() Io.stdout = Http.response.text_writer() local email = Http.request.parameters.email if email ~= nil then local error_msg = handle(email) if error_msg == nil then response([[<p>Your password has been emailed to <b>]]..email..[[</b>. Use your email and password for authentication.</p>]]) else response([[<p error>]]..error_msg..[[</p>]]) end return end %> <!doctype html> <html> <head> <% head() %> <title>Mercurial - Get Password</title> </head> <body> <% header() %> <div content> <h1>Get Password</h1> <p>This site uses authentication for access. For authentication, your email address is your user name, and your password will be emailed to you.</p> <p>This page is used to register, to get your password if you forgot it, or to change your password.</p> <hr> <form> <p> <label prompt>Your email address</label> <input type=email name=email required> <label prompt clickable><input type=checkbox name=change> change password</label> </p> <p> <input type=submit value="Get Password"> </p> </form> </div> </body> </html> <% end