authboss/confirm/confirm.go

// Package confirm implements confirmation of user registration via e-mail
package confirm

import (
	"crypto/md5"
	"crypto/rand"
	"encoding/base64"
	"errors"
	"fmt"
	"net/http"
	"net/url"
	"path"

	"gopkg.in/authboss.v0"
	"gopkg.in/authboss.v0/internal/render"
)

const (
	StoreConfirmToken = "confirm_token"
	StoreConfirmed    = "confirmed"

	FormValueConfirm = "cnf"

	tplConfirmHTML = "confirm_email.html.tpl"
	tplConfirmText = "confirm_email.txt.tpl"
)

var (
	errUserMissing = errors.New("confirm: After registration user must be loaded")
)

// ConfirmStorer must be implemented in order to satisfy the confirm module's
// storage requirements.
type ConfirmStorer interface {
	authboss.Storer
	// ConfirmUser looks up a user by a confirm token. See confirm module for
	// attribute names. If the token is not found in the data store,
	// simply return nil, ErrUserNotFound.
	ConfirmUser(confirmToken string) (interface{}, error)
}

func init() {
	authboss.RegisterModule("confirm", &Confirm{})
}

type Confirm struct {
	emailHTMLTemplates render.Templates
	emailTextTemplates render.Templates
}

func (c *Confirm) Initialize() (err error) {
	var ok bool
	storer, ok := authboss.Cfg.Storer.(ConfirmStorer)
	if storer == nil || !ok {
		return errors.New("confirm: Need a ConfirmStorer.")
	}

	c.emailHTMLTemplates, err = render.LoadTemplates(authboss.Cfg.LayoutHTMLEmail, authboss.Cfg.ViewsPath, tplConfirmHTML)
	if err != nil {
		return err
	}
	c.emailTextTemplates, err = render.LoadTemplates(authboss.Cfg.LayoutTextEmail, authboss.Cfg.ViewsPath, tplConfirmText)
	if err != nil {
		return err
	}

	authboss.Cfg.Callbacks.Before(authboss.EventGet, c.BeforeGet)
	authboss.Cfg.Callbacks.Before(authboss.EventAuth, c.BeforeGet)
	authboss.Cfg.Callbacks.After(authboss.EventRegister, c.AfterRegister)

	return nil
}

func (c *Confirm) Routes() authboss.RouteTable {
	return authboss.RouteTable{
		"/confirm": c.confirmHandler,
	}
}

func (c *Confirm) Storage() authboss.StorageOptions {
	return authboss.StorageOptions{
		StoreConfirmToken: authboss.String,
		StoreConfirmed:    authboss.Bool,
	}
}

func (c *Confirm) BeforeGet(ctx *authboss.Context) (authboss.Interrupt, error) {
	if confirmed, err := ctx.User.BoolErr(StoreConfirmed); err != nil {
		return authboss.InterruptNone, err
	} else if !confirmed {
		return authboss.InterruptAccountNotConfirmed, nil
	}

	return authboss.InterruptNone, nil
}

// AfterRegister ensures the account is not activated.
func (c *Confirm) AfterRegister(ctx *authboss.Context) error {
	if ctx.User == nil {
		return errUserMissing
	}

	token := make([]byte, 32)
	if _, err := rand.Read(token); err != nil {
		return err
	}
	sum := md5.Sum(token)

	ctx.User[StoreConfirmToken] = base64.StdEncoding.EncodeToString(sum[:])

	if err := ctx.SaveUser(); err != nil {
		return err
	}

	email, err := ctx.User.StringErr(authboss.StoreEmail)
	if err != nil {
		return err
	}

	goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(token))

	return nil
}

var goConfirmEmail = func(c *Confirm, to, token string) {
	go c.confirmEmail(to, token)
}

// confirmEmail sends a confirmation e-mail.
func (c *Confirm) confirmEmail(to, token string) {
	p := path.Join(authboss.Cfg.MountPath, "confirm")
	url := fmt.Sprintf("%s%s?%s=%s", authboss.Cfg.RootURL, p, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))

	email := authboss.Email{
		To:      []string{to},
		From:    authboss.Cfg.EmailFrom,
		Subject: authboss.Cfg.EmailSubjectPrefix + "Confirm New Account",
	}

	err := render.RenderEmail(email, c.emailHTMLTemplates, tplConfirmHTML, c.emailTextTemplates, tplConfirmText, url)
	if err != nil {
		fmt.Fprintf(authboss.Cfg.LogWriter, "confirm: Failed to send e-mail: %v", err)
	}
}

func (c *Confirm) confirmHandler(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error {
	token, err := ctx.FirstFormValueErr(FormValueConfirm)
	if err != nil {
		return err
	}

	toHash, err := base64.URLEncoding.DecodeString(token)
	if err != nil {
		return authboss.ErrAndRedirect{
			Location: "/", Err: fmt.Errorf("confirm: token failed to decode %q => %v\n", token, err),
		}
	}

	sum := md5.Sum(toHash)

	dbTok := base64.StdEncoding.EncodeToString(sum[:])
	user, err := authboss.Cfg.Storer.(ConfirmStorer).ConfirmUser(dbTok)
	if err == authboss.ErrUserNotFound {
		return authboss.ErrAndRedirect{Location: "/", Err: errors.New("confirm: token not found")}
	} else if err != nil {
		return err
	}

	ctx.User = authboss.Unbind(user)

	ctx.User[StoreConfirmToken] = ""
	ctx.User[StoreConfirmed] = true

	key, err := ctx.User.StringErr(authboss.Cfg.PrimaryID)
	if err != nil {
		return err
	}

	if err := ctx.SaveUser(); err != nil {
		return err
	}

	ctx.SessionStorer.Put(authboss.SessionKey, key)
	render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "You have successfully confirmed your account.", "")

	return nil
}
Change documentation a little bit, and fix one bug. 2015-03-15 17:06:08 +02:00			`// Package confirm implements confirmation of user registration via e-mail`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`package confirm`

			`import (`
			`"crypto/md5"`
			`"crypto/rand"`
			`"encoding/base64"`
			`"errors"`
			`"fmt"`
			`"net/http"`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`"net/url"`
Fix flash message clearing - Fix token emailing bug with confirm (l2base64) 2015-02-27 08:01:53 +02:00			`"path"`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
			`"gopkg.in/authboss.v0"`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`"gopkg.in/authboss.v0/internal/render"`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`)`

			`const (`
Finish tests for confirm. - Rename UserXXX to StoreXXX in confirm/authboss. 2015-02-16 23:27:29 +02:00			`StoreConfirmToken = "confirm_token"`
			`StoreConfirmed = "confirmed"`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
			`FormValueConfirm = "cnf"`

			`tplConfirmHTML = "confirm_email.html.tpl"`
Fix confirm's initial test. - Add e-mail templates for confirm. 2015-02-11 02:29:52 +02:00			`tplConfirmText = "confirm_email.txt.tpl"`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`)`

			`var (`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`errUserMissing = errors.New("confirm: After registration user must be loaded")`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`)`

Refactor storers into modules. 2015-02-24 21:04:27 +02:00			`// ConfirmStorer must be implemented in order to satisfy the confirm module's`
			`// storage requirements.`
			`type ConfirmStorer interface {`
			`authboss.Storer`
			`// ConfirmUser looks up a user by a confirm token. See confirm module for`
			`// attribute names. If the token is not found in the data store,`
			`// simply return nil, ErrUserNotFound.`
			`ConfirmUser(confirmToken string) (interface{}, error)`
			`}`

Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`func init() {`
Move create from Storer to RegisterStorer - Fixed the qq tests - Removed all module singletons 2015-02-27 09:09:37 +02:00			`authboss.RegisterModule("confirm", &Confirm{})`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

			`type Confirm struct {`
Split emails to have seperate HTML and Text layouts. 2015-03-03 21:23:49 +02:00			`emailHTMLTemplates render.Templates`
			`emailTextTemplates render.Templates`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

Fix confirm module to use global config 2015-02-16 06:35:32 +02:00			`func (c *Confirm) Initialize() (err error) {`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`var ok bool`
Refactor storers into modules. 2015-02-24 21:04:27 +02:00			`storer, ok := authboss.Cfg.Storer.(ConfirmStorer)`
Fix confirm module to use global config 2015-02-16 06:35:32 +02:00			`if storer == nil \|\| !ok {`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`return errors.New("confirm: Need a ConfirmStorer.")`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

Split emails to have seperate HTML and Text layouts. 2015-03-03 21:23:49 +02:00			`c.emailHTMLTemplates, err = render.LoadTemplates(authboss.Cfg.LayoutHTMLEmail, authboss.Cfg.ViewsPath, tplConfirmHTML)`
			`if err != nil {`
			`return err`
			`}`
			`c.emailTextTemplates, err = render.LoadTemplates(authboss.Cfg.LayoutTextEmail, authboss.Cfg.ViewsPath, tplConfirmText)`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`if err != nil {`
			`return err`
			`}`

Fix confirm module to use global config 2015-02-16 06:35:32 +02:00			`authboss.Cfg.Callbacks.Before(authboss.EventGet, c.BeforeGet)`
Add callback from confirm to BeforeAuth - Allow missing struct attributes to go unnoticed in Bind() 2015-02-26 22:15:33 +02:00			`authboss.Cfg.Callbacks.Before(authboss.EventAuth, c.BeforeGet)`
Fix confirm module to use global config 2015-02-16 06:35:32 +02:00			`authboss.Cfg.Callbacks.After(authboss.EventRegister, c.AfterRegister)`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
			`return nil`
			`}`

			`func (c *Confirm) Routes() authboss.RouteTable {`
			`return authboss.RouteTable{`
			`"/confirm": c.confirmHandler,`
			`}`
			`}`

			`func (c *Confirm) Storage() authboss.StorageOptions {`
			`return authboss.StorageOptions{`
Finish tests for confirm. - Rename UserXXX to StoreXXX in confirm/authboss. 2015-02-16 23:27:29 +02:00			`StoreConfirmToken: authboss.String,`
			`StoreConfirmed: authboss.Bool,`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`
			`}`

Fix confirm module. 2015-02-22 10:09:52 +02:00			`func (c Confirm) BeforeGet(ctx authboss.Context) (authboss.Interrupt, error) {`
			`if confirmed, err := ctx.User.BoolErr(StoreConfirmed); err != nil {`
			`return authboss.InterruptNone, err`
			`} else if !confirmed {`
			`return authboss.InterruptAccountNotConfirmed, nil`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return authboss.InterruptNone, nil`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

			`// AfterRegister ensures the account is not activated.`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`func (c Confirm) AfterRegister(ctx authboss.Context) error {`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`if ctx.User == nil {`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return errUserMissing`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

			`token := make([]byte, 32)`
			`if _, err := rand.Read(token); err != nil {`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return err`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`
			`sum := md5.Sum(token)`

Finish tests for confirm. - Rename UserXXX to StoreXXX in confirm/authboss. 2015-02-16 23:27:29 +02:00			`ctx.User[StoreConfirmToken] = base64.StdEncoding.EncodeToString(sum[:])`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Fix test breakages from new saving stuff. 2015-02-18 18:57:50 +02:00			`if err := ctx.SaveUser(); err != nil {`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return err`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

Fix confirm module. 2015-02-22 10:09:52 +02:00			`email, err := ctx.User.StringErr(authboss.StoreEmail)`
			`if err != nil {`
			`return err`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`
Fix confirm module. 2015-02-22 10:09:52 +02:00
Fix flash message clearing - Fix token emailing bug with confirm (l2base64) 2015-02-27 08:01:53 +02:00			`goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(token))`
Fix confirm module. 2015-02-22 10:09:52 +02:00
			`return nil`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`var goConfirmEmail = func(c *Confirm, to, token string) {`
			`go c.confirmEmail(to, token)`
			`}`

Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`// confirmEmail sends a confirmation e-mail.`
			`func (c *Confirm) confirmEmail(to, token string) {`
Fix flash message clearing - Fix token emailing bug with confirm (l2base64) 2015-02-27 08:01:53 +02:00			`p := path.Join(authboss.Cfg.MountPath, "confirm")`
Rename HostName to RootURL 2015-03-13 04:20:15 +02:00			`url := fmt.Sprintf("%s%s?%s=%s", authboss.Cfg.RootURL, p, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Fix confirm module. 2015-02-22 10:09:52 +02:00			`email := authboss.Email{`
			`To: []string{to},`
			`From: authboss.Cfg.EmailFrom,`
			`Subject: authboss.Cfg.EmailSubjectPrefix + "Confirm New Account",`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

Split emails to have seperate HTML and Text layouts. 2015-03-03 21:23:49 +02:00			`err := render.RenderEmail(email, c.emailHTMLTemplates, tplConfirmHTML, c.emailTextTemplates, tplConfirmText, url)`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`if err != nil {`
			`fmt.Fprintf(authboss.Cfg.LogWriter, "confirm: Failed to send e-mail: %v", err)`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`
			`}`

Fix confirm module. 2015-02-22 10:09:52 +02:00			`func (c Confirm) confirmHandler(ctx authboss.Context, w http.ResponseWriter, r *http.Request) error {`
			`token, err := ctx.FirstFormValueErr(FormValueConfirm)`
			`if err != nil {`
			`return err`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`}`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Finish tests for confirm. - Rename UserXXX to StoreXXX in confirm/authboss. 2015-02-16 23:27:29 +02:00			`toHash, err := base64.URLEncoding.DecodeString(token)`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`if err != nil {`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return authboss.ErrAndRedirect{`
Add router tests. - Rename Endpoint to Location in ErrAndRedirect 2015-02-25 00:45:37 +02:00			`Location: "/", Err: fmt.Errorf("confirm: token failed to decode %q => %v\n", token, err),`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`}`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`}`

Finish tests for confirm. - Rename UserXXX to StoreXXX in confirm/authboss. 2015-02-16 23:27:29 +02:00			`sum := md5.Sum(toHash)`

			`dbTok := base64.StdEncoding.EncodeToString(sum[:])`
Refactor storers into modules. 2015-02-24 21:04:27 +02:00			`user, err := authboss.Cfg.Storer.(ConfirmStorer).ConfirmUser(dbTok)`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`if err == authboss.ErrUserNotFound {`
Add router tests. - Rename Endpoint to Location in ErrAndRedirect 2015-02-25 00:45:37 +02:00			`return authboss.ErrAndRedirect{Location: "/", Err: errors.New("confirm: token not found")}`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`} else if err != nil {`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return err`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`

Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`ctx.User = authboss.Unbind(user)`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Finish tests for confirm. - Rename UserXXX to StoreXXX in confirm/authboss. 2015-02-16 23:27:29 +02:00			`ctx.User[StoreConfirmToken] = ""`
			`ctx.User[StoreConfirmed] = true`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Fix flash message clearing - Fix token emailing bug with confirm (l2base64) 2015-02-27 08:01:53 +02:00			`key, err := ctx.User.StringErr(authboss.Cfg.PrimaryID)`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`if err != nil {`
			`return err`
			`}`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Fix test breakages from new saving stuff. 2015-02-18 18:57:50 +02:00			`if err := ctx.SaveUser(); err != nil {`
Fix confirm module. 2015-02-22 10:09:52 +02:00			`return err`
Finish confirm module (except tests). 2015-02-10 10:43:45 +02:00			`}`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00
Fix confirm module. 2015-02-22 10:09:52 +02:00			`ctx.SessionStorer.Put(authboss.SessionKey, key)`
Make confirm redirect to a sane path. 2015-03-15 20:56:15 +02:00			`render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "You have successfully confirmed your account.", "")`
Fix confirm module. 2015-02-22 10:09:52 +02:00
			`return nil`
Add confirm module beginnings. - Fix some inconsistencies in expire and lock. - Add bool type to storer. 2015-02-07 14:27:12 +02:00			`}`