Fix flash message clearing

- Fix token emailing bug with confirm (l2base64)
2025-01-06 03:54:17 +02:00 · 2015-02-26 22:01:53 -08:00 · 2015-02-26 22:01:53 -08:00 · c8e2058440
commit c8e2058440
parent bfa4c38da5
6 changed files with 56 additions and 8 deletions
--- a/client_storer.go
+++ b/client_storer.go
@ -52,3 +52,25 @@ type CookieStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
 // It should be a secure storage of the session. This means if it represents a cookie-based session
 // storage these cookies should be signed in order to prevent tampering, or they should be encrypted.
 type SessionStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
+
+// FlashSuccess returns FlashSuccessKey from the session and removes it.
+func FlashSuccess(w http.ResponseWriter, r *http.Request) string {
+	storer := Cfg.SessionStoreMaker(w, r)
+	msg, ok := storer.Get(FlashSuccessKey)
+	if ok {
+		storer.Del(FlashSuccessKey)
+	}
+
+	return msg
+}
+
+// FlashError returns FlashError from the session and removes it.
+func FlashError(w http.ResponseWriter, r *http.Request) string {
+	storer := Cfg.SessionStoreMaker(w, r)
+	msg, ok := storer.Get(FlashErrorKey)
+	if ok {
+		storer.Del(FlashErrorKey)
+	}
+
+	return msg
+}
--- a/client_storer_test.go
+++ b/client_storer_test.go
@ -1,6 +1,9 @@
 package authboss

-import "testing"
+import (
+	"net/http"
+	"testing"
+)

 type testClientStorerErr string

@ -25,3 +28,25 @@ func TestClientStorerErr(t *testing.T) {
 		t.Error("Wrong value:", str)
 	}
 }
+
+func TestFlashClearer(t *testing.T) {
+	session := mockClientStore{FlashSuccessKey: "success", FlashErrorKey: "error"}
+	Cfg.SessionStoreMaker = func(w http.ResponseWriter, r *http.Request) ClientStorer {
+		return session
+	}
+
+	if msg := FlashSuccess(nil, nil); msg != "success" {
+		t.Error("Unexpected flash success:", msg)
+	}
+	if msg, ok := session.Get(FlashSuccessKey); ok {
+		t.Error("Unexpected success flash:", msg)
+	}
+
+	if msg := FlashError(nil, nil); msg != "error" {
+		t.Error("Unexpected flash error:", msg)
+	}
+	if msg, ok := session.Get(FlashErrorKey); ok {
+		t.Error("Unexpected error flash:", msg)
+	}
+
+}
--- a/config.go
+++ b/config.go
@ -20,7 +20,7 @@ type Config struct {
 	MountPath string
 	// ViewsPath is the path to search for overridden templates.
 	ViewsPath string
-	// HostName is the host of the web application (eg https://www.happiness.com:8080) for e-mail url generation.
+	// HostName is the host of the web application (eg https://www.happiness.com:8080) for e-mail url generation.  No trailing slash.
 	HostName string
 	// BCryptCost is the cost of the bcrypt password hashing function.
 	BCryptCost int
--- a/confirm/confirm.go
+++ b/confirm/confirm.go
@ -9,6 +9,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"path"

 	"gopkg.in/authboss.v0"
 	"gopkg.in/authboss.v0/internal/render"
@ -116,7 +117,7 @@ func (c *Confirm) AfterRegister(ctx *authboss.Context) error {
 		return err
 	}

-	goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(sum[:]))
+	goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(token))

 	return nil
 }
@ -127,7 +128,8 @@ var goConfirmEmail = func(c *Confirm, to, token string) {

 // confirmEmail sends a confirmation e-mail.
 func (c *Confirm) confirmEmail(to, token string) {
-	url := fmt.Sprintf("%s/confirm?%s=%s", authboss.Cfg.HostName, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))
+	p := path.Join(authboss.Cfg.MountPath, "confirm")
+	url := fmt.Sprintf("%s%s?%s=%s", authboss.Cfg.HostName, p, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))

 	email := authboss.Email{
 		To:      []string{to},
@ -169,7 +171,7 @@ func (c *Confirm) confirmHandler(ctx *authboss.Context, w http.ResponseWriter, r
 	ctx.User[StoreConfirmToken] = ""
 	ctx.User[StoreConfirmed] = true

-	key, err := ctx.User.StringErr(authboss.StoreUsername)
+	key, err := ctx.User.StringErr(authboss.Cfg.PrimaryID)
 	if err != nil {
 		return err
 	}
--- a/internal/render/bindata.go
+++ b/internal/render/bindata.go
@ -121,7 +121,7 @@ func login_html_tpl() (*asset, error) {
 	return a, nil
 }

-var _recover_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xb4\x53\xb1\x6e\xe3\x30\x0c\xdd\xf3\x15\x84\x90\x5b\xed\xfd\x60\x6b\xc9\xdd\x70\xcb\x5d\x70\x0d\xba\x16\x8a\x45\xc7\x42\x65\xc9\xa0\xe9\x34\x81\xaa\x7f\xaf\x15\xa7\x41\xdc\x02\x09\x3a\xd4\x8b\x45\xf1\xf1\x91\xef\x81\x2a\x6a\x4f\x2d\xa8\x8a\x8d\x77\xa5\x08\xa1\xf5\x83\xe3\x4e\x71\x83\x1a\x04\x61\xe5\xf7\x48\x22\x46\x01\x2d\x72\xe3\x75\x29\xd6\xff\x1e\x36\x42\x2e\x60\xfc\x42\x78\x31\xdc\x40\x56\x5b\xd5\x37\xbf\x89\x3c\xc5\x18\x42\x16\x63\xb1\x25\xc8\x65\x08\xe8\x74\x8c\x27\x68\x61\x5c\x37\x30\xf0\xb1\xc3\x52\x30\x1e\x58\x80\x53\x2d\xa6\x8e\x59\x47\xa6\x55\x74\xfc\xf3\x2b\xb5\xe9\xac\xaa\xb0\xf1\x56\x23\xa5\x24\x1b\xb6\x08\x73\xc8\x5e\xd9\xe1\x43\xe5\x63\xba\x4a\xb9\x5c\x4e\xbd\xcf\xf3\x2d\x3b\xa3\xe1\x67\x39\x23\x78\x9f\x1a\x89\xfa\x4b\xb4\x1c\x23\x6b\x7a\x4e\x60\xe3\x34\x1e\x20\x83\x54\x9c\x00\xa4\xdc\x0e\x2f\x88\x51\x5d\xdf\x29\x27\x27\xa1\xf9\xe9\x3c\xd3\x3b\xff\xdd\x56\x5f\x79\x57\x1b\x6a\x9f\x6e\xba\xb0\x9a\x40\x70\xcf\x8d\x33\xd9\xfa\xae\x29\xd5\x27\x57\xe0\x15\xc6\xb3\xe3\x1a\x2e\x23\xfd\xe8\xc5\x57\xbc\xaa\xbe\xc7\xac\xc6\x68\x8d\xee\x6a\x59\x0e\x3d\xd5\x7f\xc7\x60\x2e\x3d\xdd\x6e\xfc\x33\xba\x49\xee\xc4\xb3\x1d\x98\xbd\x3b\x13\xf5\xc3\xb6\x35\x2c\xe4\xff\x69\xa5\x8b\x7c\xca\x5e\x3b\x53\x28\x68\x08\xeb\x52\xe4\xd6\xef\x8c\x13\x72\xa5\x5c\x85\xb6\xc8\x95\x5c\x14\x79\x7a\x27\xf2\x2d\x00\x00\xff\xff\x3b\x0a\x54\x8b\x2e\x03\x00\x00")
+var _recover_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xb4\x52\x4d\x6f\xe2\x30\x10\xbd\xf3\x2b\x46\x16\x7b\x25\xf7\x95\x93\x0b\x7b\xd9\x4b\x8b\x5a\xd4\x6b\x65\x92\x09\xb1\x6a\x8f\x2d\x67\x42\x41\x6e\xfe\x7b\x6d\x82\x10\xb4\x12\xa8\x87\xe6\x90\xcc\xc7\x7b\x6f\x32\x4f\x23\x5b\x17\x2c\xa8\x9a\xb5\xa3\x52\xc4\x68\xdd\x40\xec\x15\x77\xd8\x80\x08\x58\xbb\x1d\x06\x31\x8e\x02\x2c\x72\xe7\x9a\x52\xac\x1e\x9f\xd7\xa2\x9a\x41\x7a\xa4\x26\x3f\x30\xf0\xc1\x63\x29\x18\xf7\x2c\x80\x94\xc5\x2c\xb3\xf0\x41\x5b\x15\x0e\xff\xff\x65\xae\x37\xaa\xc6\xce\x99\x06\x43\x6e\xb2\x66\x83\x70\x0d\xd9\x29\x33\x7c\x61\xbe\xe4\x52\xee\x15\x95\xdc\x84\xf4\x3e\x0e\x8d\x71\xee\x75\x03\x7f\xcb\x2b\x81\x18\xdf\x35\x77\xb0\xc0\x10\xfa\x73\x36\x4f\x99\xd1\x3d\x67\xb0\xa6\x06\xf7\xb0\x80\x4c\xce\x80\xa0\x68\x8b\x67\xc4\x38\xca\xde\x2b\xaa\xd2\xf8\x14\x16\xc7\x78\x9a\x19\x23\xd2\x91\x70\xf9\xb9\xbd\x7d\xed\xa8\xd5\xc1\xbe\xde\x74\x61\x39\x81\xe0\x9e\x1b\x27\xb1\xd5\x5d\x53\xea\x6f\xae\xc0\x07\xa4\x98\xb8\x85\xf3\x2f\xfd\xe9\xc5\x4f\xbc\xaa\x7f\xc7\xac\x4e\x37\x0d\xd2\xc5\xb1\xec\xfb\xd0\x3e\xa4\xe4\x7a\xf5\x5c\x5d\xbb\x37\xa4\x69\xdd\x49\x67\x33\x30\x3b\x3a\x09\xf5\xc3\xc6\x6a\x16\xd5\xd3\x74\xa7\xb2\x98\xba\x97\xce\x48\x05\x5d\xc0\xb6\x14\x85\x71\x5b\x4d\xa2\x5a\x2a\xaa\xd1\xc8\x42\x55\x33\x59\xe4\xe3\xaf\x3e\x03\x00\x00\xff\xff\xa8\x01\x1f\xc8\x03\x03\x00\x00")

 func recover_html_tpl_bytes() ([]byte, error) {
 	return bindata_read(
@ -136,7 +136,7 @@ func recover_html_tpl() (*asset, error) {
 		return nil, err
 	}

-	info := bindata_file_info{name: "recover.html.tpl", size: 814, mode: os.FileMode(438), modTime: time.Unix(1424982621, 0)}
+	info := bindata_file_info{name: "recover.html.tpl", size: 771, mode: os.FileMode(438), modTime: time.Unix(1425014937, 0)}
 	a := &asset{bytes: bytes, info:  info}
 	return a, nil
 }
--- a/internal/render/templates/recover.html.tpl
+++ b/internal/render/templates/recover.html.tpl
@ -1,5 +1,4 @@
 <form action="{{mountpathed "recover"}}" method="POST">
-    {{with .flashError}}{{.}}<br />{{end}}
    <input type="text" name="{{.primaryID}}" placeholder="{{title .primaryID}}" value="{{.primaryIDValue}}" /><br />
    {{$pid := .primaryID}}{{with .errs}}{{with $errlist := index . $pid}}{{range $errlist}}<span>{{.}}</span><br />{{end}}{{end}}{{end}}
    <input type="text" name="confirm_{{.primaryID}}" placeholder="Confirm {{title .primaryID}}" value="{{.confirmPrimaryIDValue}}" /><br />