mirror of
https://github.com/volatiletech/authboss.git
synced 2025-01-22 05:09:42 +02:00
Fix flash message clearing
- Fix token emailing bug with confirm (l2base64)
This commit is contained in:
parent
bfa4c38da5
commit
c8e2058440
@ -52,3 +52,25 @@ type CookieStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
|
|||||||
// It should be a secure storage of the session. This means if it represents a cookie-based session
|
// It should be a secure storage of the session. This means if it represents a cookie-based session
|
||||||
// storage these cookies should be signed in order to prevent tampering, or they should be encrypted.
|
// storage these cookies should be signed in order to prevent tampering, or they should be encrypted.
|
||||||
type SessionStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
|
type SessionStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
|
||||||
|
|
||||||
|
// FlashSuccess returns FlashSuccessKey from the session and removes it.
|
||||||
|
func FlashSuccess(w http.ResponseWriter, r *http.Request) string {
|
||||||
|
storer := Cfg.SessionStoreMaker(w, r)
|
||||||
|
msg, ok := storer.Get(FlashSuccessKey)
|
||||||
|
if ok {
|
||||||
|
storer.Del(FlashSuccessKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
return msg
|
||||||
|
}
|
||||||
|
|
||||||
|
// FlashError returns FlashError from the session and removes it.
|
||||||
|
func FlashError(w http.ResponseWriter, r *http.Request) string {
|
||||||
|
storer := Cfg.SessionStoreMaker(w, r)
|
||||||
|
msg, ok := storer.Get(FlashErrorKey)
|
||||||
|
if ok {
|
||||||
|
storer.Del(FlashErrorKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
return msg
|
||||||
|
}
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
package authboss
|
package authboss
|
||||||
|
|
||||||
import "testing"
|
import (
|
||||||
|
"net/http"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
type testClientStorerErr string
|
type testClientStorerErr string
|
||||||
|
|
||||||
@ -25,3 +28,25 @@ func TestClientStorerErr(t *testing.T) {
|
|||||||
t.Error("Wrong value:", str)
|
t.Error("Wrong value:", str)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestFlashClearer(t *testing.T) {
|
||||||
|
session := mockClientStore{FlashSuccessKey: "success", FlashErrorKey: "error"}
|
||||||
|
Cfg.SessionStoreMaker = func(w http.ResponseWriter, r *http.Request) ClientStorer {
|
||||||
|
return session
|
||||||
|
}
|
||||||
|
|
||||||
|
if msg := FlashSuccess(nil, nil); msg != "success" {
|
||||||
|
t.Error("Unexpected flash success:", msg)
|
||||||
|
}
|
||||||
|
if msg, ok := session.Get(FlashSuccessKey); ok {
|
||||||
|
t.Error("Unexpected success flash:", msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
if msg := FlashError(nil, nil); msg != "error" {
|
||||||
|
t.Error("Unexpected flash error:", msg)
|
||||||
|
}
|
||||||
|
if msg, ok := session.Get(FlashErrorKey); ok {
|
||||||
|
t.Error("Unexpected error flash:", msg)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
@ -20,7 +20,7 @@ type Config struct {
|
|||||||
MountPath string
|
MountPath string
|
||||||
// ViewsPath is the path to search for overridden templates.
|
// ViewsPath is the path to search for overridden templates.
|
||||||
ViewsPath string
|
ViewsPath string
|
||||||
// HostName is the host of the web application (eg https://www.happiness.com:8080) for e-mail url generation.
|
// HostName is the host of the web application (eg https://www.happiness.com:8080) for e-mail url generation. No trailing slash.
|
||||||
HostName string
|
HostName string
|
||||||
// BCryptCost is the cost of the bcrypt password hashing function.
|
// BCryptCost is the cost of the bcrypt password hashing function.
|
||||||
BCryptCost int
|
BCryptCost int
|
||||||
|
@ -9,6 +9,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"path"
|
||||||
|
|
||||||
"gopkg.in/authboss.v0"
|
"gopkg.in/authboss.v0"
|
||||||
"gopkg.in/authboss.v0/internal/render"
|
"gopkg.in/authboss.v0/internal/render"
|
||||||
@ -116,7 +117,7 @@ func (c *Confirm) AfterRegister(ctx *authboss.Context) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(sum[:]))
|
goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(token))
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -127,7 +128,8 @@ var goConfirmEmail = func(c *Confirm, to, token string) {
|
|||||||
|
|
||||||
// confirmEmail sends a confirmation e-mail.
|
// confirmEmail sends a confirmation e-mail.
|
||||||
func (c *Confirm) confirmEmail(to, token string) {
|
func (c *Confirm) confirmEmail(to, token string) {
|
||||||
url := fmt.Sprintf("%s/confirm?%s=%s", authboss.Cfg.HostName, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))
|
p := path.Join(authboss.Cfg.MountPath, "confirm")
|
||||||
|
url := fmt.Sprintf("%s%s?%s=%s", authboss.Cfg.HostName, p, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))
|
||||||
|
|
||||||
email := authboss.Email{
|
email := authboss.Email{
|
||||||
To: []string{to},
|
To: []string{to},
|
||||||
@ -169,7 +171,7 @@ func (c *Confirm) confirmHandler(ctx *authboss.Context, w http.ResponseWriter, r
|
|||||||
ctx.User[StoreConfirmToken] = ""
|
ctx.User[StoreConfirmToken] = ""
|
||||||
ctx.User[StoreConfirmed] = true
|
ctx.User[StoreConfirmed] = true
|
||||||
|
|
||||||
key, err := ctx.User.StringErr(authboss.StoreUsername)
|
key, err := ctx.User.StringErr(authboss.Cfg.PrimaryID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -121,7 +121,7 @@ func login_html_tpl() (*asset, error) {
|
|||||||
return a, nil
|
return a, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var _recover_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xb4\x53\xb1\x6e\xe3\x30\x0c\xdd\xf3\x15\x84\x90\x5b\xed\xfd\x60\x6b\xc9\xdd\x70\xcb\x5d\x70\x0d\xba\x16\x8a\x45\xc7\x42\x65\xc9\xa0\xe9\x34\x81\xaa\x7f\xaf\x15\xa7\x41\xdc\x02\x09\x3a\xd4\x8b\x45\xf1\xf1\x91\xef\x81\x2a\x6a\x4f\x2d\xa8\x8a\x8d\x77\xa5\x08\xa1\xf5\x83\xe3\x4e\x71\x83\x1a\x04\x61\xe5\xf7\x48\x22\x46\x01\x2d\x72\xe3\x75\x29\xd6\xff\x1e\x36\x42\x2e\x60\xfc\x42\x78\x31\xdc\x40\x56\x5b\xd5\x37\xbf\x89\x3c\xc5\x18\x42\x16\x63\xb1\x25\xc8\x65\x08\xe8\x74\x8c\x27\x68\x61\x5c\x37\x30\xf0\xb1\xc3\x52\x30\x1e\x58\x80\x53\x2d\xa6\x8e\x59\x47\xa6\x55\x74\xfc\xf3\x2b\xb5\xe9\xac\xaa\xb0\xf1\x56\x23\xa5\x24\x1b\xb6\x08\x73\xc8\x5e\xd9\xe1\x43\xe5\x63\xba\x4a\xb9\x5c\x4e\xbd\xcf\xf3\x2d\x3b\xa3\xe1\x67\x39\x23\x78\x9f\x1a\x89\xfa\x4b\xb4\x1c\x23\x6b\x7a\x4e\x60\xe3\x34\x1e\x20\x83\x54\x9c\x00\xa4\xdc\x0e\x2f\x88\x51\x5d\xdf\x29\x27\x27\xa1\xf9\xe9\x3c\xd3\x3b\xff\xdd\x56\x5f\x79\x57\x1b\x6a\x9f\x6e\xba\xb0\x9a\x40\x70\xcf\x8d\x33\xd9\xfa\xae\x29\xd5\x27\x57\xe0\x15\xc6\xb3\xe3\x1a\x2e\x23\xfd\xe8\xc5\x57\xbc\xaa\xbe\xc7\xac\xc6\x68\x8d\xee\x6a\x59\x0e\x3d\xd5\x7f\xc7\x60\x2e\x3d\xdd\x6e\xfc\x33\xba\x49\xee\xc4\xb3\x1d\x98\xbd\x3b\x13\xf5\xc3\xb6\x35\x2c\xe4\xff\x69\xa5\x8b\x7c\xca\x5e\x3b\x53\x28\x68\x08\xeb\x52\xe4\xd6\xef\x8c\x13\x72\xa5\x5c\x85\xb6\xc8\x95\x5c\x14\x79\x7a\x27\xf2\x2d\x00\x00\xff\xff\x3b\x0a\x54\x8b\x2e\x03\x00\x00")
|
var _recover_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xb4\x52\x4d\x6f\xe2\x30\x10\xbd\xf3\x2b\x46\x16\x7b\x25\xf7\x95\x93\x0b\x7b\xd9\x4b\x8b\x5a\xd4\x6b\x65\x92\x09\xb1\x6a\x8f\x2d\x67\x42\x41\x6e\xfe\x7b\x6d\x82\x10\xb4\x12\xa8\x87\xe6\x90\xcc\xc7\x7b\x6f\x32\x4f\x23\x5b\x17\x2c\xa8\x9a\xb5\xa3\x52\xc4\x68\xdd\x40\xec\x15\x77\xd8\x80\x08\x58\xbb\x1d\x06\x31\x8e\x02\x2c\x72\xe7\x9a\x52\xac\x1e\x9f\xd7\xa2\x9a\x41\x7a\xa4\x26\x3f\x30\xf0\xc1\x63\x29\x18\xf7\x2c\x80\x94\xc5\x2c\xb3\xf0\x41\x5b\x15\x0e\xff\xff\x65\xae\x37\xaa\xc6\xce\x99\x06\x43\x6e\xb2\x66\x83\x70\x0d\xd9\x29\x33\x7c\x61\xbe\xe4\x52\xee\x15\x95\xdc\x84\xf4\x3e\x0e\x8d\x71\xee\x75\x03\x7f\xcb\x2b\x81\x18\xdf\x35\x77\xb0\xc0\x10\xfa\x73\x36\x4f\x99\xd1\x3d\x67\xb0\xa6\x06\xf7\xb0\x80\x4c\xce\x80\xa0\x68\x8b\x67\xc4\x38\xca\xde\x2b\xaa\xd2\xf8\x14\x16\xc7\x78\x9a\x19\x23\xd2\x91\x70\xf9\xb9\xbd\x7d\xed\xa8\xd5\xc1\xbe\xde\x74\x61\x39\x81\xe0\x9e\x1b\x27\xb1\xd5\x5d\x53\xea\x6f\xae\xc0\x07\xa4\x98\xb8\x85\xf3\x2f\xfd\xe9\xc5\x4f\xbc\xaa\x7f\xc7\xac\x4e\x37\x0d\xd2\xc5\xb1\xec\xfb\xd0\x3e\xa4\xe4\x7a\xf5\x5c\x5d\xbb\x37\xa4\x69\xdd\x49\x67\x33\x30\x3b\x3a\x09\xf5\xc3\xc6\x6a\x16\xd5\xd3\x74\xa7\xb2\x98\xba\x97\xce\x48\x05\x5d\xc0\xb6\x14\x85\x71\x5b\x4d\xa2\x5a\x2a\xaa\xd1\xc8\x42\x55\x33\x59\xe4\xe3\xaf\x3e\x03\x00\x00\xff\xff\xa8\x01\x1f\xc8\x03\x03\x00\x00")
|
||||||
|
|
||||||
func recover_html_tpl_bytes() ([]byte, error) {
|
func recover_html_tpl_bytes() ([]byte, error) {
|
||||||
return bindata_read(
|
return bindata_read(
|
||||||
@ -136,7 +136,7 @@ func recover_html_tpl() (*asset, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
info := bindata_file_info{name: "recover.html.tpl", size: 814, mode: os.FileMode(438), modTime: time.Unix(1424982621, 0)}
|
info := bindata_file_info{name: "recover.html.tpl", size: 771, mode: os.FileMode(438), modTime: time.Unix(1425014937, 0)}
|
||||||
a := &asset{bytes: bytes, info: info}
|
a := &asset{bytes: bytes, info: info}
|
||||||
return a, nil
|
return a, nil
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
<form action="{{mountpathed "recover"}}" method="POST">
|
<form action="{{mountpathed "recover"}}" method="POST">
|
||||||
{{with .flashError}}{{.}}<br />{{end}}
|
|
||||||
<input type="text" name="{{.primaryID}}" placeholder="{{title .primaryID}}" value="{{.primaryIDValue}}" /><br />
|
<input type="text" name="{{.primaryID}}" placeholder="{{title .primaryID}}" value="{{.primaryIDValue}}" /><br />
|
||||||
{{$pid := .primaryID}}{{with .errs}}{{with $errlist := index . $pid}}{{range $errlist}}<span>{{.}}</span><br />{{end}}{{end}}{{end}}
|
{{$pid := .primaryID}}{{with .errs}}{{with $errlist := index . $pid}}{{range $errlist}}<span>{{.}}</span><br />{{end}}{{end}}{{end}}
|
||||||
<input type="text" name="confirm_{{.primaryID}}" placeholder="Confirm {{title .primaryID}}" value="{{.confirmPrimaryIDValue}}" /><br />
|
<input type="text" name="confirm_{{.primaryID}}" placeholder="Confirm {{title .primaryID}}" value="{{.confirmPrimaryIDValue}}" /><br />
|
||||||
|
Loading…
x
Reference in New Issue
Block a user