1
0
mirror of https://github.com/volatiletech/authboss.git synced 2025-01-22 05:09:42 +02:00

Fix flash message clearing

- Fix token emailing bug with confirm (l2base64)
This commit is contained in:
Kris Runzer 2015-02-26 22:01:53 -08:00
parent bfa4c38da5
commit c8e2058440
6 changed files with 56 additions and 8 deletions

View File

@ -52,3 +52,25 @@ type CookieStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
// It should be a secure storage of the session. This means if it represents a cookie-based session // It should be a secure storage of the session. This means if it represents a cookie-based session
// storage these cookies should be signed in order to prevent tampering, or they should be encrypted. // storage these cookies should be signed in order to prevent tampering, or they should be encrypted.
type SessionStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer type SessionStoreMaker func(http.ResponseWriter, *http.Request) ClientStorer
// FlashSuccess returns FlashSuccessKey from the session and removes it.
func FlashSuccess(w http.ResponseWriter, r *http.Request) string {
storer := Cfg.SessionStoreMaker(w, r)
msg, ok := storer.Get(FlashSuccessKey)
if ok {
storer.Del(FlashSuccessKey)
}
return msg
}
// FlashError returns FlashError from the session and removes it.
func FlashError(w http.ResponseWriter, r *http.Request) string {
storer := Cfg.SessionStoreMaker(w, r)
msg, ok := storer.Get(FlashErrorKey)
if ok {
storer.Del(FlashErrorKey)
}
return msg
}

View File

@ -1,6 +1,9 @@
package authboss package authboss
import "testing" import (
"net/http"
"testing"
)
type testClientStorerErr string type testClientStorerErr string
@ -25,3 +28,25 @@ func TestClientStorerErr(t *testing.T) {
t.Error("Wrong value:", str) t.Error("Wrong value:", str)
} }
} }
func TestFlashClearer(t *testing.T) {
session := mockClientStore{FlashSuccessKey: "success", FlashErrorKey: "error"}
Cfg.SessionStoreMaker = func(w http.ResponseWriter, r *http.Request) ClientStorer {
return session
}
if msg := FlashSuccess(nil, nil); msg != "success" {
t.Error("Unexpected flash success:", msg)
}
if msg, ok := session.Get(FlashSuccessKey); ok {
t.Error("Unexpected success flash:", msg)
}
if msg := FlashError(nil, nil); msg != "error" {
t.Error("Unexpected flash error:", msg)
}
if msg, ok := session.Get(FlashErrorKey); ok {
t.Error("Unexpected error flash:", msg)
}
}

View File

@ -20,7 +20,7 @@ type Config struct {
MountPath string MountPath string
// ViewsPath is the path to search for overridden templates. // ViewsPath is the path to search for overridden templates.
ViewsPath string ViewsPath string
// HostName is the host of the web application (eg https://www.happiness.com:8080) for e-mail url generation. // HostName is the host of the web application (eg https://www.happiness.com:8080) for e-mail url generation. No trailing slash.
HostName string HostName string
// BCryptCost is the cost of the bcrypt password hashing function. // BCryptCost is the cost of the bcrypt password hashing function.
BCryptCost int BCryptCost int

View File

@ -9,6 +9,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"path"
"gopkg.in/authboss.v0" "gopkg.in/authboss.v0"
"gopkg.in/authboss.v0/internal/render" "gopkg.in/authboss.v0/internal/render"
@ -116,7 +117,7 @@ func (c *Confirm) AfterRegister(ctx *authboss.Context) error {
return err return err
} }
goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(sum[:])) goConfirmEmail(c, email, base64.URLEncoding.EncodeToString(token))
return nil return nil
} }
@ -127,7 +128,8 @@ var goConfirmEmail = func(c *Confirm, to, token string) {
// confirmEmail sends a confirmation e-mail. // confirmEmail sends a confirmation e-mail.
func (c *Confirm) confirmEmail(to, token string) { func (c *Confirm) confirmEmail(to, token string) {
url := fmt.Sprintf("%s/confirm?%s=%s", authboss.Cfg.HostName, url.QueryEscape(FormValueConfirm), url.QueryEscape(token)) p := path.Join(authboss.Cfg.MountPath, "confirm")
url := fmt.Sprintf("%s%s?%s=%s", authboss.Cfg.HostName, p, url.QueryEscape(FormValueConfirm), url.QueryEscape(token))
email := authboss.Email{ email := authboss.Email{
To: []string{to}, To: []string{to},
@ -169,7 +171,7 @@ func (c *Confirm) confirmHandler(ctx *authboss.Context, w http.ResponseWriter, r
ctx.User[StoreConfirmToken] = "" ctx.User[StoreConfirmToken] = ""
ctx.User[StoreConfirmed] = true ctx.User[StoreConfirmed] = true
key, err := ctx.User.StringErr(authboss.StoreUsername) key, err := ctx.User.StringErr(authboss.Cfg.PrimaryID)
if err != nil { if err != nil {
return err return err
} }

View File

@ -121,7 +121,7 @@ func login_html_tpl() (*asset, error) {
return a, nil return a, nil
} }
var _recover_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xb4\x53\xb1\x6e\xe3\x30\x0c\xdd\xf3\x15\x84\x90\x5b\xed\xfd\x60\x6b\xc9\xdd\x70\xcb\x5d\x70\x0d\xba\x16\x8a\x45\xc7\x42\x65\xc9\xa0\xe9\x34\x81\xaa\x7f\xaf\x15\xa7\x41\xdc\x02\x09\x3a\xd4\x8b\x45\xf1\xf1\x91\xef\x81\x2a\x6a\x4f\x2d\xa8\x8a\x8d\x77\xa5\x08\xa1\xf5\x83\xe3\x4e\x71\x83\x1a\x04\x61\xe5\xf7\x48\x22\x46\x01\x2d\x72\xe3\x75\x29\xd6\xff\x1e\x36\x42\x2e\x60\xfc\x42\x78\x31\xdc\x40\x56\x5b\xd5\x37\xbf\x89\x3c\xc5\x18\x42\x16\x63\xb1\x25\xc8\x65\x08\xe8\x74\x8c\x27\x68\x61\x5c\x37\x30\xf0\xb1\xc3\x52\x30\x1e\x58\x80\x53\x2d\xa6\x8e\x59\x47\xa6\x55\x74\xfc\xf3\x2b\xb5\xe9\xac\xaa\xb0\xf1\x56\x23\xa5\x24\x1b\xb6\x08\x73\xc8\x5e\xd9\xe1\x43\xe5\x63\xba\x4a\xb9\x5c\x4e\xbd\xcf\xf3\x2d\x3b\xa3\xe1\x67\x39\x23\x78\x9f\x1a\x89\xfa\x4b\xb4\x1c\x23\x6b\x7a\x4e\x60\xe3\x34\x1e\x20\x83\x54\x9c\x00\xa4\xdc\x0e\x2f\x88\x51\x5d\xdf\x29\x27\x27\xa1\xf9\xe9\x3c\xd3\x3b\xff\xdd\x56\x5f\x79\x57\x1b\x6a\x9f\x6e\xba\xb0\x9a\x40\x70\xcf\x8d\x33\xd9\xfa\xae\x29\xd5\x27\x57\xe0\x15\xc6\xb3\xe3\x1a\x2e\x23\xfd\xe8\xc5\x57\xbc\xaa\xbe\xc7\xac\xc6\x68\x8d\xee\x6a\x59\x0e\x3d\xd5\x7f\xc7\x60\x2e\x3d\xdd\x6e\xfc\x33\xba\x49\xee\xc4\xb3\x1d\x98\xbd\x3b\x13\xf5\xc3\xb6\x35\x2c\xe4\xff\x69\xa5\x8b\x7c\xca\x5e\x3b\x53\x28\x68\x08\xeb\x52\xe4\xd6\xef\x8c\x13\x72\xa5\x5c\x85\xb6\xc8\x95\x5c\x14\x79\x7a\x27\xf2\x2d\x00\x00\xff\xff\x3b\x0a\x54\x8b\x2e\x03\x00\x00") var _recover_html_tpl = []byte("\x1f\x8b\x08\x00\x00\x09\x6e\x88\x00\xff\xb4\x52\x4d\x6f\xe2\x30\x10\xbd\xf3\x2b\x46\x16\x7b\x25\xf7\x95\x93\x0b\x7b\xd9\x4b\x8b\x5a\xd4\x6b\x65\x92\x09\xb1\x6a\x8f\x2d\x67\x42\x41\x6e\xfe\x7b\x6d\x82\x10\xb4\x12\xa8\x87\xe6\x90\xcc\xc7\x7b\x6f\x32\x4f\x23\x5b\x17\x2c\xa8\x9a\xb5\xa3\x52\xc4\x68\xdd\x40\xec\x15\x77\xd8\x80\x08\x58\xbb\x1d\x06\x31\x8e\x02\x2c\x72\xe7\x9a\x52\xac\x1e\x9f\xd7\xa2\x9a\x41\x7a\xa4\x26\x3f\x30\xf0\xc1\x63\x29\x18\xf7\x2c\x80\x94\xc5\x2c\xb3\xf0\x41\x5b\x15\x0e\xff\xff\x65\xae\x37\xaa\xc6\xce\x99\x06\x43\x6e\xb2\x66\x83\x70\x0d\xd9\x29\x33\x7c\x61\xbe\xe4\x52\xee\x15\x95\xdc\x84\xf4\x3e\x0e\x8d\x71\xee\x75\x03\x7f\xcb\x2b\x81\x18\xdf\x35\x77\xb0\xc0\x10\xfa\x73\x36\x4f\x99\xd1\x3d\x67\xb0\xa6\x06\xf7\xb0\x80\x4c\xce\x80\xa0\x68\x8b\x67\xc4\x38\xca\xde\x2b\xaa\xd2\xf8\x14\x16\xc7\x78\x9a\x19\x23\xd2\x91\x70\xf9\xb9\xbd\x7d\xed\xa8\xd5\xc1\xbe\xde\x74\x61\x39\x81\xe0\x9e\x1b\x27\xb1\xd5\x5d\x53\xea\x6f\xae\xc0\x07\xa4\x98\xb8\x85\xf3\x2f\xfd\xe9\xc5\x4f\xbc\xaa\x7f\xc7\xac\x4e\x37\x0d\xd2\xc5\xb1\xec\xfb\xd0\x3e\xa4\xe4\x7a\xf5\x5c\x5d\xbb\x37\xa4\x69\xdd\x49\x67\x33\x30\x3b\x3a\x09\xf5\xc3\xc6\x6a\x16\xd5\xd3\x74\xa7\xb2\x98\xba\x97\xce\x48\x05\x5d\xc0\xb6\x14\x85\x71\x5b\x4d\xa2\x5a\x2a\xaa\xd1\xc8\x42\x55\x33\x59\xe4\xe3\xaf\x3e\x03\x00\x00\xff\xff\xa8\x01\x1f\xc8\x03\x03\x00\x00")
func recover_html_tpl_bytes() ([]byte, error) { func recover_html_tpl_bytes() ([]byte, error) {
return bindata_read( return bindata_read(
@ -136,7 +136,7 @@ func recover_html_tpl() (*asset, error) {
return nil, err return nil, err
} }
info := bindata_file_info{name: "recover.html.tpl", size: 814, mode: os.FileMode(438), modTime: time.Unix(1424982621, 0)} info := bindata_file_info{name: "recover.html.tpl", size: 771, mode: os.FileMode(438), modTime: time.Unix(1425014937, 0)}
a := &asset{bytes: bytes, info: info} a := &asset{bytes: bytes, info: info}
return a, nil return a, nil
} }

View File

@ -1,5 +1,4 @@
<form action="{{mountpathed "recover"}}" method="POST"> <form action="{{mountpathed "recover"}}" method="POST">
{{with .flashError}}{{.}}<br />{{end}}
<input type="text" name="{{.primaryID}}" placeholder="{{title .primaryID}}" value="{{.primaryIDValue}}" /><br /> <input type="text" name="{{.primaryID}}" placeholder="{{title .primaryID}}" value="{{.primaryIDValue}}" /><br />
{{$pid := .primaryID}}{{with .errs}}{{with $errlist := index . $pid}}{{range $errlist}}<span>{{.}}</span><br />{{end}}{{end}}{{end}} {{$pid := .primaryID}}{{with .errs}}{{with $errlist := index . $pid}}{{range $errlist}}<span>{{.}}</span><br />{{end}}{{end}}{{end}}
<input type="text" name="confirm_{{.primaryID}}" placeholder="Confirm {{title .primaryID}}" value="{{.confirmPrimaryIDValue}}" /><br /> <input type="text" name="confirm_{{.primaryID}}" placeholder="Confirm {{title .primaryID}}" value="{{.confirmPrimaryIDValue}}" /><br />