diff options
| author | Christopher Speller <crspeller@gmail.com> | 2017-04-27 10:55:03 -0400 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2017-04-27 10:55:03 -0400 |
| commit | 9a87bb3af68216b53ee8f89d6604c715c7b85b2d (patch) | |
| tree | 8c06aed890f388b228f3aefb8e398309bc73c0b9 /api/user.go | |
| parent | 0e007e344bf10993529711f14c4168365c3504c3 (diff) | |
| download | chat-9a87bb3af68216b53ee8f89d6604c715c7b85b2d.tar.gz chat-9a87bb3af68216b53ee8f89d6604c715c7b85b2d.tar.bz2 chat-9a87bb3af68216b53ee8f89d6604c715c7b85b2d.zip | |
Creating common token store and moving email invites and verification to it (#6213)
Diffstat (limited to 'api/user.go')
| -rw-r--r-- | api/user.go | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/api/user.go b/api/user.go index 8b32dff36..eb249cb39 100644 --- a/api/user.go +++ b/api/user.go @@ -34,8 +34,8 @@ func InitUser() { BaseRoutes.Users.Handle("/logout", ApiAppHandler(logout)).Methods("POST") BaseRoutes.Users.Handle("/revoke_session", ApiUserRequired(revokeSession)).Methods("POST") BaseRoutes.Users.Handle("/attach_device", ApiUserRequired(attachDeviceId)).Methods("POST") - BaseRoutes.Users.Handle("/verify_email", ApiAppHandler(verifyEmail)).Methods("POST") - BaseRoutes.Users.Handle("/resend_verification", ApiAppHandler(resendVerification)).Methods("POST") + //DEPRICATED FOR SECURITY USE APIV4 BaseRoutes.Users.Handle("/verify_email", ApiAppHandler(verifyEmail)).Methods("POST") + //DEPRICATED FOR SECURITY USE APIV4 BaseRoutes.Users.Handle("/resend_verification", ApiAppHandler(resendVerification)).Methods("POST") BaseRoutes.Users.Handle("/newimage", ApiUserRequired(uploadProfileImage)).Methods("POST") BaseRoutes.Users.Handle("/me", ApiUserRequired(getMe)).Methods("GET") BaseRoutes.Users.Handle("/initial_load", ApiAppHandler(getInitialLoad)).Methods("GET") @@ -767,22 +767,22 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) code := props["code"] - if len(code) != model.PASSWORD_RECOVERY_CODE_SIZE { + if len(code) != model.TOKEN_SIZE { c.SetInvalidParam("resetPassword", "code") return } newPassword := props["new_password"] - c.LogAudit("attempt - code=" + code) + c.LogAudit("attempt - token=" + code) - if err := app.ResetPasswordFromCode(code, newPassword); err != nil { - c.LogAudit("fail - code=" + code) + if err := app.ResetPasswordFromToken(code, newPassword); err != nil { + c.LogAudit("fail - token=" + code) c.Err = err return } - c.LogAudit("success - code=" + code) + c.LogAudit("success - token=" + code) rdata := map[string]string{} rdata["status"] = "ok" @@ -992,6 +992,7 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link}))) } +/* Disabling for security reasons. Use apiv4 func verifyEmail(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) @@ -1039,7 +1040,7 @@ func resendVerification(c *Context, w http.ResponseWriter, r *http.Request) { go app.SendEmailChangeVerifyEmail(user.Id, user.Email, user.Locale, utils.GetSiteURL()) } } -} +}*/ func generateMfaSecret(c *Context, w http.ResponseWriter, r *http.Request) { secret, err := app.GenerateMfaSecret(c.Session.UserId) |