diff options
Diffstat (limited to 'api4/user.go')
| -rw-r--r-- | api4/user.go | 55 |
1 files changed, 23 insertions, 32 deletions
diff --git a/api4/user.go b/api4/user.go index 1d117ce07..18e549a64 100644 --- a/api4/user.go +++ b/api4/user.go @@ -768,23 +768,23 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) - code := props["code"] - if len(code) != model.PASSWORD_RECOVERY_CODE_SIZE { - c.SetInvalidParam("code") + token := props["token"] + if len(token) != model.TOKEN_SIZE { + c.SetInvalidParam("token") return } newPassword := props["new_password"] - c.LogAudit("attempt - code=" + code) + c.LogAudit("attempt - token=" + token) - if err := app.ResetPasswordFromCode(code, newPassword); err != nil { - c.LogAudit("fail - code=" + code) + if err := app.ResetPasswordFromToken(token, newPassword); err != nil { + c.LogAudit("fail - token=" + token) c.Err = err return } - c.LogAudit("success - code=" + code) + c.LogAudit("success - token=" + token) ReturnStatusOK(w) } @@ -985,32 +985,21 @@ func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { func verifyUserEmail(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) - userId := props["user_id"] - if len(userId) != 26 { - c.SetInvalidParam("user_id") + token := props["token"] + if len(token) != model.TOKEN_SIZE { + c.SetInvalidParam("token") return } - hashedId := props["hash_id"] - if len(hashedId) == 0 { - c.SetInvalidParam("hash_id") + if err := app.VerifyEmailFromToken(token); err != nil { + c.Err = model.NewLocAppError("verifyUserEmail", "api.user.verify_email.bad_link.app_error", nil, err.Error()) + c.Err.StatusCode = http.StatusBadRequest + return + } else { + c.LogAudit("Email Verified") + ReturnStatusOK(w) return } - - hashed := model.HashPassword(hashedId) - if model.ComparePassword(hashed, userId+utils.Cfg.EmailSettings.InviteSalt) { - if c.Err = app.VerifyUserEmail(userId); c.Err != nil { - return - } else { - c.LogAudit("Email Verified") - ReturnStatusOK(w) - return - } - } - - c.Err = model.NewLocAppError("verifyUserEmail", "api.user.verify_email.bad_link.app_error", nil, "") - c.Err.StatusCode = http.StatusBadRequest - return } func sendVerificationEmail(c *Context, w http.ResponseWriter, r *http.Request) { @@ -1029,10 +1018,12 @@ func sendVerificationEmail(c *Context, w http.ResponseWriter, r *http.Request) { return } - if _, err := app.GetStatus(user.Id); err != nil { - go app.SendVerifyEmail(user.Id, user.Email, user.Locale, utils.GetSiteURL()) - } else { - go app.SendEmailChangeVerifyEmail(user.Id, user.Email, user.Locale, utils.GetSiteURL()) + app.SendEmailVerification(user) + if err != nil { + // Don't want to leak whether the email is valid or not + l4g.Error("Unable to create email verification token: " + err.Error()) + ReturnStatusOK(w) + return } ReturnStatusOK(w) |