From 817fa66ac4db9522488c1760417ca57cb1b56c20 Mon Sep 17 00:00:00 2001 From: Reed Garmsen Date: Mon, 5 Oct 2015 14:18:05 -0700 Subject: Added better verification when a user changes his or her email --- api/user.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'api/user.go') diff --git a/api/user.go b/api/user.go index 2d7dd9ab1..4baf4f81f 100644 --- a/api/user.go +++ b/api/user.go @@ -888,6 +888,10 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } else { team := tresult.Data.(*model.Team) fireAndForgetEmailChangeEmail(rusers[1].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) + + if utils.Cfg.EmailSettings.RequireEmailVerification { + fireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + } } } @@ -1340,6 +1344,25 @@ func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL stri }() } +func fireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDisplayName, siteURL, teamURL string) { + go func() { + + link := fmt.Sprintf("%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s", siteURL, userId, model.HashPassword(userId), teamName, newUserEmail) + + subjectPage := NewServerTemplatePage("email_change_verify_subject") + subjectPage.Props["SiteURL"] = siteURL + subjectPage.Props["TeamDisplayName"] = teamDisplayName + bodyPage := NewServerTemplatePage("email_change_verify_body") + bodyPage.Props["SiteURL"] = siteURL + bodyPage.Props["TeamDisplayName"] = teamDisplayName + bodyPage.Props["VerifyUrl"] = link + + if err := utils.SendMail(newUserEmail, subjectPage.Render(), bodyPage.Render()); err != nil { + l4g.Error("Failed to send verification email successfully err=%v", err) + } + }() +} + func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) -- cgit v1.2.3-1-g7c22 From f85dc7f575a9aad45d7914279300a22e9a6fae8a Mon Sep 17 00:00:00 2001 From: Reed Garmsen Date: Mon, 5 Oct 2015 14:54:15 -0700 Subject: Resending the verification email now sends the appropriate version of the email depending on whether it's a change or first signup --- api/user.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'api/user.go') diff --git a/api/user.go b/api/user.go index 4baf4f81f..13292c434 100644 --- a/api/user.go +++ b/api/user.go @@ -890,7 +890,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { fireAndForgetEmailChangeEmail(rusers[1].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) if utils.Cfg.EmailSettings.RequireEmailVerification { - fireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + FireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) } } } @@ -1344,7 +1344,7 @@ func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL stri }() } -func fireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDisplayName, siteURL, teamURL string) { +func FireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDisplayName, siteURL, teamURL string) { go func() { link := fmt.Sprintf("%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s", siteURL, userId, model.HashPassword(userId), teamName, newUserEmail) -- cgit v1.2.3-1-g7c22 From c84fe62ca199485dccefc37e00ca2bef45d47c6d Mon Sep 17 00:00:00 2001 From: Reed Garmsen Date: Tue, 6 Oct 2015 08:58:31 -0700 Subject: Added new email to email change notification --- api/user.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'api/user.go') diff --git a/api/user.go b/api/user.go index 13292c434..4d12f0f33 100644 --- a/api/user.go +++ b/api/user.go @@ -887,7 +887,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { l4g.Error(tresult.Err.Message) } else { team := tresult.Data.(*model.Team) - fireAndForgetEmailChangeEmail(rusers[1].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) + fireAndForgetEmailChangeEmail(rusers[1].Email, rusers[0].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) if utils.Cfg.EmailSettings.RequireEmailVerification { FireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) @@ -1326,7 +1326,7 @@ func fireAndForgetPasswordChangeEmail(email, teamDisplayName, teamURL, siteURL, }() } -func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL string) { +func fireAndForgetEmailChangeEmail(oldEmail, newEmail, teamDisplayName, teamURL, siteURL string) { go func() { subjectPage := NewServerTemplatePage("email_change_subject") @@ -1336,9 +1336,10 @@ func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL stri bodyPage.Props["SiteURL"] = siteURL bodyPage.Props["TeamDisplayName"] = teamDisplayName bodyPage.Props["TeamURL"] = teamURL + bodyPage.Props["NewEmail"] = newEmail - if err := utils.SendMail(email, subjectPage.Render(), bodyPage.Render()); err != nil { - l4g.Error("Failed to send update password email successfully err=%v", err) + if err := utils.SendMail(oldEmail, subjectPage.Render(), bodyPage.Render()); err != nil { + l4g.Error("Failed to send email change notification email successfully err=%v", err) } }() @@ -1358,7 +1359,7 @@ func FireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDis bodyPage.Props["VerifyUrl"] = link if err := utils.SendMail(newUserEmail, subjectPage.Render(), bodyPage.Render()); err != nil { - l4g.Error("Failed to send verification email successfully err=%v", err) + l4g.Error("Failed to send email change verification email successfully err=%v", err) } }() } -- cgit v1.2.3-1-g7c22