Beispiel #1
0
func (s *Server) handlePrefsVerifyPost(w http.ResponseWriter, r *http.Request) {
	reply := func(err error, status int) {
		data := struct {
			Error string `json:"error,omitempty"`
		}{}
		if err != nil {
			data.Error = err.Error()
		}
		w.WriteHeader(status)
		w.Header().Set("Content-Type", "application/json")
		json.NewEncoder(w).Encode(data)
	}

	var req struct {
		Confirmation string `json:"confirmation"`
		Email        string `json:"email"`
	}
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
		reply(err, http.StatusBadRequest)
		return
	}

	email := req.Email
	token, err := hex.DecodeString(req.Confirmation)
	if err != nil {
		reply(err, http.StatusBadRequest)
		return
	}
	if email == "" || len(token) == 0 {
		reply(fmt.Errorf("missing parameters"), http.StatusBadRequest)
		return
	}

	ctx := s.rootCtx.Fork()
	account, err := s.b.AccountManager().Resolve(ctx, "email", email)
	if err != nil {
		status := http.StatusInternalServerError
		if err == proto.ErrAccountNotFound {
			status = http.StatusNotFound
		}
		reply(err, status)
		return
	}

	if err := proto.CheckEmailVerificationToken(s.kms, account, email, token); err != nil {
		status := http.StatusInternalServerError
		if err == proto.ErrInvalidVerificationToken {
			status = http.StatusForbidden
		}
		reply(err, status)
		return
	}

	if err := s.b.AccountManager().VerifyPersonalIdentity(ctx, "email", email); err != nil {
		reply(err, http.StatusInternalServerError)
		return
	}

	reply(nil, http.StatusOK)
}
Beispiel #2
0
func (s *Server) handlePrefsVerify(w http.ResponseWriter, r *http.Request) {
	if err := r.ParseForm(); err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	email := r.Form.Get("email")
	token, err := hex.DecodeString(r.Form.Get("token"))
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
	if email == "" || len(token) == 0 {
		http.Error(w, "missing parameters", http.StatusBadRequest)
		return
	}

	ctx := s.rootCtx.Fork()
	account, err := s.b.AccountManager().Resolve(ctx, "email", email)
	if err != nil {
		status := http.StatusInternalServerError
		if err == proto.ErrAccountNotFound {
			status = http.StatusNotFound
		}
		http.Error(w, err.Error(), status)
		return
	}

	if err := proto.CheckEmailVerificationToken(s.kms, account, email, token); err != nil {
		status := http.StatusInternalServerError
		if err == proto.ErrInvalidVerificationToken {
			status = http.StatusForbidden
		}
		http.Error(w, err.Error(), status)
		return
	}

	if err := s.b.AccountManager().VerifyPersonalIdentity(ctx, "email", email); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// TODO: serve success template
	w.Header().Set("Content-Type", "text/plain")
	w.Write([]byte("ok"))
}