Beispiel #1
0
func (UserResourceHooks) Methods(res kit.Resource) []kit.Method {
	sendConfirmationEmail := &methods.Method{
		Name:     "users.send-confirmation-email",
		Blocking: false,
		Handler: func(registry kit.Registry, r kit.Request, unblock func()) kit.Response {
			user := r.GetUser()
			if user == nil {
				return kit.NewErrorResponse("not_authenticated", "")
			}

			if user.IsEmailConfirmed() {
				return kit.NewErrorResponse("email_already_confirmed", "The users email address is already confirmed")
			}

			err := registry.UserService().SendConfirmationEmail(user)
			if err != nil {
				return kit.NewErrorResponse("confirm_failed", "Could not confirm email")
			}

			return &kit.AppResponse{
				Data: map[string]interface{}{"success": true},
			}
		},
	}

	confirmEmail := &methods.Method{
		Name:     "users.confirm-email",
		Blocking: false,
		Handler: func(registry kit.Registry, r kit.Request, unblock func()) kit.Response {
			data, ok := r.GetData().(map[string]interface{})
			if !ok {
				return kit.NewErrorResponse("invalid_data", "Expected data dict with 'token' key")
			}
			token, ok := data["token"].(string)
			if !ok {
				return kit.NewErrorResponse("invalid_data", "Expected 'token' string key in data")
			}
			if token == "" {
				return kit.NewErrorResponse("empty_token", "")
			}

			_, err := registry.UserService().ConfirmEmail(token)
			if err != nil {
				return kit.NewErrorResponse("confirm_failed", "Could not confirm email")
			}

			return &kit.AppResponse{
				Data: map[string]interface{}{"success": true},
			}
		},
	}

	requestPwReset := &methods.Method{
		Name:     "users.request-password-reset",
		Blocking: false,
		Handler: func(registry kit.Registry, r kit.Request, unblock func()) kit.Response {
			data, ok := r.GetData().(map[string]interface{})
			if !ok {
				return kit.NewErrorResponse("invalid_data", "Expected data dict with 'user' key", true)
			}

			userIdentifier, ok := data["user"].(string)
			if !ok {
				return kit.NewErrorResponse("invalid_data", "Expected data dict with 'user' string key", true)
			}

			rawUser, err := res.Q().Filter("email", userIdentifier).Or("username", userIdentifier).First()
			if err != nil {
				return kit.NewErrorResponse(err)
			}
			if rawUser == nil {
				return kit.NewErrorResponse("unknown_user", fmt.Sprintf("The user %v does not exist", userIdentifier), true)
			}

			user := rawUser.(kit.User)

			err = registry.UserService().SendPasswordResetEmail(user)
			if err != nil {
				registry.Logger().Errorf("Could not send password reset email for user %v: %v", user, err)
				return kit.NewErrorResponse("reset_email_send_failed", "Could not send the reset password mail.", true)
			}

			return &kit.AppResponse{
				Data: map[string]interface{}{"success": true},
			}
		},
	}

	pwReset := &methods.Method{
		Name:     "users.password-reset",
		Blocking: false,
		Handler: func(registry kit.Registry, r kit.Request, unblock func()) kit.Response {
			// Verify that token is in data.
			data, ok := r.GetData().(map[string]interface{})
			if !ok {
				return kit.NewErrorResponse("invalid_data", "Expected 'token' key in data", true)
			}
			token, ok := data["token"].(string)
			if !ok {
				return kit.NewErrorResponse("invalid_data", "Expected 'token' string key in data", true)
			}
			if token == "" {
				return kit.NewErrorResponse("empty_token", "", true)
			}

			// Verify that password is in data.
			newPw, ok := data["password"].(string)
			if !ok {
				return kit.NewErrorResponse("invalid_passord", "Expected 'password' string key in data", true)
			}
			if newPw == "" {
				return kit.NewErrorResponse("empty_password", "Password may not be empty", true)
			}

			user, err := registry.UserService().ResetPassword(token, newPw)
			if err != nil {
				if err.IsPublic() {
					return kit.NewErrorResponse(err)
				} else {
					return kit.NewErrorResponse("password_reset_failed", "Could not reset the password.", true)
				}
			}

			return &kit.AppResponse{
				Data: map[string]interface{}{
					"success":   true,
					"userId":    user.GetId(),
					"userEmail": user.GetEmail(),
				},
			}
		},
	}

	changePassword := &methods.Method{
		Name:     "users.change-password",
		Blocking: false,
		Handler: func(registry kit.Registry, r kit.Request, unblock func()) kit.Response {
			// Get userId and password from request.
			userId := utils.GetMapStringKey(r.GetData(), "userId")
			if userId == "" {
				return kit.NewErrorResponse("no_userid", "Expected userId key in data", true)
			}
			password := utils.GetMapStringKey(r.GetData(), "password")
			if password == "" {
				return kit.NewErrorResponse("no_password", "Expected password key in data", true)
			}

			// Permission check.
			user := r.GetUser()
			if user == nil {
				return kit.NewErrorResponse("permission_denied", true)
			}

			// Users can only change their own password, unless they are admins.
			if userId != user.GetStrId() {
				if !(user.HasRole("admin") || user.HasPermission("users.change_passwords")) {
					return kit.NewErrorResponse("permission_denied", true)
				}
			}

			// User has the right permissions.
			userService := registry.UserService()

			// Find the user.
			rawUser, err := userService.UserResource().FindOne(userId)
			if err != nil {
				return kit.NewErrorResponse("db_error", true, err)
			}
			if rawUser == nil {
				return kit.NewErrorResponse("user_does_not_exist", true)
			}

			targetUser := rawUser.(kit.User)

			if err := userService.ChangePassword(targetUser, password); err != nil {
				return kit.NewErrorResponse(err)
			}

			// Everything worked fine.
			return &kit.AppResponse{
				Data: map[string]interface{}{"success": true},
			}
		},
	}

	return []kit.Method{
		AuthenticateMethod,
		ResumeSessionMethod,
		UnAuthenticateMethod,

		sendConfirmationEmail,
		confirmEmail,
		requestPwReset,
		pwReset, changePassword,
	}
}