Beispiel #1
0
func UserInvite(w http.ResponseWriter, r *http.Request) error {
	// generate the password reset token
	email := r.FormValue("email")
	token := authcookie.New(email, time.Now().Add(12*time.Hour), secret)

	// get settings
	hostname := database.SettingsMust().URL().String()
	emailEnabled := database.SettingsMust().SmtpServer != ""

	if !emailEnabled {
		// Email is not enabled, so must let the user know the signup link
		link := fmt.Sprintf("%v/register?token=%v", hostname, token)
		return RenderText(w, link, http.StatusOK)
	}

	// send data to template
	data := struct {
		Host  string
		Email string
		Token string
	}{hostname, email, token}

	// send the email message async
	go mail.SendActivation(email, data)

	return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}
Beispiel #2
0
func SignUpPost(w http.ResponseWriter, r *http.Request) error {
	// if self-registration is disabled we should display an
	// error message to the user.
	if !database.SettingsMust().OpenInvitations {
		http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
		return nil
	}

	// generate the password reset token
	email := r.FormValue("email")
	token := authcookie.New(email, time.Now().Add(12*time.Hour), secret)

	// get the hostname from the database for use in the email
	hostname := database.SettingsMust().URL().String()

	// data used to generate the email template
	data := struct {
		Host  string
		Email string
		Token string
	}{hostname, email, token}

	// send the email message async
	go mail.SendActivation(email, data)

	return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}
Beispiel #3
0
func setcookie(q *Context) {
	if q.auth {
		exp := time.Now().AddDate(0, 0, 14)
		au := authcookie.New(q.sec+"|"+q.user, exp, []byte(getRemote(q)+Cfg.Secret))
		http.SetCookie(q.w, &http.Cookie{Name: "paqu-auth", Value: au, Path: cookiepath, Expires: exp})
	}
}
Beispiel #4
0
// SetCookie signs and writes the cookie value.
func SetCookie(w http.ResponseWriter, r *http.Request, name, value string) {
	sec := IsHttps(r)
	str := authcookie.New(value, time.Now().Add(time.Hour*24), secret)
	cookie := http.Cookie{
		Name:     name,
		Value:    str,
		Path:     "/",
		Domain:   r.URL.Host,
		HttpOnly: true,
		Secure:   sec,
	}

	http.SetCookie(w, &cookie)
}
Beispiel #5
0
// SetUserCookieOpts creates a secure cookie for the given User and with the
// specified cookie options.
func SetUserCookieOpts(w http.ResponseWriter, cookie *http.Cookie, user User) {

	// default cookie expiration
	exp := time.Now().Add(Config.CookieExp)

	// generate cookie valid for 24 hours for user
	// the strings are quoted to ensure they aren't tampered with
	// TODO explore storing string as a URL Parameter String
	userStr := fmt.Sprintf("%q|%q|%q|%q|%q|%q|%q",
		user.Id(), user.Provider(), user.Name(),
		user.Email(), user.Link(), user.Picture(),
		user.Org())

	// set the cookie's value
	cookie.Value = authcookie.New(userStr, exp, Config.CookieSecret)

	// set the cookie
	http.SetCookie(w, cookie)
}
Beispiel #6
0
// SetUserCookie creates a secure cookie for the given username, indicating the
// user is authenticated.
func SetUserCookie(w http.ResponseWriter, r *http.Request, user string) {

	// cookie expires in 2 weeks
	exp := time.Now().Add(Config.CookieExp)

	// generate cookie valid for 24 hours for user
	value := authcookie.New(user, exp, Config.CookieSecret)

	cookie := http.Cookie{
		Name:   Config.CookieName,
		Value:  value,
		Path:   "/",
		Domain: r.URL.Host,
	}

	// if not a session cookie
	if Config.CookieMaxAge > 0 {
		cookie.Expires = exp
		cookie.MaxAge = Config.CookieMaxAge
	}

	http.SetCookie(w, &cookie)
}
Beispiel #7
0
// Invite a new Team Member.
func TeamMemberInvite(w http.ResponseWriter, r *http.Request, u *User) error {
	teamParam := r.FormValue(":team")
	mailParam := r.FormValue("email")
	team, err := database.GetTeamSlug(teamParam)
	if err != nil {
		return RenderError(w, err, http.StatusNotFound)
	}
	if member, _ := database.IsMemberAdmin(u.ID, team.ID); !member {
		return fmt.Errorf("Forbidden")
	}

	// generate a token that is valid for 3 days to join the team
	token := authcookie.New(strconv.Itoa(int(team.ID)), time.Now().Add(72*time.Hour), secret)

	// hostname from settings
	hostname := database.SettingsMust().URL().String()
	emailEnabled := database.SettingsMust().SmtpServer != ""

	if !emailEnabled {
		// Email is not enabled, so must let the user know the signup link
		link := fmt.Sprintf("%v/accept?token=%v", hostname, token)
		return RenderText(w, link, http.StatusOK)
	}

	// send the invitation
	data := struct {
		User  *User
		Team  *Team
		Token string
		Host  string
	}{u, team, token, hostname}

	// send email async
	go mail.SendInvitation(team.Name, mailParam, &data)

	return RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
}