Example #1
0
// Redirect to a given URL with the given status code, such that the user agent
// can eventually be redirected back to the current URL, unless a return URL
// has already been provided in the current request, in which case that return
// URL is used.
func RedirectWithReturn(req *http.Request, statusCode int, targetURL string) {
	ak := opts.VariantSecretKey("redirect")
	ustr := req.URL.String()

	r, rac := req.FormValue("r"), req.FormValue("rac")
	if r == "" || !webac.VerifyFor("redirect/"+r, rac, ak) {
		r = ustr
		rac = webac.NewFor("redirect/"+r, ak)
	}

	tgt, err := req.URL.Parse(targetURL)
	if err == nil {
		q := tgt.Query()
		q.Set("r", r)
		q.Set("rac", rac)
		tgt.RawQuery = q.Encode()
		targetURL = tgt.String()
	}

	miscctx.RedirectTo(req, statusCode, targetURL)
}
Example #2
0
func sendVerificationEmail(email string, ak []byte, reset bool) error {
	rstr := "0"
	if reset {
		rstr = "1"
	}
	verifyAC := webac.NewFor("verify-email/"+rstr+"/"+email, ak)
	subject := "Violations DB: verify your e. mail address"

	url := opts.BaseURL + "/auth/verify?" + url.Values{
		"e":  []string{email},
		"ac": []string{verifyAC},
		"r":  []string{rstr},
	}.Encode()

	escapedURL := html.EscapeString(url)

	body := `Greetings.

You, or someone else, has created a Violations DB account with this e. mail address.

If you requested this, please verify your e. mail address by following the following link:

  <` + url + `#>

If you did not request this message, please ignore it.
`
	htmlBody := `<p>Greetings.</p>

<p>You, or someone else, has created a Violations DB account with this e. mail address.</p>

<p>If you requested this, please <a href="` + escapedURL + `">click here to verify your e. mail address</a>.</p>

<p>If you did not request this message, please ignore it.</p>
`

	if reset {
		subject = "Violations DB: password recovery request"
		body = `Greetings.

You, or someone else, has requested password recovery for an account registered
to this e. mail address.

To reset the password for this account, please visit the following URL:

  <` + url + `#>

If you did not request this message, please ignore it.
`

		htmlBody = `<p>Greetings.</p>

<p>You, or someone else, has requested password recovery for an account registered to this e. mail address.</p>

<p><a href="` + escapedURL + `">Please click here to reset the password for this account.</a></p>

<p>If you did not request this message, please ignore it.</p>
`
	}

	return sendHTMLEmail(email, subject, body, htmlBody)
}