//ConfirmValidation checks if the supplied code matches the username and key
func (service *IYOPhonenumberValidationService) ConfirmValidation(request *http.Request, key, code string) (err error) {
info, err := service.getPhonenumberValidationInformation(request, key)
if err != nil {
return
}
if info == nil {
err = ErrInvalidOrExpiredKey
return
}
if info.SMSCode != code {
err = ErrInvalidCode
return
}
valMngr := validation.NewManager(request)
p := valMngr.NewValidatedPhonenumber(info.Username, info.Phonenumber)
err = valMngr.SaveValidatedPhonenumber(p)
if err != nil {
return
}
err = valMngr.UpdatePhonenumberValidationInformation(key, true)
if err != nil {
return
}
return
}
//ConfirmValidation checks if the supplied code matches the username and key
func (service *IYOEmailAddressValidationService) ConfirmValidation(request *http.Request, key, secret string) (err error) {
info, err := service.getEmailAddressValidationInformation(request, key)
if err != nil {
return
}
if info == nil {
err = ErrInvalidOrExpiredKey
return
}
if info.Secret != secret {
err = ErrInvalidCode
return
}
valMngr := validation.NewManager(request)
p := valMngr.NewValidatedEmailAddress(info.Username, info.EmailAddress)
err = valMngr.SaveValidatedEmailAddress(p)
if err != nil {
return
}
err = valMngr.UpdateEmailAddressValidationInformation(key, true)
if err != nil {
return
}
return
}
func (service *IYOPhonenumberValidationService) getPhonenumberValidationInformation(request *http.Request, key string) (info *validation.PhonenumberValidationInformation, err error) {
if key == "" {
return
}
valMngr := validation.NewManager(request)
info, err = valMngr.GetByKeyPhonenumberValidationInformation(key)
return
}
//ExpireValidation removes a pending validation
func (service *IYOPhonenumberValidationService) ExpireValidation(request *http.Request, key string) (err error) {
if key == "" {
return
}
valMngr := validation.NewManager(request)
err = valMngr.RemovePhonenumberValidationInformation(key)
return
}
func (service *IYOEmailAddressValidationService) getEmailAddressValidationInformation(request *http.Request, key string) (info *validation.EmailAddressValidationInformation, err error) {
if key == "" {
return
}
valMngr := validation.NewManager(request)
info, err = valMngr.GetByKeyEmailAddressValidationInformation(key)
return
}
//ForgotPassword handler for POST /login/forgotpassword
func (service *Service) ForgotPassword(w http.ResponseWriter, request *http.Request) {
// login can be username or email
values := struct {
Login string `json:"login"`
}{}
if err := json.NewDecoder(request.Body).Decode(&values); err != nil {
log.Debug("Error decoding the ForgotPassword request:", err)
http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
return
}
userMgr := user.NewManager(request)
valMgr := validationdb.NewManager(request)
validatedemail, err := valMgr.GetByEmailAddressValidatedEmailAddress(values.Login)
if err != nil && err != mgo.ErrNotFound {
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
var username string
var emails []string
if err != mgo.ErrNotFound {
username = validatedemail.Username
emails = []string{validatedemail.EmailAddress}
} else {
user, err := userMgr.GetByName(values.Login)
if err != nil && err != mgo.ErrNotFound {
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
return
}
username = user.Username
validatedemails, err := valMgr.GetByUsernameValidatedEmailAddress(username)
if validatedemails == nil || len(validatedemails) == 0 {
http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
return
}
if err != nil {
log.Error("Failed to get validated emails address - ", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
emails = make([]string, len(validatedemails))
for idx, validatedemail := range validatedemails {
emails[idx] = validatedemail.EmailAddress
}
}
_, err = service.emailaddressValidationService.RequestPasswordReset(request, username, emails)
if err != nil {
log.Error("Failed to request password reset - ", err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
w.WriteHeader(http.StatusNoContent)
return
}
// GetTwoFactorAuthenticationMethods returns the possible two factor authentication methods the user can use to login with.
func (service *Service) GetTwoFactorAuthenticationMethods(w http.ResponseWriter, request *http.Request) {
loginSession, err := service.GetSession(request, SessionLogin, "loginsession")
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
username, ok := loginSession.Values["username"].(string)
if username == "" || !ok {
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
return
}
userMgr := user.NewManager(request)
userFromDB, err := userMgr.GetByName(username)
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
response := struct {
Totp bool `json:"totp"`
Sms map[string]string `json:"sms"`
}{Sms: make(map[string]string)}
totpMgr := totp.NewManager(request)
response.Totp, err = totpMgr.HasTOTP(username)
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
valMgr := validationdb.NewManager(request)
verifiedPhones, err := valMgr.GetByUsernameValidatedPhonenumbers(username)
if err != nil {
log.Error(err)
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
for _, validatedPhoneNumber := range verifiedPhones {
for _, number := range userFromDB.Phonenumbers {
if number.Phonenumber == string(validatedPhoneNumber.Phonenumber) {
response.Sms[number.Label] = string(validatedPhoneNumber.Phonenumber)
}
}
}
json.NewEncoder(w).Encode(response)
return
}
//RequestValidation validates the phonenumber by sending an SMS
func (service *IYOPhonenumberValidationService) RequestValidation(request *http.Request, username string, phonenumber user.Phonenumber, confirmationurl string) (key string, err error) {
valMngr := validation.NewManager(request)
info, err := valMngr.NewPhonenumberValidationInformation(username, phonenumber)
if err != nil {
return
}
err = valMngr.SavePhonenumberValidationInformation(info)
if err != nil {
return
}
smsmessage := fmt.Sprintf("To verify your phonenumber on itsyou.online enter the code %s in the form or use this link: %s?c=%s&k=%s", info.SMSCode, confirmationurl, info.SMSCode, url.QueryEscape(info.Key))
go service.SMSService.Send(phonenumber.Phonenumber, smsmessage)
key = info.Key
return
}
func SearchUser(r *http.Request, searchString string) (usr *user.User, err1 error) {
userMgr := user.NewManager(r)
usr, err1 = userMgr.GetByName(searchString)
if err1 == mgo.ErrNotFound {
valMgr := validationdb.NewManager(r)
validatedPhonenumber, err2 := valMgr.GetByPhoneNumber(searchString)
if err2 == mgo.ErrNotFound {
validatedEmailAddress, err3 := valMgr.GetByEmailAddress(searchString)
if err3 != nil {
return nil, err3
} else {
return userMgr.GetByName(validatedEmailAddress.Username)
}
} else {
return userMgr.GetByName(validatedPhonenumber.Username)
}
} else {
return usr, err1
}
}
//RequestValidation validates the email address by sending an EMail
func (service *IYOEmailAddressValidationService) RequestValidation(request *http.Request, username string, email string, confirmationurl string) (key string, err error) {
valMngr := validation.NewManager(request)
info, err := valMngr.NewEmailAddressValidationInformation(username, email)
if err != nil {
log.Error(err)
return
}
err = valMngr.SaveEmailAddressValidationInformation(info)
if err != nil {
log.Error(err)
return
}
validationurl := fmt.Sprintf("%s?c=%s&k=%s", confirmationurl, url.QueryEscape(info.Secret), url.QueryEscape(info.Key))
templateParameters := struct {
Url string
Username string
Title string
Text string
ButtonText string
Reason string
}{
Url: validationurl,
Username: username,
Title: "It'sYou.Online email verification",
Text: fmt.Sprintf("To verify your email address %s on ItsYou.Online, click the button below.", email),
ButtonText: "Verify email",
Reason: " You’re receiving this email because you recently created a new ItsYou.Online account or added a new email address. If this wasn’t you, please ignore this email.",
}
message, err := tools.RenderTemplate(emailWithButtonTemplateName, templateParameters)
if err != nil {
return
}
go service.EmailService.Send([]string{email}, "ItsYou.Online email verification", message)
key = info.Key
return
}
