Example #1
0
func APIRegisterChromeGET(w http.ResponseWriter, r *http.Request) {
	// Get session
	sess := session.Instance(r)

	// If the user is logged in
	if sess.Values["id"] == nil {
		w.Header().Set("Content-Type", "application/json")
		w.Write([]byte(`{"error": "Authentication required"}`))
		return
	}

	user_id := uint64(sess.Values["id"].(uint32))

	ci := ChromeInfo{}

	auth, err := model.ApiAuthenticationByUserId(user_id)
	// If there is no record yet, create one
	if err == sql.ErrNoRows {

		// Create values
		ci.Userkey = random.Generate(32)
		ci.Token = random.Generate(32)

		err := model.ApiAuthenticationCreate(user_id, ci.Userkey, ci.Token)
		if err != nil {
			log.Println(err)
			Error500(w, r)
			return
		}
	} else if err != nil {
		log.Println(err)
		Error500(w, r)
		return
	} else {
		ci.Userkey = auth.Userkey
		ci.Token = auth.Token
	}

	js, err := json.Marshal(ci)
	if err != nil {
		log.Println(err)
		Error500(w, r)
		return
	}

	w.Header().Set("Content-Type", "application/json")
	w.Write(js)
}
Example #2
0
func CronNotifyEmailExpireGET(w http.ResponseWriter, r *http.Request) {
	result, err := model.EmailsWithVerificationIn30Days()

	if err != nil {
		log.Println(err)
		Error500(w, r)
	}

	c := view.ReadConfig()

	for _, v := range result {
		//log.Println(v.First_name, " expires on ", v.Expiring, v.Expired, v.Updated_at)

		user_id := int64(v.Id)
		email := v.Email
		first_name := v.First_name

		if v.Expiring {
			// Create the email verification string
			md := random.Generate(32)

			// Add the hash to the database
			err = model.UserEmailVerificationCreate(user_id, md)
			if err != nil {
				log.Println(err)
			}

			// Email the hash to the user
			err = emailer.SendEmail(email, "Email Verification Required for Verified.ninja", "Hi "+first_name+",\n\nTo keep your account active, please verify your email address by clicking on this link: "+c.BaseURI+"emailverification/"+md+"\n\nYour account will expire in 5 days if you don't verify your email.")
			if err != nil {
				log.Println(err)
			}
		} else if v.Expired {
			err = model.UserReverify(user_id)
			if err != nil {
				log.Println(err)
			}

			user_info, err := model.EmailVerificationTokenByUserId(uint64(user_id))
			if err != nil {
				log.Println(err)
			}

			md := user_info.Token

			// Email the hash to the user
			err = emailer.SendEmail(email, "Account Locked on Verified.ninja", "Hi "+first_name+",\n\nIt's been over 30 days since you verified your email. To unlock your account, please verify your email address by clicking on this link: "+c.BaseURI+"emailverification/"+md)
			if err != nil {
				log.Println(err)
			}
		}
	}

	w.Header().Set("Content-Type", "application/json")
	w.Write([]byte(`{"Done": true}`))
}
Example #3
0
func InitialPhotoGET(w http.ResponseWriter, r *http.Request) {
	// Get session
	sess := session.Instance(r)

	user_id := uint64(sess.Values["id"].(uint32))

	demo, err := model.DemographicByUserId(user_id)
	if err != sql.ErrNoRows {
		//log.Println(err)
	}

	// Force the user to enter in demographic information
	if len(demo.Gender) < 1 {
		UserInformationGET(w, r)
		return
	}

	// If the user has no photos, show this page
	// If the user has only unverified photos, show the waiting screen

	// Get the user photos
	photos, err := model.PhotosByUserId(uint64(sess.Values["id"].(uint32)))
	if err != nil {
		log.Println(err)
	}

	verified_private := false
	unverified_private := false
	//rejected_private := false
	any_private := false

	for _, v := range photos {
		if v.Initial == 1 {
			if v.Status_id == 1 {
				verified_private = true
			} else if v.Status_id == 2 {
				unverified_private = true
			} else if v.Status_id == 3 {
				//rejected_private = true
			}
			any_private = true
		}
	}

	// Redirect to profile to handle caess where all private photos are rejected
	if len(photos) < 1 || verified_private || !any_private {
		// Get the user verification code
		token_info, err := model.UserTokenByUserId(user_id)
		if err == sql.ErrNoRows {
			token_info.Token = random.Generate(6)
			token_info.User_id = uint32(user_id)
			err = model.UserTokenCreate(user_id, token_info.Token)
		} else if err != nil {
			log.Println(err)
			Error500(w, r)
			return
		}

		// Display the view
		v := view.New(r)
		v.Name = "user_step1"
		v.Vars["user_token"] = token_info.Token
		v.Vars["first_name"] = sess.Values["first_name"]
		v.Render(w)
	} else if unverified_private {
		http.Redirect(w, r, "/profile", http.StatusFound)
	} else {
		//Error404(w, r)
		http.Redirect(w, r, "/profile", http.StatusFound)
	}
}
Example #4
0
func UserEmailPOST(w http.ResponseWriter, r *http.Request) {
	// Get session
	sess := session.Instance(r)

	user_id := int64(sess.Values["id"].(uint32))
	if !isVerifiedEmail(r, user_id) {
		sess.AddFlash(view.Flash{"You can't change you email again until you verify your current email.", view.FlashError})
		sess.Save(r, w)
		http.Redirect(w, r, "/", http.StatusFound)
	}

	// Validate with required fields
	if validate, missingField := view.Validate(r, []string{"email"}); !validate {
		sess.AddFlash(view.Flash{"Field missing: " + missingField, view.FlashError})
		sess.Save(r, w)
		UserEmailGET(w, r)
		return
	}

	// Validate with Google reCAPTCHA
	if !recaptcha.Verified(r) {
		sess.AddFlash(view.Flash{"reCAPTCHA invalid!", view.FlashError})
		sess.Save(r, w)
		UserEmailGET(w, r)
		return
	}

	// Form values
	email := r.FormValue("email")
	emailOld := sess.Values["email"]

	if email == emailOld {
		sess.AddFlash(view.Flash{"New email cannot be the same as the old email.", view.FlashError})
		sess.Save(r, w)
		UserEmailGET(w, r)
		return
	}

	// Get database result
	err := model.UserEmailUpdate(user_id, email)

	if err != nil {
		if strings.Contains(err.Error(), "Duplicate entry") {
			sess.AddFlash(view.Flash{"That email already exists in the database. Please use a different one.", view.FlashError})
		} else {
			// Display error message
			log.Println(err)
			sess.AddFlash(view.Flash{"There was an error. Please try again later.", view.FlashError})
		}

		sess.Save(r, w)
		UserEmailGET(w, r)
		return
	}

	first_name := fmt.Sprintf("%v", sess.Values["first_name"])

	// Create the email verification string
	md := random.Generate(32)

	// Add the hash to the database
	err = model.UserEmailVerificationCreate(user_id, md)
	if err != nil {
		log.Println(err)
	}
	err = model.UserReverify(user_id)
	if err != nil {
		log.Println(err)
	}

	c := view.ReadConfig()

	// Email the hash to the user
	err = emailer.SendEmail(email, "Email Verification for Verified.ninja", "Hi "+first_name+",\n\nTo verify your email address ("+email+"), please click here: "+c.BaseURI+"emailverification/"+md)
	if err != nil {
		log.Println(err)
	}

	// Login successfully
	sess.AddFlash(view.Flash{"Email updated! You must verify your email before you can login again.", view.FlashSuccess})
	sess.Values["email"] = email
	sess.Save(r, w)
	http.Redirect(w, r, "/", http.StatusFound)
}
Example #5
0
func RegisterPOST(w http.ResponseWriter, r *http.Request) {
	// Get session
	sess := session.Instance(r)

	// Prevent brute force login attempts by not hitting MySQL and pretending like it was invalid :-)
	if sess.Values["register_attempt"] != nil && sess.Values["register_attempt"].(int) >= 5 {
		log.Println("Brute force register prevented")
		http.Redirect(w, r, "/register", http.StatusFound)
		return
	}

	// Validate with required fields
	if validate, missingField := view.Validate(r, []string{"first_name", "last_name", "email", "password"}); !validate {
		sess.AddFlash(view.Flash{"Field missing: " + missingField, view.FlashError})
		sess.Save(r, w)
		RegisterGET(w, r)
		return
	}

	// Validate with Google reCAPTCHA
	if !recaptcha.Verified(r) {
		sess.AddFlash(view.Flash{"reCAPTCHA invalid!", view.FlashError})
		sess.Save(r, w)
		RegisterGET(w, r)
		return
	}

	// Get form values
	first_name := r.FormValue("first_name")
	last_name := r.FormValue("last_name")
	email := r.FormValue("email")

	password, errp := passhash.HashString(r.FormValue("password"))

	// If password hashing failed
	if errp != nil {
		log.Println(errp)
		sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError})
		sess.Save(r, w)
		http.Redirect(w, r, "/register", http.StatusFound)
		return
	}

	// Get database result
	_, err := model.UserIdByEmail(email)

	if err == sql.ErrNoRows { // If success (no user exists with that email)
		result, ex := model.UserCreate(first_name, last_name, email, password)
		// Will only error if there is a problem with the query
		if ex != nil {
			log.Println(ex)
			sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError})
			sess.Save(r, w)
		} else {

			// Create the email verification string
			md := random.Generate(32)

			// Get the user ID
			user_id, _ := result.LastInsertId()

			// Add the user role
			model.RoleCreate(user_id, model.Role_level_User)

			// Add the hash to the database
			model.UserEmailVerificationCreate(user_id, md)

			c := view.ReadConfig()

			// Email the hash to the user
			err := emailer.SendEmail(email, "Email Verification for Verified.ninja", "Hi "+first_name+",\n\nTo verify your email address, please click here: "+c.BaseURI+"emailverification/"+md)
			if err != nil {
				log.Println(err)
			}

			// TODO This is just temporary for testing
			log.Println("Email Verification Link:", c.BaseURI+"emailverification/"+md)

			po, err := pushover.New()
			if err == pushover.ErrPushoverDisabled {
				// Nothing
			} else if err != nil {
				log.Println(err)
			} else {
				err = po.Message(first_name + " " + last_name + "(" + fmt.Sprintf("%v", user_id) + ") created an account. You can view the account here:\nhttps://verified.ninja/admin/user/" + fmt.Sprintf("%v", user_id))
				if err != nil {
					log.Println(err)
				}
			}

			sess.AddFlash(view.Flash{"Account created successfully for: " + email + ". Please click the verification link in your email.", view.FlashSuccess})
			sess.Save(r, w)
			http.Redirect(w, r, "/login", http.StatusFound)
			return
		}
	} else if err != nil { // Catch all other errors
		log.Println(err)
		sess.AddFlash(view.Flash{"An error occurred on the server. Please try again later.", view.FlashError})
		sess.Save(r, w)
	} else { // Else the user already exists
		sess.AddFlash(view.Flash{"Account already exists for: " + email, view.FlashError})
		sess.Save(r, w)
	}

	// Display the page
	RegisterGET(w, r)
}