func forgotHandler(ctx *app.Context) {
d := data(ctx)
if !d.allowDirectSignIn() {
ctx.NotFound("")
return
}
var user User
var isEmail bool
var sent bool
var fields struct {
Username string `form:",singleline,label=Username or Email"`
ValidateUsername func(*app.Context) error
}
fields.ValidateUsername = func(c *app.Context) error {
username := Normalize(fields.Username)
isEmail = strings.Contains(username, "@")
var field string
if isEmail {
field = "User.NormalizedEmail"
} else {
field = "User.NormalizedUsername"
}
userVal, userIface := newEmptyUser(ctx)
ok := c.Orm().MustOne(orm.Eq(field, username), userIface)
if !ok {
if isEmail {
return i18n.Errorf("address %q does not belong to any registered user", username)
}
return i18n.Errorf("username %q does not belong to any registered user", username)
}
user = getUserValue(userVal, "User").(User)
if user.Email == "" {
return i18n.Errorf("username %q does not have any registered emails", username)
}
return nil
}
f := form.New(ctx, &fields)
if f.Submitted() && f.IsValid() {
se, err := ctx.App().EncryptSigner(Salt)
if err != nil {
panic(err)
}
values := make(url.Values)
values.Add("u", strconv.FormatInt(user.Id(), 36))
values.Add("t", strconv.FormatInt(time.Now().Unix(), 36))
values.Add("n", stringutil.Random(64))
payload := values.Encode()
p, err := se.EncryptSign([]byte(payload))
if err != nil {
panic(err)
}
abs := ctx.URL()
reset := fmt.Sprintf("%s://%s%s?p=%s", abs.Scheme, abs.Host, ctx.MustReverse(ResetHandlerName), p)
data := map[string]interface{}{
"URL": reset,
}
from := mail.DefaultFrom()
if from == "" {
from = fmt.Sprintf("no-reply@%s", abs.Host)
}
msg := &mail.Message{
To: user.Email,
From: from,
Subject: fmt.Sprintf(ctx.T("Reset your %s password"), d.opts.SiteName),
}
ctx.MustSendMail("reset_password.txt", data, msg)
sent = true
}
data := map[string]interface{}{
"ForgotForm": f,
"IsEmail": isEmail,
"Sent": sent,
"User": user,
}
ctx.MustExecute(ForgotTemplateName, data)
}
