// Redirect back to a return URL, if specified; otherwise, redirect to
// defaultURL.
func ReturnRedirect(req *http.Request, statusCode int, defaultURL string) {
ak := opts.VariantSecretKey("redirect")
r := req.FormValue("r")
if r != "" && webac.VerifyFor("redirect/"+r, req.FormValue("rac"), ak) {
if _, err := url.Parse(r); err == nil {
defaultURL = r
}
}
miscctx.RedirectTo(req, statusCode, defaultURL)
}
func Auth_Verify_GET(rw http.ResponseWriter, req *http.Request) {
ac := req.FormValue("ac")
reset_s := req.FormValue("r")
email := req.FormValue("e")
var userID int64
var ak []byte
var verified bool
var isAdmin bool
err := GetBackend(req).GetDatabase().QueryRow("SELECT node_id, ak, is_admin, email_verified FROM \"n_user\" WHERE email=$1 LIMIT 1", email).Scan(&userID, &ak, &isAdmin, &verified)
log.Panice(err, "find ak for e. mail verify")
if !webac.VerifyFor("verify-email/"+reset_s+"/"+email, ac, ak) {
rw.WriteHeader(400)
tpl.MustShow(req, "front/400", nil)
return
}
if !verified {
_, err = dbutil.UpdateKV(GetBackend(req).GetDatabase(), "n_user", dbutil.Set{"email_verified": true}, dbutil.Where{"node_id": userID})
log.Panice(err)
}
if reset_s == "1" {
_, err = rand.Read(ak)
log.Panice(err)
_, err = dbutil.UpdateKV(GetBackend(req).GetDatabase(), "n_user", dbutil.Set{"ak": ak}, dbutil.Where{"node_id": userID})
}
// log user in
if reset_s == "0" {
if verified {
// non-reset links cannot be used to get a free login to an already-verified account
rw.WriteHeader(400)
tpl.MustShow(req, "front/400", nil)
return
}
session.AddFlash(req, session.Flash{
Severity: "success",
Msg: "Your e. mail address has been verified.",
})
} else {
session.Set(req, "must_change_password", true)
}
session.Set(req, "user_id", int(userID))
session.Set(req, "user_ak", ak)
session.Set(req, "user_is_admin", isAdmin)
session.Bump(req)
miscctx.SeeOther(req, "/panel")
}
// Redirect to a given URL with the given status code, such that the user agent
// can eventually be redirected back to the current URL, unless a return URL
// has already been provided in the current request, in which case that return
// URL is used.
func RedirectWithReturn(req *http.Request, statusCode int, targetURL string) {
ak := opts.VariantSecretKey("redirect")
ustr := req.URL.String()
r, rac := req.FormValue("r"), req.FormValue("rac")
if r == "" || !webac.VerifyFor("redirect/"+r, rac, ak) {
r = ustr
rac = webac.NewFor("redirect/"+r, ak)
}
tgt, err := req.URL.Parse(targetURL)
if err == nil {
q := tgt.Query()
q.Set("r", r)
q.Set("rac", rac)
tgt.RawQuery = q.Encode()
targetURL = tgt.String()
}
miscctx.RedirectTo(req, statusCode, targetURL)
}