//ConfirmValidation checks if the supplied code matches the username and key func (service *IYOPhonenumberValidationService) ConfirmValidation(request *http.Request, key, code string) (err error) { info, err := service.getPhonenumberValidationInformation(request, key) if err != nil { return } if info == nil { err = ErrInvalidOrExpiredKey return } if info.SMSCode != code { err = ErrInvalidCode return } valMngr := validation.NewManager(request) p := valMngr.NewValidatedPhonenumber(info.Username, info.Phonenumber) err = valMngr.SaveValidatedPhonenumber(p) if err != nil { return } err = valMngr.UpdatePhonenumberValidationInformation(key, true) if err != nil { return } return }
//ConfirmValidation checks if the supplied code matches the username and key func (service *IYOEmailAddressValidationService) ConfirmValidation(request *http.Request, key, secret string) (err error) { info, err := service.getEmailAddressValidationInformation(request, key) if err != nil { return } if info == nil { err = ErrInvalidOrExpiredKey return } if info.Secret != secret { err = ErrInvalidCode return } valMngr := validation.NewManager(request) p := valMngr.NewValidatedEmailAddress(info.Username, info.EmailAddress) err = valMngr.SaveValidatedEmailAddress(p) if err != nil { return } err = valMngr.UpdateEmailAddressValidationInformation(key, true) if err != nil { return } return }
func (service *IYOPhonenumberValidationService) getPhonenumberValidationInformation(request *http.Request, key string) (info *validation.PhonenumberValidationInformation, err error) { if key == "" { return } valMngr := validation.NewManager(request) info, err = valMngr.GetByKeyPhonenumberValidationInformation(key) return }
//ExpireValidation removes a pending validation func (service *IYOPhonenumberValidationService) ExpireValidation(request *http.Request, key string) (err error) { if key == "" { return } valMngr := validation.NewManager(request) err = valMngr.RemovePhonenumberValidationInformation(key) return }
func (service *IYOEmailAddressValidationService) getEmailAddressValidationInformation(request *http.Request, key string) (info *validation.EmailAddressValidationInformation, err error) { if key == "" { return } valMngr := validation.NewManager(request) info, err = valMngr.GetByKeyEmailAddressValidationInformation(key) return }
//ForgotPassword handler for POST /login/forgotpassword func (service *Service) ForgotPassword(w http.ResponseWriter, request *http.Request) { // login can be username or email values := struct { Login string `json:"login"` }{} if err := json.NewDecoder(request.Body).Decode(&values); err != nil { log.Debug("Error decoding the ForgotPassword request:", err) http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } userMgr := user.NewManager(request) valMgr := validationdb.NewManager(request) validatedemail, err := valMgr.GetByEmailAddressValidatedEmailAddress(values.Login) if err != nil && err != mgo.ErrNotFound { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } var username string var emails []string if err != mgo.ErrNotFound { username = validatedemail.Username emails = []string{validatedemail.EmailAddress} } else { user, err := userMgr.GetByName(values.Login) if err != nil && err != mgo.ErrNotFound { http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound) return } username = user.Username validatedemails, err := valMgr.GetByUsernameValidatedEmailAddress(username) if validatedemails == nil || len(validatedemails) == 0 { http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound) return } if err != nil { log.Error("Failed to get validated emails address - ", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } emails = make([]string, len(validatedemails)) for idx, validatedemail := range validatedemails { emails[idx] = validatedemail.EmailAddress } } _, err = service.emailaddressValidationService.RequestPasswordReset(request, username, emails) if err != nil { log.Error("Failed to request password reset - ", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } w.WriteHeader(http.StatusNoContent) return }
// GetTwoFactorAuthenticationMethods returns the possible two factor authentication methods the user can use to login with. func (service *Service) GetTwoFactorAuthenticationMethods(w http.ResponseWriter, request *http.Request) { loginSession, err := service.GetSession(request, SessionLogin, "loginsession") if err != nil { log.Error(err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } username, ok := loginSession.Values["username"].(string) if username == "" || !ok { http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) return } userMgr := user.NewManager(request) userFromDB, err := userMgr.GetByName(username) if err != nil { log.Error(err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } response := struct { Totp bool `json:"totp"` Sms map[string]string `json:"sms"` }{Sms: make(map[string]string)} totpMgr := totp.NewManager(request) response.Totp, err = totpMgr.HasTOTP(username) if err != nil { log.Error(err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } valMgr := validationdb.NewManager(request) verifiedPhones, err := valMgr.GetByUsernameValidatedPhonenumbers(username) if err != nil { log.Error(err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } for _, validatedPhoneNumber := range verifiedPhones { for _, number := range userFromDB.Phonenumbers { if number.Phonenumber == string(validatedPhoneNumber.Phonenumber) { response.Sms[number.Label] = string(validatedPhoneNumber.Phonenumber) } } } json.NewEncoder(w).Encode(response) return }
//RequestValidation validates the phonenumber by sending an SMS func (service *IYOPhonenumberValidationService) RequestValidation(request *http.Request, username string, phonenumber user.Phonenumber, confirmationurl string) (key string, err error) { valMngr := validation.NewManager(request) info, err := valMngr.NewPhonenumberValidationInformation(username, phonenumber) if err != nil { return } err = valMngr.SavePhonenumberValidationInformation(info) if err != nil { return } smsmessage := fmt.Sprintf("To verify your phonenumber on itsyou.online enter the code %s in the form or use this link: %s?c=%s&k=%s", info.SMSCode, confirmationurl, info.SMSCode, url.QueryEscape(info.Key)) go service.SMSService.Send(phonenumber.Phonenumber, smsmessage) key = info.Key return }
func SearchUser(r *http.Request, searchString string) (usr *user.User, err1 error) { userMgr := user.NewManager(r) usr, err1 = userMgr.GetByName(searchString) if err1 == mgo.ErrNotFound { valMgr := validationdb.NewManager(r) validatedPhonenumber, err2 := valMgr.GetByPhoneNumber(searchString) if err2 == mgo.ErrNotFound { validatedEmailAddress, err3 := valMgr.GetByEmailAddress(searchString) if err3 != nil { return nil, err3 } else { return userMgr.GetByName(validatedEmailAddress.Username) } } else { return userMgr.GetByName(validatedPhonenumber.Username) } } else { return usr, err1 } }
//RequestValidation validates the email address by sending an EMail func (service *IYOEmailAddressValidationService) RequestValidation(request *http.Request, username string, email string, confirmationurl string) (key string, err error) { valMngr := validation.NewManager(request) info, err := valMngr.NewEmailAddressValidationInformation(username, email) if err != nil { log.Error(err) return } err = valMngr.SaveEmailAddressValidationInformation(info) if err != nil { log.Error(err) return } validationurl := fmt.Sprintf("%s?c=%s&k=%s", confirmationurl, url.QueryEscape(info.Secret), url.QueryEscape(info.Key)) templateParameters := struct { Url string Username string Title string Text string ButtonText string Reason string }{ Url: validationurl, Username: username, Title: "It'sYou.Online email verification", Text: fmt.Sprintf("To verify your email address %s on ItsYou.Online, click the button below.", email), ButtonText: "Verify email", Reason: " You’re receiving this email because you recently created a new ItsYou.Online account or added a new email address. If this wasn’t you, please ignore this email.", } message, err := tools.RenderTemplate(emailWithButtonTemplateName, templateParameters) if err != nil { return } go service.EmailService.Send([]string{email}, "ItsYou.Online email verification", message) key = info.Key return }