feat(security): #286 fix mail sending

handler/auth.go

@@ -59,9 +59,9 @@ var (
 
 func (handler AuthImpl) handleSignInPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session != nil {
-			if !session.User.EmailVerified {
+		user := middleware.GetUser(r)
+		if user != nil {
+			if !user.EmailVerified {
 				utils.DoRedirect(w, r, "/auth/verify")
 			} else {
 				utils.DoRedirect(w, r, "/")
@@ -122,10 +122,10 @@ func (handler AuthImpl) handleSignIn() http.HandlerFunc {
 
 func (handler AuthImpl) handleSignUpPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
+		user := middleware.GetUser(r)
 
-		if session != nil {
-			if !session.User.EmailVerified {
+		if user != nil {
+			if !user.EmailVerified {
 				utils.DoRedirect(w, r, "/auth/verify")
 			} else {
 				utils.DoRedirect(w, r, "/")
@@ -140,31 +140,30 @@ func (handler AuthImpl) handleSignUpPage() http.HandlerFunc {
 
 func (handler AuthImpl) handleSignUpVerifyPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
 
-		if session.User.EmailVerified {
+		if user.EmailVerified {
 			utils.DoRedirect(w, r, "/")
 			return
 		}
 
 		signIn := auth.VerifyComp()
-		handler.render.RenderLayout(r, w, signIn, session.User)
+		handler.render.RenderLayout(r, w, signIn, user)
 	}
 }
 
 func (handler AuthImpl) handleVerifyResendComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
 
-		user := session.User
 		go handler.service.SendVerificationMail(user.Id, user.Email)
 
 		_, err := w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
@@ -195,11 +194,13 @@ func (handler AuthImpl) handleSignUp() http.HandlerFunc {
 		var password = r.FormValue("password")
 
 		_, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) {
+			log.Info("Signing up %v", email)
 			user, err := handler.service.SignUp(email, password)
 			if err != nil {
 				return nil, err
 			}
 
+			log.Info("Sending verification email to %v", user.Email)
 			go handler.service.SendVerificationMail(user.Id, user.Email)
 			return nil, nil
 		})
@@ -248,34 +249,34 @@ func (handler AuthImpl) handleSignOut() http.HandlerFunc {
 
 func (handler AuthImpl) handleDeleteAccountPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
 
 		comp := auth.DeleteAccountComp()
-		handler.render.RenderLayout(r, w, comp, session.User)
+		handler.render.RenderLayout(r, w, comp, user)
 	}
 }
 
 func (handler AuthImpl) handleDeleteAccountComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
 
 		password := r.FormValue("password")
 
-		_, err := handler.service.SignIn(session.User.Email, password)
+		_, err := handler.service.SignIn(user.Email, password)
 		if err != nil {
 			utils.TriggerToast(w, r, "error", "Password not correct")
 			return
 		}
 
-		err = handler.service.DeleteAccount(session.User)
+		err = handler.service.DeleteAccount(user)
 		if err != nil {
 			utils.TriggerToast(w, r, "error", "Internal Server Error")
 			return
@@ -290,23 +291,23 @@ func (handler AuthImpl) handleChangePasswordPage() http.HandlerFunc {
 
 		isPasswordReset := r.URL.Query().Has("token")
 
-		session := middleware.GetSession(r)
+		user := middleware.GetUser(r)
 
-		if session == nil && !isPasswordReset {
+		if user == nil && !isPasswordReset {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
 
 		comp := auth.ChangePasswordComp(isPasswordReset)
-		handler.render.RenderLayout(r, w, comp, session.User)
+		handler.render.RenderLayout(r, w, comp, user)
 	}
 }
 
 func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
@@ -314,7 +315,7 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 		currPass := r.FormValue("current-password")
 		newPass := r.FormValue("new-password")
 
-		err := handler.service.ChangePassword(session.User, currPass, newPass)
+		err := handler.service.ChangePassword(user, currPass, newPass)
 		if err != nil {
 			utils.TriggerToast(w, r, "error", "Password not correct")
 			return
@@ -327,14 +328,14 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 func (handler AuthImpl) handleResetPasswordPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
 
 		comp := auth.ResetPasswordComp()
-		handler.render.RenderLayout(r, w, comp, session.User)
+		handler.render.RenderLayout(r, w, comp, user)
 	}
 }
 

handler/middleware/authenticate.go

@@ -29,6 +29,16 @@ func Authenticate(service service.Auth) func(http.Handler) http.Handler {
 	}
 }
 
+func GetUser(r *http.Request) *service.User {
+
+	session := GetSession(r)
+	if session == nil {
+		return nil
+	}
+
+	return session.User
+}
+
 func GetSession(r *http.Request) *service.Session {
 	obj := r.Context().Value(SessionKey)
 	if obj == nil {