feat(security): #286 fix mail sending

2024-12-09 23:19:51 +01:00
parent eab42c26f8
commit d5d809f6b5
5 changed files with 76 additions and 32 deletions
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -59,9 +59,9 @@ var (

 func (handler AuthImpl) handleSignInPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session != nil {
-			if !session.User.EmailVerified {
+		user := middleware.GetUser(r)
+		if user != nil {
+			if !user.EmailVerified {
 				utils.DoRedirect(w, r, "/auth/verify")
 			} else {
 				utils.DoRedirect(w, r, "/")
@@ -122,10 +122,10 @@ func (handler AuthImpl) handleSignIn() http.HandlerFunc {

 func (handler AuthImpl) handleSignUpPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
+		user := middleware.GetUser(r)

-		if session != nil {
-			if !session.User.EmailVerified {
+		if user != nil {
+			if !user.EmailVerified {
 				utils.DoRedirect(w, r, "/auth/verify")
 			} else {
 				utils.DoRedirect(w, r, "/")
@@ -140,31 +140,30 @@ func (handler AuthImpl) handleSignUpPage() http.HandlerFunc {

 func (handler AuthImpl) handleSignUpVerifyPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}

-		if session.User.EmailVerified {
+		if user.EmailVerified {
 			utils.DoRedirect(w, r, "/")
 			return
 		}

 		signIn := auth.VerifyComp()
-		handler.render.RenderLayout(r, w, signIn, session.User)
+		handler.render.RenderLayout(r, w, signIn, user)
 	}
 }

 func (handler AuthImpl) handleVerifyResendComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}

-		user := session.User
 		go handler.service.SendVerificationMail(user.Id, user.Email)

 		_, err := w.Write([]byte("<p class=\"mt-8\">Verification email sent</p>"))
@@ -195,11 +194,13 @@ func (handler AuthImpl) handleSignUp() http.HandlerFunc {
 		var password = r.FormValue("password")

 		_, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) {
+			log.Info("Signing up %v", email)
 			user, err := handler.service.SignUp(email, password)
 			if err != nil {
 				return nil, err
 			}

+			log.Info("Sending verification email to %v", user.Email)
 			go handler.service.SendVerificationMail(user.Id, user.Email)
 			return nil, nil
 		})
@@ -248,34 +249,34 @@ func (handler AuthImpl) handleSignOut() http.HandlerFunc {

 func (handler AuthImpl) handleDeleteAccountPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}

 		comp := auth.DeleteAccountComp()
-		handler.render.RenderLayout(r, w, comp, session.User)
+		handler.render.RenderLayout(r, w, comp, user)
 	}
 }

 func (handler AuthImpl) handleDeleteAccountComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}

 		password := r.FormValue("password")

-		_, err := handler.service.SignIn(session.User.Email, password)
+		_, err := handler.service.SignIn(user.Email, password)
 		if err != nil {
 			utils.TriggerToast(w, r, "error", "Password not correct")
 			return
 		}

-		err = handler.service.DeleteAccount(session.User)
+		err = handler.service.DeleteAccount(user)
 		if err != nil {
 			utils.TriggerToast(w, r, "error", "Internal Server Error")
 			return
@@ -290,23 +291,23 @@ func (handler AuthImpl) handleChangePasswordPage() http.HandlerFunc {

 		isPasswordReset := r.URL.Query().Has("token")

-		session := middleware.GetSession(r)
+		user := middleware.GetUser(r)

-		if session == nil && !isPasswordReset {
+		if user == nil && !isPasswordReset {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}

 		comp := auth.ChangePasswordComp(isPasswordReset)
-		handler.render.RenderLayout(r, w, comp, session.User)
+		handler.render.RenderLayout(r, w, comp, user)
 	}
 }

 func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {

-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}
@@ -314,7 +315,7 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 		currPass := r.FormValue("current-password")
 		newPass := r.FormValue("new-password")

-		err := handler.service.ChangePassword(session.User, currPass, newPass)
+		err := handler.service.ChangePassword(user, currPass, newPass)
 		if err != nil {
 			utils.TriggerToast(w, r, "error", "Password not correct")
 			return
@@ -327,14 +328,14 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 func (handler AuthImpl) handleResetPasswordPage() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {

-		session := middleware.GetSession(r)
-		if session == nil {
+		user := middleware.GetUser(r)
+		if user == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}

 		comp := auth.ResetPasswordComp()
-		handler.render.RenderLayout(r, w, comp, session.User)
+		handler.render.RenderLayout(r, w, comp, user)
 	}
 }