[#114] Account confirmation email, registration as unconfirmed (config-based), auth prevention for unconfirmed.
This commit is contained in:
parent
a05cb10a95
commit
1de0aa2f10
|
@ -15,6 +15,7 @@ defp sender do
|
||||||
|
|
||||||
defp recipient(email, nil), do: email
|
defp recipient(email, nil), do: email
|
||||||
defp recipient(email, name), do: {name, email}
|
defp recipient(email, name), do: {name, email}
|
||||||
|
defp recipient(%Pleroma.User{} = user), do: recipient(user.email, user.name)
|
||||||
|
|
||||||
def password_reset_email(user, password_reset_token) when is_binary(password_reset_token) do
|
def password_reset_email(user, password_reset_token) when is_binary(password_reset_token) do
|
||||||
password_reset_url =
|
password_reset_url =
|
||||||
|
@ -32,7 +33,7 @@ def password_reset_email(user, password_reset_token) when is_binary(password_res
|
||||||
"""
|
"""
|
||||||
|
|
||||||
new()
|
new()
|
||||||
|> to(recipient(user.email, user.name))
|
|> to(recipient(user))
|
||||||
|> from(sender())
|
|> from(sender())
|
||||||
|> subject("Password reset")
|
|> subject("Password reset")
|
||||||
|> html_body(html_body)
|
|> html_body(html_body)
|
||||||
|
@ -63,4 +64,25 @@ def user_invitation_email(
|
||||||
|> subject("Invitation to #{instance_name()}")
|
|> subject("Invitation to #{instance_name()}")
|
||||||
|> html_body(html_body)
|
|> html_body(html_body)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def account_confirmation_email(user) do
|
||||||
|
confirmation_url =
|
||||||
|
Router.Helpers.confirm_email_url(
|
||||||
|
Endpoint,
|
||||||
|
:confirm_email,
|
||||||
|
to_string(user.info.confirmation_token)
|
||||||
|
)
|
||||||
|
|
||||||
|
html_body = """
|
||||||
|
<h3>Welcome to #{instance_name()}!</h3>
|
||||||
|
<p>Email confirmation is required to activate the account.</p>
|
||||||
|
<p>Click the following link to proceed: <a href="#{confirmation_url}">activate your account</a>.</p>
|
||||||
|
"""
|
||||||
|
|
||||||
|
new()
|
||||||
|
|> to(recipient(user))
|
||||||
|
|> from(sender())
|
||||||
|
|> subject("#{instance_name()} account confirmation")
|
||||||
|
|> html_body(html_body)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -38,6 +38,8 @@ defmodule Pleroma.User do
|
||||||
timestamps()
|
timestamps()
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def auth_active?(user), do: user.info && !user.info.confirmation_pending
|
||||||
|
|
||||||
def avatar_url(user) do
|
def avatar_url(user) do
|
||||||
case user.avatar do
|
case user.avatar do
|
||||||
%{"url" => [%{"href" => href} | _]} -> href
|
%{"url" => [%{"href" => href} | _]} -> href
|
||||||
|
|
|
@ -143,6 +143,20 @@ def profile_update(info, params) do
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def confirmation_update(info, :confirmed) do
|
||||||
|
confirmation_update(info, %{
|
||||||
|
confirmation_pending: false,
|
||||||
|
confirmation_token: nil
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
|
def confirmation_update(info, :unconfirmed) do
|
||||||
|
confirmation_update(info, %{
|
||||||
|
confirmation_pending: true,
|
||||||
|
confirmation_token: :crypto.strong_rand_bytes(32) |> Base.url_encode64()
|
||||||
|
})
|
||||||
|
end
|
||||||
|
|
||||||
def confirmation_update(info, params) do
|
def confirmation_update(info, params) do
|
||||||
cast(info, params, [:confirmation_pending, :confirmation_token])
|
cast(info, params, [:confirmation_pending, :confirmation_token])
|
||||||
end
|
end
|
||||||
|
|
|
@ -31,6 +31,7 @@ def create_authorization(conn, %{
|
||||||
}) do
|
}) do
|
||||||
with %User{} = user <- User.get_by_nickname_or_email(name),
|
with %User{} = user <- User.get_by_nickname_or_email(name),
|
||||||
true <- Pbkdf2.checkpw(password, user.password_hash),
|
true <- Pbkdf2.checkpw(password, user.password_hash),
|
||||||
|
true <- User.auth_active?(user),
|
||||||
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
%App{} = app <- Repo.get_by(App, client_id: client_id),
|
||||||
{:ok, auth} <- Authorization.create_authorization(app, user) do
|
{:ok, auth} <- Authorization.create_authorization(app, user) do
|
||||||
# Special case: Local MastodonFE.
|
# Special case: Local MastodonFE.
|
||||||
|
@ -101,6 +102,7 @@ def token_exchange(
|
||||||
with %App{} = app <- get_app_from_request(conn, params),
|
with %App{} = app <- get_app_from_request(conn, params),
|
||||||
%User{} = user <- User.get_by_nickname_or_email(name),
|
%User{} = user <- User.get_by_nickname_or_email(name),
|
||||||
true <- Pbkdf2.checkpw(password, user.password_hash),
|
true <- Pbkdf2.checkpw(password, user.password_hash),
|
||||||
|
true <- User.auth_active?(user),
|
||||||
{:ok, auth} <- Authorization.create_authorization(app, user),
|
{:ok, auth} <- Authorization.create_authorization(app, user),
|
||||||
{:ok, token} <- Token.exchange_token(app, auth) do
|
{:ok, token} <- Token.exchange_token(app, auth) do
|
||||||
response = %{
|
response = %{
|
||||||
|
|
|
@ -281,7 +281,8 @@ defmodule Pleroma.Web.Router do
|
||||||
|
|
||||||
post("/account/register", TwitterAPI.Controller, :register)
|
post("/account/register", TwitterAPI.Controller, :register)
|
||||||
post("/account/password_reset", TwitterAPI.Controller, :password_reset)
|
post("/account/password_reset", TwitterAPI.Controller, :password_reset)
|
||||||
get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email)
|
|
||||||
|
get("/account/confirm_email/:token", TwitterAPI.Controller, :confirm_email, as: :confirm_email)
|
||||||
|
|
||||||
get("/search", TwitterAPI.Controller, :search)
|
get("/search", TwitterAPI.Controller, :search)
|
||||||
get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
|
get("/statusnet/tags/timeline/:tag", TwitterAPI.Controller, :public_and_external_timeline)
|
||||||
|
|
|
@ -174,6 +174,8 @@ def config(conn, _params) do
|
||||||
closed: if(Keyword.get(instance, :registrations_open), do: "0", else: "1"),
|
closed: if(Keyword.get(instance, :registrations_open), do: "0", else: "1"),
|
||||||
private: if(Keyword.get(instance, :public, true), do: "0", else: "1"),
|
private: if(Keyword.get(instance, :public, true), do: "0", else: "1"),
|
||||||
vapidPublicKey: vapid_public_key,
|
vapidPublicKey: vapid_public_key,
|
||||||
|
accountActivationRequired:
|
||||||
|
if(Keyword.get(instance, :account_activation_required, false), do: "1", else: "0"),
|
||||||
invitesEnabled: if(Keyword.get(instance, :invites_enabled, false), do: "1", else: "0")
|
invitesEnabled: if(Keyword.get(instance, :invites_enabled, false), do: "1", else: "0")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
|
||||||
alias Pleroma.{UserInviteToken, User, Activity, Repo, Object}
|
alias Pleroma.{UserInviteToken, User, Activity, Repo, Object}
|
||||||
|
alias Pleroma.{UserEmail, Mailer}
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
alias Pleroma.Web.TwitterAPI.UserView
|
alias Pleroma.Web.TwitterAPI.UserView
|
||||||
alias Pleroma.Web.CommonAPI
|
alias Pleroma.Web.CommonAPI
|
||||||
|
|
||||||
import Ecto.Query
|
import Ecto.Query
|
||||||
|
|
||||||
def create_status(%User{} = user, %{"status" => _} = data) do
|
def create_status(%User{} = user, %{"status" => _} = data) do
|
||||||
|
@ -165,6 +167,22 @@ def register_user(params) do
|
||||||
|
|
||||||
with {:ok, user} <- Repo.insert(changeset) do
|
with {:ok, user} <- Repo.insert(changeset) do
|
||||||
!registrations_open && UserInviteToken.mark_as_used(token.token)
|
!registrations_open && UserInviteToken.mark_as_used(token.token)
|
||||||
|
|
||||||
|
if Pleroma.Config.get([:instance, :account_activation_required]) do
|
||||||
|
info_change = User.Info.confirmation_update(user.info, :unconfirmed)
|
||||||
|
|
||||||
|
{:ok, unconfirmed_user} =
|
||||||
|
user
|
||||||
|
|> Ecto.Changeset.change()
|
||||||
|
|> Ecto.Changeset.put_embed(:info, info_change)
|
||||||
|
|> Repo.update()
|
||||||
|
|
||||||
|
{:ok, _} =
|
||||||
|
unconfirmed_user
|
||||||
|
|> UserEmail.account_confirmation_email()
|
||||||
|
|> Mailer.deliver()
|
||||||
|
end
|
||||||
|
|
||||||
{:ok, user}
|
{:ok, user}
|
||||||
else
|
else
|
||||||
{:error, changeset} ->
|
{:error, changeset} ->
|
||||||
|
@ -189,8 +207,8 @@ def password_reset(nickname_or_email) do
|
||||||
%User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email),
|
%User{local: true} = user <- User.get_by_nickname_or_email(nickname_or_email),
|
||||||
{:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
|
{:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
|
||||||
user
|
user
|
||||||
|> Pleroma.UserEmail.password_reset_email(token_record.token)
|
|> UserEmail.password_reset_email(token_record.token)
|
||||||
|> Pleroma.Mailer.deliver()
|
|> Mailer.deliver()
|
||||||
else
|
else
|
||||||
false ->
|
false ->
|
||||||
{:error, "bad user identifier"}
|
{:error, "bad user identifier"}
|
||||||
|
|
|
@ -13,6 +13,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
|
||||||
require Logger
|
require Logger
|
||||||
|
|
||||||
plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
|
plug(:only_if_public_instance when action in [:public_timeline, :public_and_external_timeline])
|
||||||
|
plug(:fetch_flash when action in [:confirm_email])
|
||||||
action_fallback(:errors)
|
action_fallback(:errors)
|
||||||
|
|
||||||
def verify_credentials(%{assigns: %{user: user}} = conn, _params) do
|
def verify_credentials(%{assigns: %{user: user}} = conn, _params) do
|
||||||
|
@ -375,8 +376,7 @@ def password_reset(conn, params) do
|
||||||
def confirm_email(conn, %{"token" => token}) do
|
def confirm_email(conn, %{"token" => token}) do
|
||||||
with %User{} = user <- User.get_by_confirmation_token(token),
|
with %User{} = user <- User.get_by_confirmation_token(token),
|
||||||
true <- user.local,
|
true <- user.local,
|
||||||
new_info_fields <- %{confirmation_pending: false, confirmation_token: nil},
|
info_change <- User.Info.confirmation_update(user.info, :confirmed),
|
||||||
info_change <- User.Info.confirmation_update(user.info, new_info_fields),
|
|
||||||
changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change),
|
changeset <- Changeset.change(user) |> Changeset.put_embed(:info, info_change),
|
||||||
{:ok, _} <- User.update_and_set_cache(changeset) do
|
{:ok, _} <- User.update_and_set_cache(changeset) do
|
||||||
conn
|
conn
|
||||||
|
|
Loading…
Reference in a new issue