2023-03-12 16:00:57 +01:00
|
|
|
|
// GoToSocial
|
|
|
|
|
// Copyright (C) GoToSocial Authors admin@gotosocial.org
|
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2021-10-31 15:46:23 +01:00
|
|
|
|
|
|
|
|
|
package user
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/google/uuid"
|
2021-12-07 13:31:39 +01:00
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/config"
|
2021-10-31 15:46:23 +01:00
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/db"
|
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/email"
|
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtserror"
|
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
2021-12-20 15:19:53 +01:00
|
|
|
|
"github.com/superseriousbusiness/gotosocial/internal/uris"
|
2021-10-31 15:46:23 +01:00
|
|
|
|
)
|
|
|
|
|
|
2022-05-30 14:41:24 +02:00
|
|
|
|
var oneWeek = 168 * time.Hour
|
2021-10-31 15:46:23 +01:00
|
|
|
|
|
2023-02-22 16:05:26 +01:00
|
|
|
|
// EmailSendConfirmation sends an email address confirmation request email to the given user.
|
|
|
|
|
func (p *Processor) EmailSendConfirmation(ctx context.Context, user *gtsmodel.User, username string) error {
|
2021-10-31 15:46:23 +01:00
|
|
|
|
if user.UnconfirmedEmail == "" || user.UnconfirmedEmail == user.Email {
|
|
|
|
|
// user has already confirmed this email address, so there's nothing to do
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We need a token and a link for the user to click on.
|
|
|
|
|
// We'll use a uuid as our token since it's basically impossible to guess.
|
|
|
|
|
// From the uuid package we use (which uses crypto/rand under the hood):
|
|
|
|
|
// Randomly generated UUIDs have 122 random bits. One's annual risk of being
|
|
|
|
|
// hit by a meteorite is estimated to be one chance in 17 billion, that
|
|
|
|
|
// means the probability is about 0.00000000006 (6 × 10−11),
|
|
|
|
|
// equivalent to the odds of creating a few tens of trillions of UUIDs in a
|
|
|
|
|
// year and having one duplicate.
|
|
|
|
|
confirmationToken := uuid.NewString()
|
2021-12-20 15:19:53 +01:00
|
|
|
|
confirmationLink := uris.GenerateURIForEmailConfirm(confirmationToken)
|
2021-10-31 15:46:23 +01:00
|
|
|
|
|
|
|
|
|
// pull our instance entry from the database so we can greet the user nicely in the email
|
|
|
|
|
instance := >smodel.Instance{}
|
2022-05-30 14:41:24 +02:00
|
|
|
|
host := config.GetHost()
|
2023-03-01 19:26:53 +01:00
|
|
|
|
if err := p.state.DB.GetWhere(ctx, []db.Where{{Key: "domain", Value: host}}, instance); err != nil {
|
2021-10-31 15:46:23 +01:00
|
|
|
|
return fmt.Errorf("SendConfirmEmail: error getting instance: %s", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// assemble the email contents and send the email
|
|
|
|
|
confirmData := email.ConfirmData{
|
|
|
|
|
Username: username,
|
|
|
|
|
InstanceURL: instance.URI,
|
|
|
|
|
InstanceName: instance.Title,
|
|
|
|
|
ConfirmLink: confirmationLink,
|
|
|
|
|
}
|
|
|
|
|
if err := p.emailSender.SendConfirmEmail(user.UnconfirmedEmail, confirmData); err != nil {
|
|
|
|
|
return fmt.Errorf("SendConfirmEmail: error sending to email address %s belonging to user %s: %s", user.UnconfirmedEmail, username, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// email sent, now we need to update the user entry with the token we just sent them
|
2022-08-15 12:35:05 +02:00
|
|
|
|
updatingColumns := []string{"confirmation_sent_at", "confirmation_token", "last_emailed_at", "updated_at"}
|
2021-10-31 15:46:23 +01:00
|
|
|
|
user.ConfirmationSentAt = time.Now()
|
|
|
|
|
user.ConfirmationToken = confirmationToken
|
|
|
|
|
user.LastEmailedAt = time.Now()
|
|
|
|
|
user.UpdatedAt = time.Now()
|
|
|
|
|
|
2023-03-01 19:26:53 +01:00
|
|
|
|
if err := p.state.DB.UpdateByID(ctx, user, user.ID, updatingColumns...); err != nil {
|
2021-10-31 15:46:23 +01:00
|
|
|
|
return fmt.Errorf("SendConfirmEmail: error updating user entry after email sent: %s", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-22 16:05:26 +01:00
|
|
|
|
// EmailConfirm processes an email confirmation request, usually initiated as a result of clicking on a link
|
|
|
|
|
// in a 'confirm your email address' type email.
|
|
|
|
|
func (p *Processor) EmailConfirm(ctx context.Context, token string) (*gtsmodel.User, gtserror.WithCode) {
|
2021-10-31 15:46:23 +01:00
|
|
|
|
if token == "" {
|
|
|
|
|
return nil, gtserror.NewErrorNotFound(errors.New("no token provided"))
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-01 19:26:53 +01:00
|
|
|
|
user, err := p.state.DB.GetUserByConfirmationToken(ctx, token)
|
2022-10-03 10:46:11 +02:00
|
|
|
|
if err != nil {
|
2021-10-31 15:46:23 +01:00
|
|
|
|
if err == db.ErrNoEntries {
|
|
|
|
|
return nil, gtserror.NewErrorNotFound(err)
|
|
|
|
|
}
|
|
|
|
|
return nil, gtserror.NewErrorInternalError(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user.Account == nil {
|
2023-03-01 19:26:53 +01:00
|
|
|
|
a, err := p.state.DB.GetAccountByID(ctx, user.AccountID)
|
2021-10-31 15:46:23 +01:00
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, gtserror.NewErrorNotFound(err)
|
|
|
|
|
}
|
|
|
|
|
user.Account = a
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !user.Account.SuspendedAt.IsZero() {
|
|
|
|
|
return nil, gtserror.NewErrorForbidden(fmt.Errorf("ConfirmEmail: account %s is suspended", user.AccountID))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user.UnconfirmedEmail == "" || user.UnconfirmedEmail == user.Email {
|
|
|
|
|
// no pending email confirmations so just return OK
|
|
|
|
|
return user, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if user.ConfirmationSentAt.Before(time.Now().Add(-oneWeek)) {
|
|
|
|
|
return nil, gtserror.NewErrorForbidden(errors.New("ConfirmEmail: confirmation token expired"))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// mark the user's email address as confirmed + remove the unconfirmed address and the token
|
2022-08-15 12:35:05 +02:00
|
|
|
|
updatingColumns := []string{"email", "unconfirmed_email", "confirmed_at", "confirmation_token", "updated_at"}
|
2021-10-31 15:46:23 +01:00
|
|
|
|
user.Email = user.UnconfirmedEmail
|
|
|
|
|
user.UnconfirmedEmail = ""
|
|
|
|
|
user.ConfirmedAt = time.Now()
|
|
|
|
|
user.ConfirmationToken = ""
|
|
|
|
|
user.UpdatedAt = time.Now()
|
|
|
|
|
|
2023-03-01 19:26:53 +01:00
|
|
|
|
if err := p.state.DB.UpdateByID(ctx, user, user.ID, updatingColumns...); err != nil {
|
2021-10-31 15:46:23 +01:00
|
|
|
|
return nil, gtserror.NewErrorInternalError(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return user, nil
|
|
|
|
|
}
|