163 lines
2.7 KiB
Perl
163 lines
2.7 KiB
Perl
package cyberman::Auth;
|
|
|
|
use Dancer2 appname => "cyberman";
|
|
use Dancer2::Plugin::Database;
|
|
use URI::Escape;
|
|
|
|
use cyberman::Helper;
|
|
|
|
# This file: auth-related routes (register, login, logout)
|
|
# Hooks and helper functions for authentication are in cyberman.pm
|
|
|
|
post '/register' => sub {
|
|
my %errs;
|
|
|
|
for my $param ("password", "password2", "email") {
|
|
if (!param($param)) {
|
|
$errs{"e_no_$param"} = 1;
|
|
}
|
|
}
|
|
|
|
my $result = database->quick_select(
|
|
"user",
|
|
{
|
|
"email" => param("email"),
|
|
},
|
|
);
|
|
|
|
if ($result) {
|
|
$errs{"e_email_exists"} = 1;
|
|
}
|
|
|
|
if (!exists $errs{"e_no_password"} || !exists $errs{"e_no_password2"}) {
|
|
if (param("password") ne param("password2")) {
|
|
$errs{"e_pass_match"} = 1;
|
|
}
|
|
|
|
if (length param("password") < 8) {
|
|
$errs{"e_pass_len"} = 1;
|
|
}
|
|
}
|
|
|
|
if (scalar(keys(%errs)) != 0) {
|
|
return template 'register' => {
|
|
error => 1,
|
|
%errs,
|
|
};
|
|
}
|
|
|
|
my ($hash, $salt) = hash_password(param("password"));
|
|
my $conftoken = randstring(16);
|
|
|
|
# Create the account in the database
|
|
database->quick_insert(
|
|
"user",
|
|
{
|
|
"email" => param("email"),
|
|
"password" => $hash,
|
|
"salt" => $salt,
|
|
"conftoken" => $conftoken,
|
|
},
|
|
);
|
|
|
|
# Send email
|
|
my $email = template 'email/registration' => {
|
|
"link" => config->{"mail"}->{"baseurl"} . "/confirm_new?e=" . uri_escape(param "email") . "&t=$conftoken",
|
|
},
|
|
{
|
|
"layout" => undef,
|
|
};
|
|
send_email(param("email"), $email);
|
|
|
|
template 'login' => {
|
|
account_created => 1,
|
|
};
|
|
};
|
|
|
|
post '/login' => sub {
|
|
my %errs;
|
|
|
|
my $user = database->quick_select(
|
|
"user",
|
|
{
|
|
"email" => param("email"),
|
|
},
|
|
);
|
|
|
|
if (!$user) {
|
|
$errs{"e_no_user"} = 1;
|
|
}
|
|
|
|
if (scalar(keys(%errs)) == 0) {
|
|
my ($hash, $salt) = hash_password(param("password"), $user->{"salt"});
|
|
$errs{"e_pass"} = 1 unless $hash eq $user->{"password"};
|
|
}
|
|
|
|
if (scalar(keys(%errs)) == 0) {
|
|
$errs{"e_not_confirmed"} = 1 unless $user->{"active"};
|
|
}
|
|
|
|
if (scalar(keys(%errs)) != 0) {
|
|
return template 'login' => {
|
|
error => 1,
|
|
%errs,
|
|
};
|
|
}
|
|
|
|
# checks finished, we can create a session now
|
|
|
|
my $token = randstring(32);
|
|
|
|
database->quick_insert(
|
|
"session",
|
|
{
|
|
"token" => $token,
|
|
"uid" => $user->{"id"},
|
|
"since" => time,
|
|
},
|
|
);
|
|
|
|
cookie id => $user->{"id"}, http_only => 1;
|
|
cookie token => $token, http_only => 1;
|
|
|
|
template 'redir' => {
|
|
"redir" => "domains",
|
|
};
|
|
};
|
|
|
|
get '/confirm_new' => sub {
|
|
my $user = database->quick_select(
|
|
"user",
|
|
{
|
|
"email" => param("e"),
|
|
"conftoken" => param("t"),
|
|
},
|
|
);
|
|
|
|
if (!$user) {
|
|
return "No such user/token!";
|
|
}
|
|
|
|
database->quick_update(
|
|
"user",
|
|
{
|
|
"id" => $user->{"id"},
|
|
},
|
|
{
|
|
"active" => 1,
|
|
},
|
|
);
|
|
|
|
template 'confirmed';
|
|
};
|
|
|
|
post '/logout' => sub {
|
|
cookie 'id' => undef;
|
|
cookie 'token' => undef;
|
|
template 'redir' => {
|
|
"redir" => "index",
|
|
};
|
|
};
|
|
|
|
true;
|