Send confirmation emails upon registration

config.yml

@@ -14,7 +14,6 @@ plugins:
   Database:
     driver: 'SQLite'
     dbname: 'db.sqlite'
-    log_queries: 1
 
 tld: 'cyb'
 
@@ -33,3 +32,9 @@ zonewriter:
     # in the zone, which allows you to define some records manually
     enabled: true
     file: 'human_cyb'
+
+mail:
+  enabled: true
+  # Currently, the local MTA is used and there's no config option
+  from: 'cybnic@uptime.party'
+  baseurl: 'http://opennic.cyb'

cpanfile

@@ -11,6 +11,10 @@ requires "HTML::Entities" => "0";
 requires "Digest::Bcrypt" => "0";
 requires "Math::Random::Secure" => "0";
 requires "Switch" => "0";
+requires "Email::Simple" => "0";
+requires "Email::Simple::Creator" => "0";
+requires "Email::Sender::Simple" => "0";
+requires "URI::Escape" => "0";
 
 requires "Plack::Middleware::Deflater" => "0";
 requires "Plack::Middleware::Session" => "0";

lib/cyberman/Auth.pm

@@ -2,6 +2,7 @@ package cyberman::Auth;
 
 use Dancer2 appname => "cyberman";
 use Dancer2::Plugin::Database;
+use URI::Escape;
 
 use cyberman::Helper;
 
@@ -46,6 +47,7 @@ post '/register' => sub {
   }
 
   my ($hash, $salt) = hash_password(param("password"));
+  my $conftoken = randstring(16);
 
   # Create the account in the database
   database->quick_insert(
@@ -54,10 +56,18 @@ post '/register' => sub {
       "email" => param("email"),
       "password" => $hash,
       "salt" => $salt,
+      "conftoken" => $conftoken,
     },
   );
 
-  # TODO: send confirmation email
+  # Send email
+  my $email = template 'email/registration' => {
+    "link" => config->{"mail"}->{"baseurl"} . "/confirm_new?e=" . uri_escape(param "email") . "&t=$conftoken",
+  },
+  {
+    "layout" => undef,
+  };
+  send_email(param("email"), $email);
 
   template 'login' => {
     account_created => 1,
@@ -115,6 +125,32 @@ post '/login' => sub {
   };
 };
 
+get '/confirm_new' => sub {
+  my $user = database->quick_select(
+    "user",
+    {
+      "email" => param("e"),
+      "conftoken" => param("t"),
+    },
+  );
+
+  if (!$user) {
+    return "No such user/token!";
+  }
+
+  database->quick_update(
+    "user",
+    {
+      "id" => $user->{"id"},
+    },
+    {
+      "active" => 1,
+    },
+  );
+
+  template 'confirmed';
+};
+
 post '/logout' => sub {
   cookie 'id' => undef;
   cookie 'token' => undef;

lib/cyberman/Helper.pm

@@ -4,10 +4,13 @@ use Dancer2 appname => "cyberman";
 
 use Math::Random::Secure qw(irand);
 use Digest::Bcrypt;
+use Email::Sender::Simple qw(sendmail);
+use Email::Simple;
+use Email::Simple::Creator;
 
 use Exporter qw(import);
 
-our @EXPORT = qw(auth_test randstring hash_password check_name);
+our @EXPORT = qw(auth_test randstring hash_password check_name send_email);
 
 # Helper functions
 
@@ -69,4 +72,23 @@ sub check_name {
   }
 }
 
+sub send_email {
+  my $addy = shift;
+  my $body = shift;
+
+  # TODO: this function is quick and dirty to get this
+  # online - it needs to be rewritten so it doesn't block the thread!!
+
+  my $email = Email::Simple->create(
+    header => [
+      To => $addy,
+      From => config->{"mail"}->{"from"},
+      Subject => "Confirm your email address",
+    ],
+    body => $body,
+  );
+
+  sendmail($email) if config->{"mail"}->{"enabled"};
+}
+
 1;

schema.sql

@@ -4,7 +4,8 @@ create table user (
   email text not null,
   password text not null,
   salt text not null,
-  active integer not null default 0
+  active integer not null default 0,
+  conftoken text not null
 );
 
 drop table if exists session;

views/confirmed.tt

@@ -0,0 +1,9 @@
+<center>
+  <br />
+  <h1>Success</h1>
+  <br />
+</center>
+
+<div class="body">
+  Your email address was confirmed successfully.
+</div>

views/email/registration.tt

@@ -0,0 +1,8 @@
+Hello!
+
+You're receiving this email because someone used your email address to sign up for cybNIC.
+
+If this was you and you'd like to confirm your account, please click this link:
+<% link %>
+
+Otherwise, feel free to ignore this email - we won't send any more.