Send confirmation emails for account updates

2017-08-13 19:58:22 +01:00 · 2017-08-13 19:58:22 +01:00 · c247218613
parent 8f5937baa5
commit c247218613
5 changed files with 64 additions and 5 deletions
--- a/dbupdate/1.sql
+++ b/dbupdate/1.sql
@ -0,0 +1,7 @@
+create table cyberman (
+  id integer primary key,
+  dbrev integer not null
+);
+insert into cyberman (dbrev) values (2);
+
+alter table user add column newemail text;
--- a/lib/cyberman/Account.pm
+++ b/lib/cyberman/Account.pm
@ -1,6 +1,7 @@
 package cyberman::Account;
 use Dancer2 appname => "cyberman";
 use Dancer2::Plugin::Database;
+use URI::Escape;

 use cyberman::Helper;

@ -73,8 +74,7 @@ post '/account' => sub {
  }

  if (param("email") ne $user->{"email"}) {
-
-    # TODO: verify email address here
+    my $conftoken = randstring(16);

    database->quick_update (
      "user",
@ -82,9 +82,18 @@ post '/account' => sub {
        "id" => vars->{"auth"},
      },
      {
-        "email" => param "email",
+        "newemail" => param("email"),
+        "conftoken" => $conftoken,
      },
    );
+
+    my $email = template 'email/update' => {
+      "link" => config->{"mail"}->{"baseurl"} . "/confirm_update?o=" . uri_escape($user->{"email"}) . "&n=" . uri_escape(param "email") . "&t=$conftoken",
+    },
+    {
+      "layout" => undef,
+    };
+    send_email(param("email"), $email);
  }

  if ($new_pass) {
@ -125,4 +134,31 @@ post '/account' => sub {
  };
 };

+get '/confirm_update' => sub {
+  my $user = database->quick_select(
+    "user",
+    {
+      "email" => param("o"),
+      "newemail" => param("n"),
+      "conftoken" => param("t"),
+    },
+  );
+
+  if (!$user) {
+    return "No such user/token!";
+  }
+
+  database->quick_update(
+    "user",
+    {
+      "id" => $user->{"id"},
+    },
+    {
+      "email" => param("n"),
+    },
+  );
+
+  template 'confirmed';
+};
+
 true;
--- a/schema.sql
+++ b/schema.sql
@ -1,3 +1,10 @@
+drop table if exists cyberman;
+create table cyberman (
+  id integer primary key,
+  dbrev integer not null
+);
+insert into cyberman (dbrev) values (2);
+
 drop table if exists user;
 create table user (
  id integer primary key,
@ -5,7 +12,8 @@ create table user (
  password text not null,
  salt text not null,
  active integer not null default 0,
-  conftoken text not null
+  conftoken text not null,
+  newemail text
 );

 drop table if exists session;
--- a/views/account.tt
+++ b/views/account.tt
@ -4,7 +4,7 @@
  <br />
  <% IF updated %>
  <div class="msgBox">
-    Your account details were updated successfully.
+    Your account details were updated successfully. If you updated your email address, you need to click the link sent to you before the changes can be applied.
  </div>
  <br /><br />
  <% END %>
--- a/views/email/update.tt
+++ b/views/email/update.tt
@ -0,0 +1,8 @@
+Hello!
+
+You're receiving this email because someone entered your email address into cybNIC.
+
+If this was you and you'd like to use this address, please click this link:
+<% link %>
+
+Otherwise, feel free to ignore this email.