forked from External/ergo
Add email-based password reset (#1779)
* Add email-based password reset Fixes #734 * rename SETPASS to RESETPASS * review fixes * abuse mitigations * SENDPASS and RESETPASS should both touch the client login throttle * Produce a logline and a sno on SENDPASS (since it actually sends an email) * don't re-retrieve the settings value * add email confirmation for NS SET EMAIL * smtp: if require-tls is disabled, don't validate server cert * review fixes * remove cooldown for NS SET EMAIL If you accidentally set the wrong address, the cooldown would prevent you from fixing your mistake. Since we touch the registration throttle anyway, this shouldn't present more of an abuse concern than registration itself.
This commit is contained in:
Shivaram Lingamneni
GitHub
parent
0baaf0b711
commit
8b2f6de3e0
8 changed files with 525 additions and 58 deletions
|
|
@ -24,7 +24,7 @@ const (
|
|||
// 'version' of the database schema
|
||||
keySchemaVersion = "db.version"
|
||||
// latest schema of the db
|
||||
latestDbSchema = 20
|
||||
latestDbSchema = 21
|
||||
|
||||
keyCloakSecret = "crypto.cloak_secret"
|
||||
)
|
||||
|
|
@ -1008,6 +1008,57 @@ func schemaChangeV19To20(config *Config, tx *buntdb.Tx) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// #734: move the email address into the settings object,
|
||||
// giving people a way to change it
|
||||
func schemaChangeV20To21(config *Config, tx *buntdb.Tx) error {
|
||||
type accountSettingsv21 struct {
|
||||
AutoreplayLines *int
|
||||
NickEnforcement NickEnforcementMethod
|
||||
AllowBouncer MulticlientAllowedSetting
|
||||
ReplayJoins ReplayJoinsSetting
|
||||
AlwaysOn PersistentStatus
|
||||
AutoreplayMissed bool
|
||||
DMHistory HistoryStatus
|
||||
AutoAway PersistentStatus
|
||||
Email string
|
||||
}
|
||||
var accounts []string
|
||||
var emails []string
|
||||
callbackPrefix := "account.callback "
|
||||
tx.AscendGreaterOrEqual("", callbackPrefix, func(key, value string) bool {
|
||||
if !strings.HasPrefix(key, callbackPrefix) {
|
||||
return false
|
||||
}
|
||||
account := strings.TrimPrefix(key, callbackPrefix)
|
||||
if _, err := tx.Get("account.verified " + account); err != nil {
|
||||
return true
|
||||
}
|
||||
if strings.HasPrefix(value, "mailto:") {
|
||||
accounts = append(accounts, account)
|
||||
emails = append(emails, strings.TrimPrefix(value, "mailto:"))
|
||||
}
|
||||
return true
|
||||
})
|
||||
for i, account := range accounts {
|
||||
var settings accountSettingsv21
|
||||
email := emails[i]
|
||||
settingsKey := "account.settings " + account
|
||||
settingsStr, err := tx.Get(settingsKey)
|
||||
if err == nil && settingsStr != "" {
|
||||
json.Unmarshal([]byte(settingsStr), &settings)
|
||||
}
|
||||
settings.Email = email
|
||||
settingsBytes, err := json.Marshal(settings)
|
||||
if err != nil {
|
||||
log.Printf("couldn't marshal settings for %s: %v\n", account, err)
|
||||
} else {
|
||||
tx.Set(settingsKey, string(settingsBytes), nil)
|
||||
}
|
||||
tx.Delete(callbackPrefix + account)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func getSchemaChange(initialVersion int) (result SchemaChange, ok bool) {
|
||||
for _, change := range allChanges {
|
||||
if initialVersion == change.InitialVersion {
|
||||
|
|
@ -1113,4 +1164,9 @@ var allChanges = []SchemaChange{
|
|||
TargetVersion: 20,
|
||||
Changer: schemaChangeV19To20,
|
||||
},
|
||||
{
|
||||
InitialVersion: 20,
|
||||
TargetVersion: 21,
|
||||
Changer: schemaChangeV20To21,
|
||||
},
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue