summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler/Users.pm
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2019-10-01 14:53:13 +0200
committerYorhel <git@yorhel.nl>2019-10-01 14:53:21 +0200
commit9f5d85706c04bda063dfb2a7c47bfaa8fca26eb4 (patch)
treefed6047fc225194eb62a59f828ff9fa7f277299b /lib/VNDB/Handler/Users.pm
parent0ee5f7e30f9ba10fdd870117d410c80f3e0a6c4a (diff)
v2rw: Convert registration, account activation and password reset
This is largely copy-paste from v3.
Diffstat (limited to 'lib/VNDB/Handler/Users.pm')
-rw-r--r--lib/VNDB/Handler/Users.pm220
1 files changed, 0 insertions, 220 deletions
diff --git a/lib/VNDB/Handler/Users.pm b/lib/VNDB/Handler/Users.pm
index 08c34245..171b6b4f 100644
--- a/lib/VNDB/Handler/Users.pm
+++ b/lib/VNDB/Handler/Users.pm
@@ -13,11 +13,6 @@ use PWLookup;
TUWF::register(
qr{u([1-9]\d*)} => \&userpage,
- qr{u/newpass} => \&newpass,
- qr{u/newpass/sent} => \&newpass_sent,
- qr{u([1-9]\d*)/setpass} => \&setpass,
- qr{u/register} => \&register,
- qr{u/register/done} => \&register_done,
qr{u([1-9]\d*)/edit} => \&edit,
qr{u([1-9]\d*)/posts} => \&posts,
qr{u([1-9]\d*)/del(/[od])?} => \&delete,
@@ -143,221 +138,6 @@ sub userpage {
}
-sub _check_throttle {
- my $self = shift;
- my $tm = $self->dbThrottleGet(norm_ip($self->reqIP));
- if($tm-time() > $self->{login_throttle}[1]) {
- $self->htmlHeader(title => 'Login');
- div class => 'mainbox';
- h1 'Login';
- div class => 'warning';
- h2 'Maximum failed login attempts reached.';
- p;
- txt 'Login has been temporarily disabled for your IP address. You can wait a few hours and try again,'
- .' or you can try from a different IP address. If you forgot your password, you can still use the ';
- a href => '/u/newpass', 'password reset';
- txt ' functionality. If you still have trouble logging in, send a mail to ';
- a href => 'mailto:contact@vndb.org', 'contact@vndb.org';
- txt '.';
- end;
- end;
- end 'div';
- $self->htmlFooter;
- return undef;
- }
- $tm
-}
-
-
-sub newpass {
- my $self = shift;
-
- return $self->resRedirect('/', 'temp') if $self->authInfo->{id};
-
- my($frm, $uid, $token);
- if($self->reqMethod eq 'POST') {
- return if !$self->authCheckCode;
- $frm = $self->formValidate({ post => 'mail', template => 'email' });
- if(!$frm->{_err}) {
- ($uid, $token) = $self->authResetPass($frm->{mail});
- $frm->{_err} = [ 'No user found with that email address' ] if !$uid;
- }
- if(!$frm->{_err}) {
- my $u = $self->dbUserGet(uid => $uid)->[0];
- my $body = sprintf
- "Hello %s,\n\nYour VNDB.org login has been disabled, you can now set a new password by following the link below:\n\n"
- ."%s\n\nNow don't forget your password again! :-)\n\nvndb.org",
- $u->{username}, $self->reqBaseURI()."/u$u->{id}/setpass?t=$token";
- $self->mail($body,
- To => $frm->{mail},
- From => 'VNDB <noreply@vndb.org>',
- Subject => "Password reset for $u->{username}",
- );
- return $self->resRedirect('/u/newpass/sent', 'post');
- }
- }
-
- $self->htmlHeader(title => 'Forgot password', noindex => 1);
- div class => 'mainbox';
- h1 'Forgot password';
- p 'Forgot your password and can\'t login to VNDB anymore?'
- .' Don\'t worry! Just give us the email address you used to register on VNDB,'
- .' and we\'ll send you instructions to set a new password within a few minutes!';
- end;
- $self->htmlForm({ frm => $frm, action => '/u/newpass' }, newpass => [ 'Reset password',
- [ input => short => 'mail', name => 'Email' ],
- ]);
- $self->htmlFooter;
-}
-
-
-sub newpass_sent {
- my $self = shift;
- return $self->resRedirect('/', 'temp') if $self->authInfo->{id};
- $self->htmlHeader(title => 'New password', noindex => 1);
- div class => 'mainbox';
- h1 'New password';
- div class => 'notice';
- p 'Your password has been reset and instructions to set a new one should reach your mailbox in a few minutes.';
- end;
- end;
- $self->htmlFooter;
-}
-
-
-# /u+/setpass had two modes: With a token (?t=xxx), to set the password after a
-# 'register' or 'newpass', or without a token, after the user tried to log in
-# with a weak password (that mode has been moved into v2rw).
-sub setpass {
- my($self, $uid) = @_;
- return $self->resRedirect('/', 'temp') if $self->authInfo->{id};
-
- my $t = $self->formValidate({param => 't', required => 0, regex => qr/^[a-f0-9]{40}$/i });
- return $self->resNotFound if $t->{_err};
- $t = $t->{t};
-
- my $u = $self->dbUserGet(uid => $uid)->[0];
- return $self->resNotFound if !$u || ($t && !$self->authIsValidToken($u->{id}, $t));
-
- my $tm = !$t && _check_throttle($self);
- return if !$t && !defined $tm;
-
- my $frm;
- if($self->reqMethod eq 'POST') {
- return if !$self->authCheckCode("/u$u->{id}/setpass");
- $frm = $self->formValidate(
- $t ? () : (
- { post => 'curpass', minlength => 4, maxlength => 500 },
- ),
- { post => 'usrpass', minlength => 4, maxlength => 500 },
- { post => 'usrpass2', minlength => 4, maxlength => 500 },
- );
- push @{$frm->{_err}}, 'Passwords do not match' if $frm->{usrpass} ne $frm->{usrpass2};
- push @{$frm->{_err}}, 'Your chosen password is in a database of leaked passwords, please choose another one.'
- if $self->{password_db} && PWLookup::lookup($self->{password_db}, $frm->{usrpass});
-
- if(!$frm->{_err}) {
- $self->dbUserEdit($uid, email_confirmed => 1);
- return if $self->authSetPass($uid, $frm->{usrpass}, "/u$uid", $t ? (token => $t) : (pass => $frm->{curpass}));
- $self->dbThrottleSet(norm_ip($self->reqIP), $tm+$self->{login_throttle}[0]);
- push @{$frm->{_err}}, 'Invalid password';
- }
- }
-
- $self->htmlHeader(title => "Set password for $u->{username}", noindex => 1);
- $self->htmlForm({ frm => $frm, action => "/u$u->{id}/setpass" }, setpass => [ "Set password for $u->{username}",
- [ hidden => short => 't', value => $t||'' ],
- $t ? (
- [ static => nolabel => 1, content => 'Now you can set a password for your account.'
- .' You will be logged in automatically after your password has been saved.' ],
- ) : (
- [ static => nolabel => 1, content => "Your current password is in a database of leaked passwords, please change your password to continue.<br><br>" ],
- [ passwd => short => 'curpass', name => 'Current password' ],
- ),
- [ passwd => short => 'usrpass', name => 'Password' ],
- [ passwd => short => 'usrpass2', name => 'Confirm password' ],
- ]);
- $self->htmlFooter;
-}
-
-
-sub register {
- my $self = shift;
- return $self->resRedirect('/', 'temp') if $self->authInfo->{id};
-
- my $frm;
- if($self->reqMethod eq 'POST') {
- return if !$self->authCheckCode;
- $frm = $self->formValidate(
- { post => 'usrname', template => 'uname' },
- { post => 'mail', template => 'email' },
- { post => 'type', enum => [1..3] },
- { post => 'answer', template => 'uint' },
- );
- my $num = $self->{stats}{[qw|vn releases producers|]->[ $frm->{type} - 1 ]};
- push @{$frm->{_err}}, 'Question was not correctly answered. Are you sure you are a human?'
- if !$frm->{_err} && ($frm->{answer} > $num*1.005 || $frm->{answer} < $num*0.995);
- push @{$frm->{_err}}, 'Someone already has this username, please choose another name'
- if $frm->{usrname} eq 'anonymous' || !$frm->{_err} && $self->dbUserGet(username => $frm->{usrname})->[0]{id};
- push @{$frm->{_err}}, 'Someone already registered with that email address'
- if !$frm->{_err} && $self->dbUserEmailExists($frm->{mail});
-
- # Use /32 match for IPv4 and /48 for IPv6. The /48 is fairly broad, so some
- # users may have to wait a bit before they can register...
- my $ip = $self->reqIP;
- push @{$frm->{_err}}, 'You can only register one account from the same IP within 24 hours'
- if !$frm->{_err} && $self->dbUserGet(ip => $ip =~ /:/ ? "$ip/48" : $ip, registered => time-24*3600)->[0]{id};
-
- if(!$frm->{_err}) {
- my $uid = $self->dbUserAdd($frm->{usrname}, $frm->{mail});
- my(undef, $token) = $self->authResetPass($frm->{mail});
- my $body = sprintf "Hello %s,\n\n"
- ."Someone has registered an account on VNDB.org with your email address. To confirm your registration, follow the link below.\n\n"
- ."%s\n\n"
- ."If you don't remember creating an account on VNDB.org recently, please ignore this e-mail.\n\n"
- ."vndb.org",
- $frm->{usrname}, $self->reqBaseURI()."/u$uid/setpass?t=$token";
- $self->mail($body,
- To => $frm->{mail},
- From => 'VNDB <noreply@vndb.org>',
- Subject => "Confirm registration for $frm->{usrname}",
- );
- return $self->resRedirect('/u/register/done', 'post');
- }
- }
-
- $self->htmlHeader(title => 'Create an account', noindex => 1);
-
- my $type = $frm->{type} || floor(rand 3)+1;
- $self->htmlForm({ frm => $frm, action => '/u/register' }, register => [ 'Create an account',
- [ hidden => short => 'type', value => $type ],
- [ input => short => 'usrname', name => 'Username' ],
- [ static => content => 'Preferred username. Must be lowercase and can only consist of alphanumeric characters.' ],
- [ input => short => 'mail', name => 'Email' ],
- [ static => content => 'Your email address will only be used in case you lose your password.'
- .' We will never send spam or newsletters unless you explicitly ask us for it or we get hacked.<br /><br />' ],
- [ static => content => sprintf '<br /><br />How many %s do we have in the database? (Hint: look to your left)',
- ['visual novels', 'releases', 'producers']->[$type-1] ],
- [ input => short => 'answer', name => 'Answer' ],
- ]);
- $self->htmlFooter;
-}
-
-
-sub register_done {
- my $self = shift;
- return $self->resRedirect('/', 'temp') if $self->authInfo->{id};
- $self->htmlHeader(title => 'Account created', noindex => 1);
- div class => 'mainbox';
- h1 'Account created';
- div class => 'notice';
- p 'Your account has been created! In a few minutes, you should receive an email with instructions to set your password.';
- end;
- end;
- $self->htmlFooter;
-}
-
-
sub edit {
my($self, $uid) = @_;