Require email confirmation when changing email address

This ensures that the email address linked to a user is always valid and actually belong(s|ed) to that user.
author: Yorhel <git@yorhel.nl> 2019-10-03 17:33:33 +0200
committer: Yorhel <git@yorhel.nl> 2019-10-03 17:33:35 +0200
commit: 3f7769d2ba4047e8766e511b7a42c7aa4721f6f8 (patch)
tree: fb3263931645793e280f30e1bce0271281b496b6 /lib/VNWeb/Auth.pm
parent: 0965af5fd74cf53503bb7ae0262d31c25f894385 (diff)
1 files changed, 11 insertions, 7 deletions
diff --git a/lib/VNWeb/Auth.pm b/lib/VNWeb/Auth.pm
index 0b43074a..7143f203 100644
--- a/lib/VNWeb/Auth.pm
+++ b/lib/VNWeb/Auth.pm
@@ -238,13 +238,17 @@ sub setpass {
 }
 
 
-# Change a users' password, requires that the current logged in user is an admin.
-sub admin_setpass {
-    my($self, $uid, $pass) = @_;
-    my $encpass = $self->_preparepass($pass);
-    tuwf->dbVali(select =>
-        sql_func user_admin_setpass => \$uid, \$self->{uid}, sql_fromhex($self->{token}), sql_fromhex($encpass)
-    )
+sub setmail_token {
+    my($self, $mail) = @_;
+    my $token = unpack 'H*', urandom(20);
+    tuwf->dbExeci(select => sql_func user_setmail_token => \$self->uid, sql_fromhex($self->token), sql_fromhex(sha1_hex lc $token), \$mail);
+    $token;
+}
+
+
+sub setmail_confirm {
+    my(undef, $uid, $token) = @_;
+    tuwf->dbVali(select => sql_func user_setmail_confirm => \$uid, sql_fromhex sha1_hex lc $token);
 }
author	Yorhel <git@yorhel.nl>	2019-10-03 17:33:33 +0200
committer	Yorhel <git@yorhel.nl>	2019-10-03 17:33:35 +0200
commit	3f7769d2ba4047e8766e511b7a42c7aa4721f6f8 (patch)
tree	fb3263931645793e280f30e1bce0271281b496b6 /lib/VNWeb/Auth.pm
parent	0965af5fd74cf53503bb7ae0262d31c25f894385 (diff)