Merge pull request 'Add email service and settings' (#154) from feature/email_service into master

Reviewed-on: #154 Reviewed-by: galfert <garret.alfert@gmail.com>
2024-01-22 09:01:18 +00:00
parent 21e51a7c40 1e9ec9bb76
commit 84220beb1c
24 changed files with 500 additions and 35 deletions
--- a/app/controllers/services/email_controller.rb
+++ b/app/controllers/services/email_controller.rb
@@ -0,0 +1,34 @@
+class Services::EmailController < Services::BaseController
+  before_action :authenticate_user!
+  before_action :require_service_available
+  before_action :require_feature_enabled
+
+  def show
+    ldap_entry = current_user.ldap_entry
+
+    @service_enabled = ldap_entry[:email_password].present?
+    @maildrop = ldap_entry[:email_maildrop]
+    @email_forwarding_active = @maildrop.present? &&
+                               @maildrop.split("@").first != current_user.cn
+  end
+
+  def new_password
+    if session[:new_email_password].present?
+      @new_password = session.delete(:new_email_password)
+    else
+      redirect_to setting_path(:email)
+    end
+  end
+
+  private
+
+    def require_service_available
+      http_status :not_found unless Setting.email_enabled?
+    end
+
+    def require_feature_enabled
+      unless Flipper.enabled?(:email, current_user)
+        http_status :forbidden
+      end
+    end
+end
--- a/app/controllers/services/remotestorage_controller.rb
+++ b/app/controllers/services/remotestorage_controller.rb
@@ -1,7 +1,7 @@
 class Services::RemotestorageController < Services::BaseController
  before_action :authenticate_user!
-  before_action :require_feature_enabled
  before_action :require_service_available
+  before_action :require_feature_enabled

  # Dashboard
  def show
@@ -14,13 +14,13 @@ class Services::RemotestorageController < Services::BaseController

  private

+    def require_service_available
+      http_status :not_found unless Setting.remotestorage_enabled?
+    end
+
    def require_feature_enabled
      unless Flipper.enabled?(:remotestorage, current_user)
        http_status :forbidden
      end
    end
-
-    def require_service_available
-      http_status :not_found unless Setting.remotestorage_enabled?
-    end
 end
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -1,10 +1,11 @@
-require 'securerandom'
+require "securerandom"
+require "bcrypt"

 class SettingsController < ApplicationController
  before_action :authenticate_user!
  before_action :set_main_nav_section
-  before_action :set_settings_section, only: [:show, :update, :update_email]
-  before_action :set_user, only: [:show, :update, :update_email]
+  before_action :set_settings_section, only: [:show, :update, :update_email, :reset_email_password]
+  before_action :set_user, only: [:show, :update, :update_email, :reset_email_password]

  def index
    redirect_to setting_path(:profile)
@@ -40,7 +41,7 @@ class SettingsController < ApplicationController
  end

  def update_email
-    if @user.valid_ldap_authentication?(email_params[:current_password])
+    if @user.valid_ldap_authentication?(security_params[:current_password])
      if @user.update email: email_params[:email]
        redirect_to setting_path(:account), flash: {
          notice: 'Please confirm your new address using the confirmation link we just sent you.'
@@ -56,6 +57,28 @@ class SettingsController < ApplicationController
    end
  end

+  def reset_email_password
+    @user.current_password = security_params[:current_password]
+
+    if @user.valid_ldap_authentication?(@user.current_password)
+      @user.current_password = nil
+      session[:new_email_password] = generate_email_password
+      hashed_password = hash_email_password(session[:new_email_password])
+      LdapManager::UpdateEmailPassword.call(@user.dn, hashed_password)
+
+      if @user.ldap_entry[:email_maildrop] != @user.address
+        LdapManager::UpdateEmailMaildrop.call(@user.dn, @user.address)
+      end
+
+      redirect_to new_password_services_email_path
+    else
+      @validation_errors = {
+        current_password: [ "Wrong password. Try again!" ]
+      }
+      render :show, status: :forbidden
+    end
+  end
+
  def reset_password
    current_user.send_reset_password_instructions
    sign_out current_user
@@ -111,7 +134,8 @@ class SettingsController < ApplicationController
    def set_settings_section
      @settings_section = params[:section]
      allowed_sections = [
-        :profile, :account, :lightning, :remotestorage, :xmpp, :experiments
+        :profile, :account, :xmpp, :email, :lightning, :remotestorage,
+        :experiments
      ]

      unless allowed_sections.include?(@settings_section.to_sym)
@@ -132,7 +156,11 @@ class SettingsController < ApplicationController
    end

    def email_params
-      params.require(:user).permit(:email, :current_password)
+      params.require(:user).permit(:email)
+    end
+
+    def security_params
+      params.require(:user).permit(:current_password)
    end

    def nostr_event_params
@@ -140,4 +168,14 @@ class SettingsController < ApplicationController
        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
      ])
    end
+
+    def generate_email_password
+      characters = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
+      SecureRandom.random_bytes(16).each_byte.map { |b| characters[b % characters.length] }.join
+    end
+
+    def hash_email_password(password)
+      salt = BCrypt::Engine.generate_salt
+      BCrypt::Engine.hash_secret(password, salt)
+    end
 end