Add email service and settings

This commit is contained in:
2023-12-23 12:26:34 +01:00
parent aab6793b86
commit 958d18d61a
24 changed files with 506 additions and 35 deletions
+44 -6
View File
@@ -1,10 +1,11 @@
require 'securerandom'
require "securerandom"
require "bcrypt"
class SettingsController < ApplicationController
before_action :authenticate_user!
before_action :set_main_nav_section
before_action :set_settings_section, only: [:show, :update, :update_email]
before_action :set_user, only: [:show, :update, :update_email]
before_action :set_settings_section, only: [:show, :update, :update_email, :reset_email_password]
before_action :set_user, only: [:show, :update, :update_email, :reset_email_password]
def index
redirect_to setting_path(:profile)
@@ -40,7 +41,7 @@ class SettingsController < ApplicationController
end
def update_email
if @user.valid_ldap_authentication?(email_params[:current_password])
if @user.valid_ldap_authentication?(security_params[:current_password])
if @user.update email: email_params[:email]
redirect_to setting_path(:account), flash: {
notice: 'Please confirm your new address using the confirmation link we just sent you.'
@@ -56,6 +57,28 @@ class SettingsController < ApplicationController
end
end
def reset_email_password
@user.current_password = security_params[:current_password]
if @user.valid_ldap_authentication?(@user.current_password)
@user.current_password = nil
session[:new_email_password] = generate_email_password
hashed_password = hash_email_password(session[:new_email_password])
LdapManager::UpdateEmailPassword.call(@user.dn, hashed_password)
if @user.ldap_entry[:email_maildrop] != @user.address
LdapManager::UpdateEmailMaildrop.call(@user.dn, @user.address)
end
redirect_to new_password_services_email_path
else
@validation_errors = {
current_password: [ "Wrong password. Try again!" ]
}
render :show, status: :forbidden
end
end
def reset_password
current_user.send_reset_password_instructions
sign_out current_user
@@ -111,7 +134,8 @@ class SettingsController < ApplicationController
def set_settings_section
@settings_section = params[:section]
allowed_sections = [
:profile, :account, :lightning, :remotestorage, :xmpp, :experiments
:profile, :account, :xmpp, :email, :lightning, :remotestorage,
:experiments
]
unless allowed_sections.include?(@settings_section.to_sym)
@@ -132,7 +156,11 @@ class SettingsController < ApplicationController
end
def email_params
params.require(:user).permit(:email, :current_password)
params.require(:user).permit(:email)
end
def security_params
params.require(:user).permit(:current_password)
end
def nostr_event_params
@@ -140,4 +168,14 @@ class SettingsController < ApplicationController
:id, :pubkey, :created_at, :kind, :tags, :content, :sig
])
end
def generate_email_password
characters = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
SecureRandom.random_bytes(16).each_byte.map { |b| characters[b % characters.length] }.join
end
def hash_email_password(password)
salt = BCrypt::Engine.generate_salt
BCrypt::Engine.hash_secret(password, salt)
end
end