Ejemplo n.º 1
0
AuthTokenResult AuthService::processAuthToken(const std::string& token,
        AbstractUserDatabase& users) const
{
    AUTO_PTR<AbstractUserDatabase::Transaction> t(users.startTransaction());

    std::string hash = tokenHashFunction()->compute(token, std::string());

    User user = users.findWithAuthToken(hash);

    if (user.isValid()) {
        std::string newToken = WRandom::generateId(tokenLength_);
        std::string newHash = tokenHashFunction()->compute(newToken, std::string());
        int validity = user.updateAuthToken(hash, newHash);

        if (validity < 0) {
            /*
             * Old API, this is bad since we always extend the lifetime of the
             * token.
             */
            user.removeAuthToken(hash);
            newToken = createAuthToken(user);
            validity = authTokenValidity_ * 60;
        }

        if (t.get()) t->commit();

        return AuthTokenResult(AuthTokenResult::Valid, user, newToken, validity);
    } else {
        if (t.get()) t->commit();

        return AuthTokenResult(AuthTokenResult::Invalid);
    }
}
Ejemplo n.º 2
0
EmailTokenResult AuthService::processEmailToken(const std::string& token,
					     AbstractUserDatabase& users) const
{
  std::auto_ptr<AbstractUserDatabase::Transaction> tr(users.startTransaction());

  std::string hash = tokenHashFunction()->compute(token, std::string());

  User user = users.findWithEmailToken(hash);

  if (user.isValid()) {
    Token t = user.emailToken();

    if (t.expirationTime() < WDateTime::currentDateTime()) {
      user.clearEmailToken();

      if (tr.get())
	tr->commit();

      return EmailTokenResult::Expired;
    }

    switch (user.emailTokenRole()) {
    case User::LostPassword:
      user.clearEmailToken();

      if (tr.get())
	tr->commit();

      return EmailTokenResult(EmailTokenResult::UpdatePassword, user);

    case User::VerifyEmail:
      user.clearEmailToken();
      user.setEmail(user.unverifiedEmail());
      user.setUnverifiedEmail(std::string());

      if (tr.get())
	tr->commit();

      return EmailTokenResult(EmailTokenResult::EmailConfirmed, user);

    default:
      if (tr.get())
	tr->commit();

      return EmailTokenResult::Invalid; // Unreachable
    }
  } else {
    if (tr.get())
      tr->commit();

    return EmailTokenResult::Invalid;
  }
}
Ejemplo n.º 3
0
void AuthService::verifyEmailAddress(const User& user, const std::string& address)
  const
{
  user.setUnverifiedEmail(address);

  std::string random = WRandom::generateId(tokenLength_);
  std::string hash = tokenHashFunction()->compute(random, std::string());

  Token t(hash,
	  WDateTime::currentDateTime().addSecs(emailTokenValidity_ * 60));
  user.setEmailToken(t, User::VerifyEmail);
  sendConfirmMail(address, user, random);
}
Ejemplo n.º 4
0
std::string AuthService::createAuthToken(const User& user) const
{
  if (!user.isValid())
    throw WException("Auth: createAuthToken(): user invalid");

  std::auto_ptr<AbstractUserDatabase::Transaction>
    t(user.database()->startTransaction());

  std::string random = WRandom::generateId(tokenLength_);
  std::string hash = tokenHashFunction()->compute(random, std::string());

  Token token
    (hash, WDateTime::currentDateTime().addSecs(authTokenValidity_ * 60));
  user.addAuthToken(token);

  if (t.get()) t->commit();

  return random;
}
Ejemplo n.º 5
0
AuthTokenResult AuthService::processAuthToken(const std::string& token,
					   AbstractUserDatabase& users) const
{
  std::auto_ptr<AbstractUserDatabase::Transaction> t(users.startTransaction());

  std::string hash = tokenHashFunction()->compute(token, std::string());

  User user = users.findWithAuthToken(hash);

  if (user.isValid()) {
    user.removeAuthToken(hash);

    std::string newToken = createAuthToken(user);

    if (t.get()) t->commit();

    return AuthTokenResult(AuthTokenResult::Valid, user, newToken);
  } else
    return AuthTokenResult(AuthTokenResult::Invalid);
}
Ejemplo n.º 6
0
void AuthService::lostPassword(const std::string& emailAddress,
				   AbstractUserDatabase& users) const
{
  /*
   * This will check that a user exists in the database, and if so,
   * send an email.
   */
  User user = users.findWithEmail(emailAddress);

  if (user.isValid()) {
    std::string random = WRandom::generateId(randomTokenLength());
    std::string hash = tokenHashFunction()->compute(random, std::string());

    WDateTime expires = WDateTime::currentDateTime();
    expires = expires.addSecs(emailTokenValidity() * 60);

    Token t(hash, expires);
    user.setEmailToken(t, User::LostPassword);
    sendLostPasswordMail(emailAddress, user, random);
  }
}