AuthTokenResult AuthService::processAuthToken(const std::string& token,
AbstractUserDatabase& users) const
{
AUTO_PTR<AbstractUserDatabase::Transaction> t(users.startTransaction());
std::string hash = tokenHashFunction()->compute(token, std::string());
User user = users.findWithAuthToken(hash);
if (user.isValid()) {
std::string newToken = WRandom::generateId(tokenLength_);
std::string newHash = tokenHashFunction()->compute(newToken, std::string());
int validity = user.updateAuthToken(hash, newHash);
if (validity < 0) {
/*
* Old API, this is bad since we always extend the lifetime of the
* token.
*/
user.removeAuthToken(hash);
newToken = createAuthToken(user);
validity = authTokenValidity_ * 60;
}
if (t.get()) t->commit();
return AuthTokenResult(AuthTokenResult::Valid, user, newToken, validity);
} else {
if (t.get()) t->commit();
return AuthTokenResult(AuthTokenResult::Invalid);
}
}
EmailTokenResult AuthService::processEmailToken(const std::string& token,
AbstractUserDatabase& users) const
{
std::auto_ptr<AbstractUserDatabase::Transaction> tr(users.startTransaction());
std::string hash = tokenHashFunction()->compute(token, std::string());
User user = users.findWithEmailToken(hash);
if (user.isValid()) {
Token t = user.emailToken();
if (t.expirationTime() < WDateTime::currentDateTime()) {
user.clearEmailToken();
if (tr.get())
tr->commit();
return EmailTokenResult::Expired;
}
switch (user.emailTokenRole()) {
case User::LostPassword:
user.clearEmailToken();
if (tr.get())
tr->commit();
return EmailTokenResult(EmailTokenResult::UpdatePassword, user);
case User::VerifyEmail:
user.clearEmailToken();
user.setEmail(user.unverifiedEmail());
user.setUnverifiedEmail(std::string());
if (tr.get())
tr->commit();
return EmailTokenResult(EmailTokenResult::EmailConfirmed, user);
default:
if (tr.get())
tr->commit();
return EmailTokenResult::Invalid; // Unreachable
}
} else {
if (tr.get())
tr->commit();
return EmailTokenResult::Invalid;
}
}
void AuthService::verifyEmailAddress(const User& user, const std::string& address)
const
{
user.setUnverifiedEmail(address);
std::string random = WRandom::generateId(tokenLength_);
std::string hash = tokenHashFunction()->compute(random, std::string());
Token t(hash,
WDateTime::currentDateTime().addSecs(emailTokenValidity_ * 60));
user.setEmailToken(t, User::VerifyEmail);
sendConfirmMail(address, user, random);
}
std::string AuthService::createAuthToken(const User& user) const
{
if (!user.isValid())
throw WException("Auth: createAuthToken(): user invalid");
std::auto_ptr<AbstractUserDatabase::Transaction>
t(user.database()->startTransaction());
std::string random = WRandom::generateId(tokenLength_);
std::string hash = tokenHashFunction()->compute(random, std::string());
Token token
(hash, WDateTime::currentDateTime().addSecs(authTokenValidity_ * 60));
user.addAuthToken(token);
if (t.get()) t->commit();
return random;
}
AuthTokenResult AuthService::processAuthToken(const std::string& token,
AbstractUserDatabase& users) const
{
std::auto_ptr<AbstractUserDatabase::Transaction> t(users.startTransaction());
std::string hash = tokenHashFunction()->compute(token, std::string());
User user = users.findWithAuthToken(hash);
if (user.isValid()) {
user.removeAuthToken(hash);
std::string newToken = createAuthToken(user);
if (t.get()) t->commit();
return AuthTokenResult(AuthTokenResult::Valid, user, newToken);
} else
return AuthTokenResult(AuthTokenResult::Invalid);
}
void AuthService::lostPassword(const std::string& emailAddress,
AbstractUserDatabase& users) const
{
/*
* This will check that a user exists in the database, and if so,
* send an email.
*/
User user = users.findWithEmail(emailAddress);
if (user.isValid()) {
std::string random = WRandom::generateId(randomTokenLength());
std::string hash = tokenHashFunction()->compute(random, std::string());
WDateTime expires = WDateTime::currentDateTime();
expires = expires.addSecs(emailTokenValidity() * 60);
Token t(hash, expires);
user.setEmailToken(t, User::LostPassword);
sendLostPasswordMail(emailAddress, user, random);
}
}
