AuthTokenResult AuthService::processAuthToken(const std::string& token, AbstractUserDatabase& users) const { AUTO_PTR<AbstractUserDatabase::Transaction> t(users.startTransaction()); std::string hash = tokenHashFunction()->compute(token, std::string()); User user = users.findWithAuthToken(hash); if (user.isValid()) { std::string newToken = WRandom::generateId(tokenLength_); std::string newHash = tokenHashFunction()->compute(newToken, std::string()); int validity = user.updateAuthToken(hash, newHash); if (validity < 0) { /* * Old API, this is bad since we always extend the lifetime of the * token. */ user.removeAuthToken(hash); newToken = createAuthToken(user); validity = authTokenValidity_ * 60; } if (t.get()) t->commit(); return AuthTokenResult(AuthTokenResult::Valid, user, newToken, validity); } else { if (t.get()) t->commit(); return AuthTokenResult(AuthTokenResult::Invalid); } }
EmailTokenResult AuthService::processEmailToken(const std::string& token, AbstractUserDatabase& users) const { std::auto_ptr<AbstractUserDatabase::Transaction> tr(users.startTransaction()); std::string hash = tokenHashFunction()->compute(token, std::string()); User user = users.findWithEmailToken(hash); if (user.isValid()) { Token t = user.emailToken(); if (t.expirationTime() < WDateTime::currentDateTime()) { user.clearEmailToken(); if (tr.get()) tr->commit(); return EmailTokenResult::Expired; } switch (user.emailTokenRole()) { case User::LostPassword: user.clearEmailToken(); if (tr.get()) tr->commit(); return EmailTokenResult(EmailTokenResult::UpdatePassword, user); case User::VerifyEmail: user.clearEmailToken(); user.setEmail(user.unverifiedEmail()); user.setUnverifiedEmail(std::string()); if (tr.get()) tr->commit(); return EmailTokenResult(EmailTokenResult::EmailConfirmed, user); default: if (tr.get()) tr->commit(); return EmailTokenResult::Invalid; // Unreachable } } else { if (tr.get()) tr->commit(); return EmailTokenResult::Invalid; } }
void AuthService::verifyEmailAddress(const User& user, const std::string& address) const { user.setUnverifiedEmail(address); std::string random = WRandom::generateId(tokenLength_); std::string hash = tokenHashFunction()->compute(random, std::string()); Token t(hash, WDateTime::currentDateTime().addSecs(emailTokenValidity_ * 60)); user.setEmailToken(t, User::VerifyEmail); sendConfirmMail(address, user, random); }
std::string AuthService::createAuthToken(const User& user) const { if (!user.isValid()) throw WException("Auth: createAuthToken(): user invalid"); std::auto_ptr<AbstractUserDatabase::Transaction> t(user.database()->startTransaction()); std::string random = WRandom::generateId(tokenLength_); std::string hash = tokenHashFunction()->compute(random, std::string()); Token token (hash, WDateTime::currentDateTime().addSecs(authTokenValidity_ * 60)); user.addAuthToken(token); if (t.get()) t->commit(); return random; }
AuthTokenResult AuthService::processAuthToken(const std::string& token, AbstractUserDatabase& users) const { std::auto_ptr<AbstractUserDatabase::Transaction> t(users.startTransaction()); std::string hash = tokenHashFunction()->compute(token, std::string()); User user = users.findWithAuthToken(hash); if (user.isValid()) { user.removeAuthToken(hash); std::string newToken = createAuthToken(user); if (t.get()) t->commit(); return AuthTokenResult(AuthTokenResult::Valid, user, newToken); } else return AuthTokenResult(AuthTokenResult::Invalid); }
void AuthService::lostPassword(const std::string& emailAddress, AbstractUserDatabase& users) const { /* * This will check that a user exists in the database, and if so, * send an email. */ User user = users.findWithEmail(emailAddress); if (user.isValid()) { std::string random = WRandom::generateId(randomTokenLength()); std::string hash = tokenHashFunction()->compute(random, std::string()); WDateTime expires = WDateTime::currentDateTime(); expires = expires.addSecs(emailTokenValidity() * 60); Token t(hash, expires); user.setEmailToken(t, User::LostPassword); sendLostPasswordMail(emailAddress, user, random); } }