diff options
-rwxr-xr-x | lib/Travelynx/Controller/Login.pm | 230 |
1 files changed, 0 insertions, 230 deletions
diff --git a/lib/Travelynx/Controller/Login.pm b/lib/Travelynx/Controller/Login.pm deleted file mode 100755 index 9752414..0000000 --- a/lib/Travelynx/Controller/Login.pm +++ /dev/null @@ -1,230 +0,0 @@ -package Travelynx::Controller::Login; -use Mojo::Base 'Mojolicious::Controller'; - -use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64); -use Encode qw(decode encode); -use Email::Sender::Simple qw(try_to_sendmail); -use Email::Simple; -use UUID::Tiny qw(:std); - -sub hash_password { - my ($password) = @_; - my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 ); - my $salt = en_base64( pack( 'C[16]', @salt_bytes ) ); - - return bcrypt( $password, '$2a$12$' . $salt ); -} - -sub make_token { - return create_uuid_as_string(UUID_V4); -} - -sub login_form { - my ($self) = @_; - $self->render('login'); -} - -sub do_login { - my ($self) = @_; - my $user = $self->req->param('user'); - my $password = $self->req->param('password'); - - # Keep cookies for 6 months - $self->session( expiration => 60 * 60 * 24 * 180 ); - - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( - 'login', - invalid => 'csrf', - ); - } - else { - if ( $self->authenticate( $user, $password ) ) { - $self->redirect_to( $self->req->param('redirect_to') // '/' ); - } - else { - my $data = $self->get_user_password($user); - if ( $data and $data->{status} == 0 ) { - $self->render( 'login', invalid => 'confirmation' ); - } - else { - $self->render( 'login', invalid => 'credentials' ); - } - } - } -} - -sub registration_form { - my ($self) = @_; - $self->render('register'); -} - -sub register { - my ($self) = @_; - my $user = $self->req->param('user'); - my $email = $self->req->param('email'); - my $password = $self->req->param('password'); - my $password2 = $self->req->param('password2'); - my $ip = $self->req->headers->header('X-Forwarded-For'); - my $ua = $self->req->headers->user_agent; - my $date = DateTime->now( time_zone => 'Europe/Berlin' ) - ->strftime('%d.%m.%Y %H:%M:%S %z'); - - # In case Mojolicious is not running behind a reverse proxy - $ip - //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port ); - - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( - 'register', - invalid => 'csrf', - ); - return; - } - - if ( not length($user) ) { - $self->render( 'register', invalid => 'user_empty' ); - return; - } - - if ( not length($email) ) { - $self->render( 'register', invalid => 'mail_empty' ); - return; - } - - if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) { - $self->render( 'register', invalid => 'user_format' ); - return; - } - - if ( $self->check_if_user_name_exists($user) ) { - $self->render( 'register', invalid => 'user_collision' ); - return; - } - - if ( $self->check_if_mail_is_blacklisted($email) ) { - $self->render( 'register', invalid => 'mail_blacklisted' ); - return; - } - - if ( $password ne $password2 ) { - $self->render( 'register', invalid => 'password_notequal' ); - return; - } - - if ( length($password) < 8 ) { - $self->render( 'register', invalid => 'password_short' ); - return; - } - - my $token = make_token(); - my $pw_hash = hash_password($password); - $self->app->dbh->begin_work; - my $user_id = $self->add_user( $user, $email, $token, $pw_hash ); - my $reg_url = $self->url_for('reg')->to_abs->scheme('https'); - my $imprint_url = $self->url_for('impressum')->to_abs->scheme('https'); - - my $body = "Hallo, ${user}!\n\n"; - $body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account bei\n"; - $body .= "travelynx angelegt.\n\n"; - $body - .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n"; - $body .= "${reg_url}/${user_id}/${token}\n"; - $body .= "freischalten.\n\n"; - $body - .= "Falls nicht, ignoriere diese Mail bitte. Nach etwa 48 Stunden wird deine\n"; - $body - .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n"; - $body - .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n"; - $body .= "Daten zur Registrierung:\n"; - $body .= " * Datum: ${date}\n"; - $body .= " * Verwendete IP: ${ip}\n"; - $body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n"; - $body .= "Impressum: ${imprint_url}\n"; - - my $reg_mail = Email::Simple->create( - header => [ - To => $email, - From => 'Travelynx <travelynx@finalrewind.org>', - Subject => 'Registrierung bei travelynx', - 'Content-Type' => 'text/plain; charset=UTF-8', - ], - body => encode( 'utf-8', $body ), - ); - - my $success = try_to_sendmail($reg_mail); - if ($success) { - $self->app->dbh->commit; - $self->render( 'login', from => 'register' ); - } - else { - $self->app->dbh->rollback; - $self->render( 'register', invalid => 'sendmail' ); - } -} - -sub verify { - my ($self) = @_; - - my $id = $self->stash('id'); - my $token = $self->stash('token'); - - my @db_user = $self->get_user_token($id); - - if ( not @db_user ) { - $self->render( 'register', invalid => 'token' ); - return; - } - - my ( $db_name, $db_status, $db_token ) = @db_user; - - if ( not $db_name or $token ne $db_token or $db_status != 0 ) { - $self->render( 'register', invalid => 'token' ); - return; - } - $self->app->set_status_query->execute( 1, $id ); - $self->render( 'login', from => 'verification' ); -} - -sub delete { - my ($self) = @_; - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'account', invalid => 'csrf' ); - return; - } - - my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch; - - if ( $self->param('action') eq 'delete' ) { - if ( - not $self->authenticate( - $self->current_user->{name}, - $self->param('password') - ) - ) - { - $self->render( 'account', invalid => 'password' ); - return; - } - $self->app->mark_for_deletion_query->execute( $now, - $self->current_user->{id} ); - } - else { - $self->app->mark_for_deletion_query->execute( undef, - $self->current_user->{id} ); - } - $self->redirect_to('account'); -} - -sub do_logout { - my ($self) = @_; - if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'login', invalid => 'csrf' ); - return; - } - $self->logout; - $self->redirect_to('/login'); -} - -1; |