diff options
| author | Tor Andersson <tor@ccxvii.net> | 2025-05-02 11:50:05 +0200 |
|---|---|---|
| committer | Tor Andersson <tor@ccxvii.net> | 2025-05-06 20:08:41 +0200 |
| commit | 3ccbcd68cb252848da64ea61796f8479df15643a (patch) | |
| tree | de38dd51162185546dae7d5c82999f66f6893df2 | |
| parent | 3ba0853f0c51dab103c66091f4a062f612b1368a (diff) | |
| download | server-3ccbcd68cb252848da64ea61796f8479df15643a.tar.gz | |
Tweak verification flow.
| -rw-r--r-- | server.js | 30 | ||||
| -rw-r--r-- | views/account_mail_verify.pug | 32 | ||||
| -rw-r--r-- | views/verify_mail.pug | 21 |
3 files changed, 46 insertions, 37 deletions
@@ -598,18 +598,18 @@ app.post("/signup", must_pass_altcha, function (req, res) { res.redirect("/profile") }) -function create_and_mail_verification_token(user) { - if (!SQL_FIND_TOKEN.get(user.user_id)) - mail_verification_token(user, SQL_CREATE_TOKEN.get(user.user_id)) -} - app.get("/account/mail/verify", must_be_logged_in, function (req, res) { - var token = req.query.token if (SQL_SELECT_USER_VERIFIED.get(req.user.user_id)) return res.redirect("/profile") - if (!token) - create_and_mail_verification_token(req.user) - res.render("verify_mail.pug", { token }) + var sent_token = SQL_FIND_TOKEN.get(req.user.user_id) + var input_token = req.query.token + res.render("account_mail_verify.pug", { input_token, sent_token }) +}) + +app.post("/account/mail/verify-send", must_be_logged_in, function (req, res) { + if (!SQL_FIND_TOKEN.get(req.user.user_id)) + mail_verification_token(req.user, SQL_CREATE_TOKEN.get(req.user.user_id)) + res.redirect("/account/mail/verify") }) app.post("/account/mail/verify", must_be_logged_in, function (req, res) { @@ -617,8 +617,8 @@ app.post("/account/mail/verify", must_be_logged_in, function (req, res) { SQL_UPDATE_USER_VERIFIED.run(1, req.user.user_id) res.redirect("/profile") } else { - create_and_mail_verification_token(req.user) - res.render("verify_mail.pug", { flash: "Invalid or expired token!" }) + var sent_token = SQL_FIND_TOKEN.get(req.user.user_id) + res.render("account_mail_verify.pug", { sent_token, flash: "Invalid or expired token!" }) } }) @@ -632,11 +632,8 @@ app.post("/account/forgot-password", must_pass_altcha, function (req, res) { let mail = req.body.mail let user = SQL_SELECT_LOGIN_BY_MAIL.get(mail) if (user) { - let token = SQL_FIND_TOKEN.get(user.user_id) - if (!token) { - token = SQL_CREATE_TOKEN.get(user.user_id) - mail_password_reset_token(user, token) - } + var token = SQL_CREATE_TOKEN.get(user.user_id) + mail_password_reset_token(user, token) return res.redirect("/account/reset-password?mail=" + mail) } res.render("forgot_password.pug", { flash: "User not found." }) @@ -811,6 +808,7 @@ app.post("/account/change-mail", must_be_logged_in, function (req, res) { return res.render("change_mail.pug", { flash: "That mail address is already taken!" }) SQL_UPDATE_USER_MAIL.run(newmail, req.user.user_id) SQL_UPDATE_USER_VERIFIED.run(0, req.user.user_id) + SQL_UPDATE_USER_NOTIFY.run(0, req.user.user_id) return res.redirect("/profile") }) diff --git a/views/account_mail_verify.pug b/views/account_mail_verify.pug new file mode 100644 index 0000000..fddf2fa --- /dev/null +++ b/views/account_mail_verify.pug @@ -0,0 +1,32 @@ +//- vim:ts=4:sw=4: +doctype html +html + head + include head + title Verify mail + body + include header + article + h1 Verify mail + if flash + p.error= flash + + p Your mail address is <code>#{user.mail}</code> + + p If the above address is wrong, you can <a href="/account/change-mail">change it</a>! + + if sent_token + p Your token is in the mail! + else + form(method="post" action="/account/mail/verify-send") + p + button(type="submit") Send token + + form(method="post") + p + label Enter your mail verification token here: + br + input(type="text" name="token" size=32 value=token style="font-family:monospace" required) + p + button(type="submit") Verify + diff --git a/views/verify_mail.pug b/views/verify_mail.pug deleted file mode 100644 index 17a16e5..0000000 --- a/views/verify_mail.pug +++ /dev/null @@ -1,21 +0,0 @@ -//- vim:ts=4:sw=4: -doctype html -html - head - include head - title Verify mail - body - include header - article - h1 Verify mail - if flash - p.error= flash - - form(method="post") - p A token has been sent to #{user.mail}. - p - label Enter the token here: - br - input(type="text" name="token" size=32 value=token style="font-family:monospace" required) - p - button(type="submit") Verify |