Mercurial > prosody-modules
comparison mod_password_reset/mod_password_reset.lua @ 3352:f7668aee968a
mod_password_reset: Switch to util.interpolation (our standard template library)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Tue, 09 Oct 2018 14:09:54 +0100 |
| parents | 0ce475235ae1 |
| children | e8d6f602f382 |
comparison
equal
deleted
inserted
replaced
| 3351:662f2722f745 | 3352:f7668aee968a |
|---|---|
| 3 local new_token = require "util.id".long; | 3 local new_token = require "util.id".long; |
| 4 local jid_prepped_split = require "util.jid".prepped_split; | 4 local jid_prepped_split = require "util.jid".prepped_split; |
| 5 local http_formdecode = require "net.http".formdecode; | 5 local http_formdecode = require "net.http".formdecode; |
| 6 local usermanager = require "core.usermanager"; | 6 local usermanager = require "core.usermanager"; |
| 7 local dataforms_new = require "util.dataforms".new; | 7 local dataforms_new = require "util.dataforms".new; |
| 8 local tohtml = require "util.stanza".xml_escape | 8 local st = require "util.stanza"; |
| 9 local apply_template = require"util.interpolation".new("%b{}", st.xml_escape); | |
| 9 local tostring = tostring; | 10 local tostring = tostring; |
| 10 | 11 |
| 11 local reset_tokens = module:open_store(); | 12 local reset_tokens = module:open_store(); |
| 12 | 13 |
| 13 local max_token_age = module:get_option_number("password_reset_validity", 86400); | 14 local max_token_age = module:get_option_number("password_reset_validity", 86400); |
| 15 local serve = module:depends"http_files".serve; | 16 local serve = module:depends"http_files".serve; |
| 16 | 17 |
| 17 module:depends"adhoc"; | 18 module:depends"adhoc"; |
| 18 module:depends"http"; | 19 module:depends"http"; |
| 19 | 20 |
| 20 local function apply_template(template, args) | 21 local form_template = assert(module:load_resource("password_reset/password_reset.html")):read("*a"); |
| 21 return | 22 local result_template = assert(module:load_resource("password_reset/password_result.html")):read("*a"); |
| 22 template:gsub("{{([^}]*)}}", function (k) | |
| 23 if args[k] then | |
| 24 return tohtml(args[k]) | |
| 25 else | |
| 26 return k | |
| 27 end | |
| 28 end) | |
| 29 end | |
| 30 | 23 |
| 31 function generate_page(event) | 24 function generate_page(event) |
| 32 local request, response = event.request, event.response; | 25 local request, response = event.request, event.response; |
| 33 | 26 |
| 34 local token = request.url.query; | 27 local token = request.url.query; |
| 36 | 29 |
| 37 response.headers.content_type = "text/html; charset=utf-8"; | 30 response.headers.content_type = "text/html; charset=utf-8"; |
| 38 | 31 |
| 39 if not reset_info or os.difftime(os.time(), reset_info.generated_at) > max_token_age then | 32 if not reset_info or os.difftime(os.time(), reset_info.generated_at) > max_token_age then |
| 40 module:log("warn", "Expired token: %s", token or "<none>"); | 33 module:log("warn", "Expired token: %s", token or "<none>"); |
| 41 local template = assert(module:load_resource("password_reset/password_result.html")):read("*a"); | 34 return apply_template(result_template, { classes = "alert-danger", message = "This link has expired." }) |
| 42 | |
| 43 return apply_template(template, { classes = "alert-danger", message = "This link has expired." }) | |
| 44 end | 35 end |
| 45 | 36 |
| 46 local template = assert(module:load_resource("password_reset/password_reset.html")):read("*a"); | 37 return apply_template(form_template, { |
| 47 | 38 jid = reset_info.user.."@"..module.host; |
| 48 return apply_template(template, { jid = reset_info.user.."@"..module.host, token = token }); | 39 token = token; |
| 40 }); | |
| 49 end | 41 end |
| 50 | 42 |
| 51 function handle_form(event) | 43 function handle_form(event) |
| 52 local request, response = event.request, event.response; | 44 local request, response = event.request, event.response; |
| 53 local form_data = http_formdecode(request.body); | 45 local form_data = http_formdecode(request.body); |
| 54 local password, token = form_data["password"], form_data["token"]; | 46 local password, token = form_data["password"], form_data["token"]; |
| 55 | 47 |
| 56 local reset_info = reset_tokens:get(token); | 48 local reset_info = reset_tokens:get(token); |
| 57 | 49 |
| 58 local template = assert(module:load_resource("password_reset/password_result.html")):read("*a"); | |
| 59 | |
| 60 response.headers.content_type = "text/html; charset=utf-8"; | 50 response.headers.content_type = "text/html; charset=utf-8"; |
| 61 | 51 |
| 62 if not reset_info or os.difftime(os.time(), reset_info.generated_at) > max_token_age then | 52 if not reset_info or os.difftime(os.time(), reset_info.generated_at) > max_token_age then |
| 63 return apply_template(template, { classes = "alert-danger", message = "This link has expired." }) | 53 return apply_template(result_template, { classes = "alert-danger", message = "This link has expired." }) |
| 64 end | 54 end |
| 65 | 55 |
| 66 local ok, err = usermanager.set_password(reset_info.user, password, module.host); | 56 local ok, err = usermanager.set_password(reset_info.user, password, module.host); |
| 67 | 57 |
| 68 if ok then | 58 if ok then |
| 69 reset_tokens:set(token, nil); | 59 reset_tokens:set(token, nil); |
| 70 | 60 |
| 71 return apply_template(template, { classes = "alert-success", | 61 return apply_template(result_template, { classes = "alert-success", |
| 72 message = "Your password has been updated! Happy chatting :)" }) | 62 message = "Your password has been updated! Happy chatting :)" }) |
| 73 else | 63 else |
| 74 module:log("debug", "Resetting password failed: " .. tostring(err)); | 64 module:log("debug", "Resetting password failed: " .. tostring(err)); |
| 75 | 65 return apply_template(result_template, { |
| 76 return apply_template(template, { classes = "alert-danger", message = "An unknown error has occurred." }) | 66 classes = "alert-danger"; |
| 67 message = "An unknown error has occurred."; | |
| 68 }) | |
| 77 end | 69 end |
| 78 end | 70 end |
| 79 | 71 |
| 80 module:provides("http", { | 72 module:provides("http", { |
| 81 route = { | 73 route = { |
