From 2f3c712c3c6800a74898bce98dcad781d5b460b6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Wed, 11 May 2022 20:48:51 +0200 Subject: [PATCH] allow invitation without email, allow setting user page url --- users.sh | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) diff --git a/users.sh b/users.sh index 873edf0..44a5e13 100755 --- a/users.sh +++ b/users.sh @@ -6,11 +6,15 @@ include_users="$0" . "${_EXEC}/cgilite/session.sh" . "${_EXEC}/cgilite/storage.sh" -USER_REGISTRATION="${USER_REGISTRATION:-true}" -USER_REQUIREEMAIL="${USER_REQUIREEMAIL:-true}" +SENDMAIL=${SENDMAIL-sendmail} + +USER_REGISTRATION="${USER_REGISTRATION-true}" +USER_REQUIREEMAIL="${USER_REQUIREEMAIL-true}" +USER_ACCOUNTPAGE="${USER_ACCOUNTPAGE}" + +MAILFROM="${MAILDOMAIN-noreply@${HTTP_HOST%:*}}" HTTP_HOST="$(HEADER Host)" -MAILFROM="${MAILDOMAIN:-noreply@${HTTP_HOST%:*}}" # == FILE FORMAT == # UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE @@ -230,7 +234,7 @@ user_register(){ elif new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"; then debug "Sending Activation Link:" \ "https://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")" - sendmail -t -f "$MAILFROM" <<-EOF + "$SENDMAIL" -t -f "$MAILFROM" <<-EOF From: ${MAILFROM} To: ${email} Subject: Your account registration at ${HTTP_HOST%:*} @@ -269,7 +273,11 @@ user_register(){ SESSION_COOKIE new SESSION_BIND user_id "$uid" - REDIRECT "${_BASE}${PATH_INFO}#USER_REGISTER_CONFIRM" + if [ "$USER_ACCOUNTPAGE" ]; then + REDIRECT "${USER_ACCOUNTPAGE}" + else + REDIRECT "${_BASE}${PATH_INFO}#USER_REGISTER_CONFIRM" + fi else REDIRECT "${_BASE}${PATH_INFO}#ERROR_USER_NOLOCK" fi @@ -287,8 +295,8 @@ user_invite(){ REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS" elif new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"; then debug "Sending Invitation Link:" \ - "https://${HTTP_HOST}${BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")" - sendmail -t -f "$MAILFROM" <<-EOF + "https://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")" + "$SENDMAIL" -t -f "$MAILFROM" <<-EOF From: ${MAILFROM} To: ${email} Subject: You have been invited to ${HTTP_HOST%:*} @@ -343,7 +351,11 @@ user_confirm(){ elif update_user "$USER_ID" uname="$uname" status=active password="$pw"; then SESSION_COOKIE new SESSION_BIND user_id "$USER_ID" - REDIRECT "${_BASE}${PATH_INFO}?user_register=confirm#USER_REGISTER_CONFIRM" + if [ "$USER_ACCOUNTPAGE" ]; then + REDIRECT "${USER_ACCOUNTPAGE}" + else + REDIRECT "${_BASE}${PATH_INFO}?user_register=confirm#USER_REGISTER_CONFIRM" + fi else REDIRECT "${_BASE}${PATH_INFO}#ERROR_USER_NOLOCK" fi @@ -452,7 +464,9 @@ w_user_confirm(){ [form #user_confirm method=POST [input type=hidden name=uid value="${uid}"] [input type=hidden name=signature value="${signature}"] - [input disabled=disabled value="$(HTML "$EMAIL")"] + $([ "$EMAIL" != '\' ] && printf \ + '[input disabled=disabled value="%s" placeholder="Email"]' "$(UNSTRING "$EMAIL" |HTML)" + ) [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off] [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"] [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"] @@ -478,7 +492,7 @@ w_user_confirm(){ w_user_invite(){ if [ "$(GET user_confirm)" ]; then w_user_confirm - elif [ "$USER_ID" ]; then + elif [ "$USER_ID" -a "$SENDMAIL" ]; then cat <<-EOF [form #user_invite method=POST [input placeholder="Email Recipient" name=email autocomplete=off] @@ -486,6 +500,15 @@ w_user_invite(){ [submit "action" "user_invite" Send Invitation] ] EOF + elif [ "$USER_ID" ]; then + uid="$(timeid)" + new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))" + cat <<-EOF + [p An anonymous user account has been set up. Send the following link to the intended user, so they may claim their account. The link will remain valid for 24 hours.] + [p . $(HTML "https://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")" |debug)] + + [p [a href="#" . Set up another account]] + EOF else cat <<-EOF [div #user_invite .notallowed -- 2.39.2