X-Git-Url: https://git.plutz.net/?p=cgilite;a=blobdiff_plain;f=users.sh;h=87143d8718aa1083e1b1d9d5bb3ec93b2cca8372;hp=a389f15c6fb81ef361c13c36b3f9a82e6dd22142;hb=2092bc6b9a0c5e0fca52293c82476b3349b2037b;hpb=f477dc5d53cd74cf455c9035ed996730f443e4ba

diff --git a/users.sh b/users.sh
index a389f15..87143d8 100755
--- a/users.sh
+++ b/users.sh
@@ -6,11 +6,15 @@ include_users="$0"
 . "${_EXEC}/cgilite/session.sh"
 . "${_EXEC}/cgilite/storage.sh"
 
-USER_REGISTRATION="${USER_REGISTRATION:-true}"
-USER_REQUIREEMAIL="${USER_REQUIREEMAIL:-true}"
+SENDMAIL=${SENDMAIL-sendmail}
+
+USER_REGISTRATION="${USER_REGISTRATION-true}"
+USER_REQUIREEMAIL="${USER_REQUIREEMAIL-true}"
+USER_ACCOUNTPAGE="${USER_ACCOUNTPAGE}"
+
+MAILFROM="${MAILDOMAIN-noreply@${HTTP_HOST%:*}}"
 
 HTTP_HOST="$(HEADER Host)"
-MAILFROM="${MAILDOMAIN:-noreply@${HTTP_HOST%:*}}"
 
 # == FILE FORMAT ==
 # UID	UNAME	STATUS	EMAIL	PWSALT	PWHASH	EXPIRE	DEVICES FUTUREUSE
@@ -27,9 +31,10 @@ LOCAL_USER='local \
   USER_EXPIRE USER_DEVICES USER_FUTUREUSE
 '
 
+unset USER_IDMAP
 eval "$UNSET_USER"
 
-user_db="${_DATA}/users.db"
+user_db="${user_db:-${_DATA}/users.db}"
 
 read_user() {
   local user="$1"
@@ -127,6 +132,40 @@ new_user(){
   fi
 }
 
+user_idmap(){
+  local uid="$1" ret
+  eval "$LOCAL_USER"
+
+  if [ ! "$USER_IDMAP" ]; then
+    while read_user; do
+      USER_IDMAP="${USER_IDMAP}${USER_ID}	${USER_NAME}${BR}"
+    done <"$user_db"
+  fi
+  if [ "$uid" -a "$USER_IDMAP" != "${USER_IDMAP##*${uid}	}" ]; then
+    ret="${USER_IDMAP##*${uid}	}"; ret="${ret%%${BR}*}";
+    printf '%s\n' "$ret"
+    return 0
+  elif [ "$uid" ]; then
+    return 1
+  else
+    printf '%s' "$USER_IDMAP"
+    return 0
+  fi
+}
+
+user_idof(){
+  local name="$(STRING "$1")" ret
+  [ "$USER_IDMAP" ] || user_idmap >/dev/null
+
+  if [ "${name%\\}" -a "$USER_IDMAP" != "${USER_IDMAP%	${name}${BR}*}" ]; then
+    ret="${USER_IDMAP%	${name}${BR}*}"; ret="${ret##*${BR}}"
+    printf '%s\n' "$ret"
+    return 0
+  else
+    return 1
+  fi
+}
+
 user_checkname(){
   { [ $# -gt 0 ] && printf %s "$*" || cat; } \
   | sed -nE '
@@ -195,7 +234,7 @@ user_register(){
     elif new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"; then
       debug "Sending Activation Link:" \
             "https://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")"
-      sendmail -t -f "$MAILFROM" <<-EOF
+      "$SENDMAIL" -t -f "$MAILFROM" <<-EOF
 	From: ${MAILFROM}
 	To: ${email}
 	Subject: Your account registration at ${HTTP_HOST%:*}
@@ -234,7 +273,11 @@ user_register(){
       SESSION_COOKIE new
       SESSION_BIND user_id "$uid"
 
-      REDIRECT "${_BASE}${PATH_INFO}#USER_REGISTER_CONFIRM"
+      if [ "$USER_ACCOUNTPAGE" ]; then
+        REDIRECT "${USER_ACCOUNTPAGE}"
+      else
+        REDIRECT "${_BASE}${PATH_INFO}#USER_REGISTER_CONFIRM"
+      fi
     else
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_USER_NOLOCK"
     fi
@@ -252,8 +295,8 @@ user_invite(){
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
   elif new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"; then
     debug "Sending Invitation Link:" \
-          "https://${HTTP_HOST}${BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")"
-    sendmail -t -f "$MAILFROM" <<-EOF
+          "https://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")"
+    "$SENDMAIL" -t -f "$MAILFROM" <<-EOF
 	From: ${MAILFROM}
 	To: ${email}
 	Subject: You have been invited to ${HTTP_HOST%:*}
@@ -308,7 +351,11 @@ user_confirm(){
   elif update_user "$USER_ID" uname="$uname" status=active password="$pw"; then
     SESSION_COOKIE new
     SESSION_BIND user_id "$USER_ID"
-    REDIRECT "${_BASE}${PATH_INFO}?user_register=confirm#USER_REGISTER_CONFIRM"
+    if [ "$USER_ACCOUNTPAGE" ]; then
+      REDIRECT "${USER_ACCOUNTPAGE}"
+    else
+      REDIRECT "${_BASE}${PATH_INFO}?user_register=confirm#USER_REGISTER_CONFIRM"
+    fi
   else
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_USER_NOLOCK"
   fi
@@ -344,9 +391,35 @@ user_logout(){
 }
 
 user_update(){
-  # passphrase, email
-  :
+  # todo: username update, email update / email confirm
+  local UID	UNAME	STATUS	EMAIL	PWSALT	PWHASH	EXPIRE	DEVICES FUTUREUSE
+  # local uname="$(POST uname |STRING)"
+  local uid oldpw pw pwconfirm
+
+        uid="$(POST uid)"
+      oldpw="$(POST oldpw)"
+         pw="$(POST pw |grep -xE '.{6}')"
+  pwconfirm="$(POST pwconfirm)"
+
+
+  read -r UID	UNAME	STATUS	EMAIL	PWSALT	PWHASH	EXPIRE	DEVICES FUTUREUSE <<-EOF
+	$(grep "^${uid}	" "$user_db")
+	EOF
+
+  if [ "$UID" = "$USER_ID" -a "$PWHASH" = "$(user_pwhash "$PWSALT" "$oldpw")" ]; then
+    if [ "$pw" -a "$pw" = "$pwconfirm" ]; then
+      update_user "${uid}" password="$pw"
+      REDIRECT "${_BASE}${PATH_INFO}#UPDATE_SUCCESS"
+    else
+      REDIRECT "${_BASE}${PATH_INFO}#ERROR_PWMISMATCH"
+    fi
+  elif [ "$UID" = "$USER_ID" ]; then
+    REDIRECT "${_BASE}${PATH_INFO}#ERROR_INVALID_AUTH_PASSWORD"
+  else
+    REDIRECT "${_BASE}${PATH_INFO}#ERROR_NOTLOGGEDIN"
+  fi
 }
+
 user_recover(){
   # send recover link
   :
@@ -364,14 +437,34 @@ read_user "$(SESSION_VAR user_id)"
   user_invite)   user_invite ;;
   user_login)    user_login ;;
   user_logout)   user_logout ;;
-  user_update)
-    :;;
+  user_update)   user_update ;;
   user_recover)
     :;;
   user_disable)
     :;;
 esac
 
+w_user_update(){
+  if [ ! "$USER_ID" ]; then
+    cat <<-EOF
+	[div #user_update .nouser
+	This page can only be used by registered users
+	]
+	EOF
+  else
+    cat <<-EOF
+	[form #user_update method=POST
+	  [hidden "uid" "$USER_ID"]
+	  [p .username Logged in as $USER_NAME]
+	  [input type=password name=oldpw placeholder="Current Passphrase"]
+	  [input type=password name=pw placeholder="New Passphrase" pattern=".{6,}"]
+	  [input type=password name=pwconfirm placeholder="Confirm New Passphrase" pattern=".{6,}"]
+	  [submit "action" "user_update" Update Passphrase]
+	]
+	EOF
+  fi
+}
+
 w_user_register(){
   if [ "$(GET user_confirm)" ]; then
     w_user_confirm
@@ -394,7 +487,7 @@ w_user_register(){
   elif [ "$USER_REQUIREEMAIL" != true ]; then
     cat <<-EOF
 	[form #user_register .registername method=POST
-          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off]
+          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[\\\\p{L}\]\[\\\\p{L}0-9 -~\]{2,127}$" autocomplete=off]
 	  [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"]
 	  [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"]
 	  [submit "action" "user_register" Sign Up]
@@ -417,8 +510,10 @@ w_user_confirm(){
 	[form #user_confirm method=POST
 	  [input type=hidden name=uid value="${uid}"]
 	  [input type=hidden name=signature value="${signature}"]
-	  [input disabled=disabled value="$(HTML "$EMAIL")"]
-          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off]
+	  $([ "$EMAIL" != '\' ] && printf \
+	    '[input disabled=disabled value="%s" placeholder="Email"]' "$(UNSTRING "$EMAIL" |HTML)"
+	  )
+          [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[\\\\p{L}\]\[\\\\p{L}0-9 -~\]{2,127}$" autocomplete=off]
 	  [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"]
 	  [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"]
 	  [submit "action" "user_confirm" Finish Registration]
@@ -443,7 +538,7 @@ w_user_confirm(){
 w_user_invite(){
   if [ "$(GET user_confirm)" ]; then
     w_user_confirm
-  elif [ "$USER_ID" ]; then
+  elif [ "$USER_ID" -a "$SENDMAIL" ]; then
     cat <<-EOF
 	[form #user_invite method=POST
 	  [input placeholder="Email Recipient" name=email autocomplete=off]
@@ -451,6 +546,15 @@ w_user_invite(){
 	  [submit "action" "user_invite" Send Invitation]
 	]
 	EOF
+  elif [ "$USER_ID" ]; then
+    uid="$(timeid)"
+    new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"
+    cat <<-EOF
+        [p An anonymous user account has been set up. Send the following link to the intended user, so they may claim their account. The link will remain valid for 24 hours.]
+        [p . $(HTML "https://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")" |debug)]
+
+        [p [a href="#" . Set up another account]]
+	EOF
   else
     cat <<-EOF
 	[div #user_invite .notallowed