variable expiration times, clickable invitation links
authorPaul Hänsch <paul@plutz.net>
Thu, 19 May 2022 13:51:30 +0000 (15:51 +0200)
committerPaul Hänsch <paul@plutz.net>
Thu, 19 May 2022 13:51:30 +0000 (15:51 +0200)
users.sh

index ca986cd..6a6833e 100755 (executable)
--- a/users.sh
+++ b/users.sh
@@ -12,6 +12,9 @@ USER_REGISTRATION="${USER_REGISTRATION-true}"
 USER_REQUIREEMAIL="${USER_REQUIREEMAIL-true}"
 USER_ACCOUNTPAGE="${USER_ACCOUNTPAGE}"
 
+USER_ACCOUNTEXPIRE="${USER_ACCOUNTEXPIRE:-$((86400 * 730))}"
+USER_CONFIRMEXPIRE="${USER_CONFIRMEXPIRE:-86400}"
+
 MAILFROM="${MAILDOMAIN-noreply@${HTTP_HOST%:*}}"
 
 HTTP_HOST="$(HEADER Host)"
@@ -89,7 +92,7 @@ update_user() {
              "${status:-${status-${STATUS}}${status+\\}}" \
              "${email:-${email-${EMAIL}}${email+\\}}" \
              "${pwsalt:-${PWSALT}}" "${pwhash:-${PWHASH}}" \
-             "${expire:-$((_DATE + 86400 * 730))}" \
+             "${expire:-$((_DATE + USER_ACCOUNTEXPIRE))}" \
              "$(STRING "${devices-$(UNSTRING "$DEVICES")}")" \
              "${FUTUREUSE:-\\}"
     elif [ "$STATUS" = pending -a ! "$EXPIRE" -ge "$_DATE" ]; then
@@ -118,7 +121,7 @@ new_user(){
       return 1
     fi
     printf '%s \\      %s      \\      \\      \\      %i      \\      \\\n' \
-           "$user" "pending" "$(( $_DATE + 86400 ))" >>"$user_db"
+           "$user" "pending" "$(( _DATE + USER_CONFIRMEXPIRE ))" >>"$user_db"
   else
     return 1
   fi
@@ -233,7 +236,7 @@ user_register(){
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_INVALID"
     elif user_emailexist "$email"; then
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
-    elif new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"; then
+    elif new_user "$uid" status=pending email="$email" expire="$((_DATE + USER_CONFIRMEXPIRE))"; then
       debug "Sending Activation Link:" \
             "${SCHEMA}://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")"
       "$SENDMAIL" -t -f "$MAILFROM" <<-EOF
@@ -247,7 +250,7 @@ user_register(){
 
            ${SCHEMA}://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")
 
-       This registration link will expire after 24 hours.
+       This registration link will expire after $((USER_CONFIRMEXPIRE / 3600)) hours.
 
        If you did not request an account at ${HTTP_HOST%:*}, then someone else
        probably entered your email address by accident. In this case you shoud
@@ -271,7 +274,7 @@ user_register(){
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_PW_EMPTYTOOSHORT"
     elif [ "$pw" != "$pwconfirm" ]; then
       REDIRECT "${_BASE}${PATH_INFO}#ERROR_PW_MISMATCH"
-    elif new_user "$uid" uname="$uname" status=active email="$email" password="$pw" expire="$((_DATE + 86400 * 730))"; then
+    elif new_user "$uid" uname="$uname" status=active email="$email" password="$pw" expire="$((_DATE + USER_ACCOUNTEXPIRE))"; then
       SESSION_COOKIE new
       SESSION_BIND user_id "$uid"
 
@@ -295,7 +298,7 @@ user_invite(){
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_INVALID"
   elif user_emailexist "$email"; then
     REDIRECT "${_BASE}${PATH_INFO}#ERROR_EMAIL_EXISTS"
-  elif new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"; then
+  elif new_user "$uid" status=pending email="$email" expire="$((_DATE + USER_CONFIRMEXPIRE))"; then
     debug "Sending Invitation Link:" \
           "${SCHEMA}://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")"
     "$SENDMAIL" -t -f "$MAILFROM" <<-EOF
@@ -311,7 +314,7 @@ user_invite(){
 
            ${SCHEMA}://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")
 
-       This registration link will expire after 24 hours.
+       This registration link will expire after $((USER_CONFIRMEXPIRE / 3600)) hours.
 
        If you do not know what this is about, then someone else probably
        entered your email address by accident. In this case you shoud
@@ -542,6 +545,8 @@ w_user_confirm(){
 }
 
 w_user_invite(){
+  local uid invlink
+
   if [ "$(GET user_confirm)" ]; then
     w_user_confirm
   elif [ "$USER_ID" -a "$SENDMAIL" ]; then
@@ -554,12 +559,16 @@ w_user_invite(){
        EOF
   elif [ "$USER_ID" ]; then
     uid="$(timeid)"
-    new_user "$uid" status=pending email="$email" expire="$((_DATE + 86400))"
+    new_user "$uid" status=pending expire="$((_DATE + USER_CONFIRMEXPIRE))"
+    invlink="${SCHEMA}://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")"
+    debug "New Invitation Link: $invlink"
     cat <<-EOF
-        [p An anonymous user account has been set up. Send the following link to the intended user, so they may claim their account. The link will remain valid for 24 hours.]
-        [p . $(HTML "${SCHEMA}://${HTTP_HOST}${_BASE}${PATH_INFO}?user_confirm=${uid}+$(session_mac "$uid")" |debug)]
+       [div #user_invite .link
+          [p An anonymous user account has been set up. Send the following link to the intended user, so they may claim their account. The link will remain valid for $((USER_CONFIRMEXPIRE / 3600)) hours.]
+          [a href="$(HTML "$invlink")" . $(HTML "$invlink")]
 
-        [p [a href="#" . Set up another account]]
+          [p [a href="#" . Set up another account]]
+       ]
        EOF
   else
     cat <<-EOF