API Access
diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md
index 174234b390c..2b91a10e93b 100644
--- a/docs/CONTRIBUTING.md
+++ b/docs/CONTRIBUTING.md
@@ -338,6 +338,35 @@ yarn run start:local
And then you should be able to visit http://localhost:4200!
+##### Using Mailgun to Send Emails
+
+We currently have email functionality enabled for confirming a user's email
+address. In development, the sending of emails is simulated by a file
+representing the email being created in your local `/tmp/` directory. If
+you want to test sending real emails, you will have to either set the
+Mailgun environment variables in `.env` manually or run your app instance
+on Heroku and add the Mailgun app.
+
+To set the environment variables manually, create an account and configure
+Mailgun. [These quick start instructions]
+(http://mailgun-documentation.readthedocs.io/en/latest/quickstart.html)
+might be helpful. Once you get the environment variables for the app, you
+will have to add them to the bottom of the `.env` file. You will need to
+fill in the `MAILGUN_SMTP_LOGIN`, `MAILGUN_SMTP_PASSWORD`, and
+`MAILGUN_SMTP_SERVER` fields.
+
+If using Heroku, you should be able to add the app to your instance on your
+dashboard. When your code is pushed and run on Heroku, the environment
+variables should be detected and you should not have to set anything
+manually.
+
+In either case, you should be able to check in your Mailgun account to see
+if emails are being detected and sent. Relevant information should be under
+the 'logs' tab on your Mailgun dashboard. To access, if the variables were
+set up manually, log in to your account. If the variables were set through
+Heroku, you should be able to click on the Mailgun icon in your Heroku
+dashboard, which should take you to your Mailgun dashboard.
+
#### Running the backend tests
In your `.env` file, set `TEST_DATABASE_URL` to a value that's the same as
diff --git a/migrations/20170804200817_add_email_table/down.sql b/migrations/20170804200817_add_email_table/down.sql
new file mode 100644
index 00000000000..68415a79c95
--- /dev/null
+++ b/migrations/20170804200817_add_email_table/down.sql
@@ -0,0 +1,3 @@
+-- This file should undo anything in `up.sql`
+DROP table tokens;
+DROP table emails;
diff --git a/migrations/20170804200817_add_email_table/up.sql b/migrations/20170804200817_add_email_table/up.sql
new file mode 100644
index 00000000000..d1402e4f95b
--- /dev/null
+++ b/migrations/20170804200817_add_email_table/up.sql
@@ -0,0 +1,17 @@
+-- Your SQL goes here
+CREATE table emails (
+ id SERIAL PRIMARY KEY,
+ user_id INTEGER NOT NULL UNIQUE,
+ email VARCHAR NOT NULL,
+ verified BOOLEAN DEFAULT false NOT NULL
+);
+
+CREATE table tokens (
+ id SERIAL PRIMARY KEY,
+ email_id INTEGER NOT NULL UNIQUE REFERENCES emails,
+ token VARCHAR NOT NULL,
+ created_at TIMESTAMP NOT NULL DEFAULT now()
+);
+
+INSERT INTO emails (user_id, email)
+ SELECT id, email FROM users WHERE email IS NOT NULL;
diff --git a/src/email.rs b/src/email.rs
new file mode 100644
index 00000000000..38fbff23141
--- /dev/null
+++ b/src/email.rs
@@ -0,0 +1,86 @@
+use dotenv::dotenv;
+use std::env;
+use std::path::Path;
+use util::{CargoResult, bad_request};
+use lettre::email::{EmailBuilder, Email};
+use lettre::transport::file::FileEmailTransport;
+use lettre::transport::EmailTransport;
+use lettre::transport::smtp::{SecurityLevel, SmtpTransportBuilder};
+use lettre::transport::smtp::SUBMISSION_PORT;
+use lettre::transport::smtp::authentication::Mechanism;
+
+#[derive(Debug)]
+pub struct MailgunConfigVars {
+ pub smtp_login: String,
+ pub smtp_password: String,
+ pub smtp_server: String,
+}
+
+pub fn init_config_vars() -> Option
{
+ dotenv().ok();
+
+ match (
+ env::var("MAILGUN_SMTP_LOGIN"),
+ env::var("MAILGUN_SMTP_PASSWORD"),
+ env::var("MAILGUN_SMTP_SERVER"),
+ ) {
+ (Ok(login), Ok(password), Ok(server)) => {
+ Some(MailgunConfigVars {
+ smtp_login: login,
+ smtp_password: password,
+ smtp_server: server,
+ })
+ }
+ _ => None,
+ }
+}
+
+pub fn build_email(
+ recipient: &str,
+ subject: &str,
+ body: &str,
+ mailgun_config: &Option,
+) -> CargoResult {
+ let sender = mailgun_config
+ .as_ref()
+ .map(|s| s.smtp_login.as_str())
+ .unwrap_or("Development Mode");
+
+ let email = EmailBuilder::new()
+ .to(recipient)
+ .from(sender)
+ .subject(subject)
+ .body(body)
+ .build()?;
+
+ Ok(email)
+}
+
+pub fn send_email(recipient: &str, subject: &str, body: &str) -> CargoResult<()> {
+ let mailgun_config = init_config_vars();
+ let email = build_email(recipient, subject, body, &mailgun_config)?;
+
+ match mailgun_config {
+ Some(mailgun_config) => {
+ let mut transport =
+ SmtpTransportBuilder::new((mailgun_config.smtp_server.as_str(), SUBMISSION_PORT))?
+ .credentials(&mailgun_config.smtp_login, &mailgun_config.smtp_password)
+ .security_level(SecurityLevel::AlwaysEncrypt)
+ .smtp_utf8(true)
+ .authentication_mechanism(Mechanism::Plain)
+ .build();
+
+ let result = transport.send(email.clone());
+ result.map_err(|_| bad_request("Error in sending email"))?;
+ }
+ None => {
+ let mut sender = FileEmailTransport::new(Path::new("/tmp"));
+ let result = sender.send(email.clone());
+ result.map_err(
+ |_| bad_request("Email file could not be generated"),
+ )?;
+ }
+ }
+
+ Ok(())
+}
diff --git a/src/lib.rs b/src/lib.rs
index 6b705f97e10..442ed59d7ec 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -3,7 +3,6 @@
//! All implemented routes are defined in the [middleware](fn.middleware.html) function and
//! implemented in the [category](category/index.html), [keyword](keyword/index.html),
//! [krate](krate/index.html), [user](user/index.html) and [version](version/index.html) modules.
-
#![deny(warnings)]
#![deny(missing_debug_implementations, missing_copy_implementations)]
#![cfg_attr(feature = "clippy", feature(plugin))]
@@ -42,6 +41,7 @@ extern crate tar;
extern crate time;
extern crate toml;
extern crate url;
+extern crate lettre;
extern crate conduit;
extern crate conduit_conditional_get;
@@ -96,6 +96,7 @@ pub mod uploaders;
pub mod user;
pub mod util;
pub mod version;
+pub mod email;
mod local_upload;
mod pagination;
@@ -191,6 +192,8 @@ pub fn middleware(app: Arc) -> MiddlewareBuilder {
C(crate_owner_invitation::list),
);
api_router.get("/summary", C(krate::summary));
+ api_router.put("/confirm/:email_token", C(user::confirm_user_email));
+ api_router.put("/users/:user_id/resend", C(user::regenerate_token_and_send));
let api_router = Arc::new(R404(api_router));
let mut router = RouteBuilder::new();
diff --git a/src/schema.rs b/src/schema.rs
index 80ef28cc823..e0555444750 100644
--- a/src/schema.rs
+++ b/src/schema.rs
@@ -408,6 +408,38 @@ table! {
}
}
+table! {
+ /// Representation of the `emails` table.
+ ///
+ /// (Automatically generated by Diesel.)
+ emails (id) {
+ /// The `id` column of the `emails` table.
+ ///
+ /// Its SQL type is `Int4`.
+ ///
+ /// (Automatically generated by Diesel.)
+ id -> Int4,
+ /// The `user_id` column of the `emails` table.
+ ///
+ /// Its SQL type is `Int4`.
+ ///
+ /// (Automatically generated by Diesel.)
+ user_id -> Int4,
+ /// The `email` column of the `emails` table.
+ ///
+ /// Its SQL type is `Varchar`.
+ ///
+ /// (Automatically generated by Diesel.)
+ email -> Varchar,
+ /// The `verified` column of the `emails` table.
+ ///
+ /// Its SQL type is `Bool`.
+ ///
+ /// (Automatically generated by Diesel.)
+ verified -> Bool,
+ }
+}
+
table! {
/// Representation of the `follows` table.
///
@@ -546,6 +578,38 @@ table! {
}
}
+table! {
+ /// Representation of the `tokens` table.
+ ///
+ /// (Automatically generated by Diesel.)
+ tokens (id) {
+ /// The `id` column of the `tokens` table.
+ ///
+ /// Its SQL type is `Int4`.
+ ///
+ /// (Automatically generated by Diesel.)
+ id -> Int4,
+ /// The `email_id` column of the `tokens` table.
+ ///
+ /// Its SQL type is `Int4`.
+ ///
+ /// (Automatically generated by Diesel.)
+ email_id -> Int4,
+ /// The `token` column of the `tokens` table.
+ ///
+ /// Its SQL type is `Varchar`.
+ ///
+ /// (Automatically generated by Diesel.)
+ token -> Varchar,
+ /// The `created_at` column of the `tokens` table.
+ ///
+ /// Its SQL type is `Timestamp`.
+ ///
+ /// (Automatically generated by Diesel.)
+ created_at -> Timestamp,
+ }
+}
+
table! {
/// Representation of the `users` table.
///
@@ -753,3 +817,4 @@ joinable!(crate_owners -> teams (owner_id));
joinable!(crate_owners -> users (owner_id));
joinable!(readme_rendering -> versions (version_id));
joinable!(crate_owner_invitations -> crates (crate_id));
+joinable!(tokens -> emails (email_id));
diff --git a/src/tests/http-data/user_test_confirm_user_email b/src/tests/http-data/user_test_confirm_user_email
new file mode 100644
index 00000000000..fe51488c706
--- /dev/null
+++ b/src/tests/http-data/user_test_confirm_user_email
@@ -0,0 +1 @@
+[]
diff --git a/src/tests/http-data/user_test_insert_into_email_table b/src/tests/http-data/user_test_insert_into_email_table
new file mode 100644
index 00000000000..fe51488c706
--- /dev/null
+++ b/src/tests/http-data/user_test_insert_into_email_table
@@ -0,0 +1 @@
+[]
diff --git a/src/tests/http-data/user_test_insert_into_email_table_with_email_change b/src/tests/http-data/user_test_insert_into_email_table_with_email_change
new file mode 100644
index 00000000000..fe51488c706
--- /dev/null
+++ b/src/tests/http-data/user_test_insert_into_email_table_with_email_change
@@ -0,0 +1 @@
+[]
diff --git a/src/tests/token.rs b/src/tests/token.rs
index db253afe8c6..d164d243892 100644
--- a/src/tests/token.rs
+++ b/src/tests/token.rs
@@ -385,7 +385,7 @@ fn token_gives_access_to_me() {
req.header("Authorization", &token.token);
let mut response = ok_resp!(middle.call(&mut req));
- let json: ::user::UserShowResponse = ::json(&mut response);
+ let json: ::user::UserShowPrivateResponse = ::json(&mut response);
assert_eq!(json.user.email, user.email);
}
diff --git a/src/tests/user.rs b/src/tests/user.rs
index 456d0c16faa..0ccaa9c44ae 100644
--- a/src/tests/user.rs
+++ b/src/tests/user.rs
@@ -4,7 +4,7 @@ use conduit::{Handler, Method};
use cargo_registry::token::ApiToken;
use cargo_registry::krate::EncodableCrate;
-use cargo_registry::user::{User, NewUser, EncodablePrivateUser};
+use cargo_registry::user::{User, NewUser, EncodablePrivateUser, EncodablePublicUser, Email, Token};
use cargo_registry::version::EncodableVersion;
use diesel::prelude::*;
@@ -16,7 +16,12 @@ struct AuthResponse {
}
#[derive(Deserialize)]
-pub struct UserShowResponse {
+pub struct UserShowPublicResponse {
+ pub user: EncodablePublicUser,
+}
+
+#[derive(Deserialize)]
+pub struct UserShowPrivateResponse {
pub user: EncodablePrivateUser,
}
@@ -48,7 +53,7 @@ fn me() {
let user = ::sign_in(&mut req, &app);
let mut response = ok_resp!(middle.call(&mut req));
- let json: UserShowResponse = ::json(&mut response);
+ let json: UserShowPrivateResponse = ::json(&mut response);
assert_eq!(json.user.email, user.email);
}
@@ -65,15 +70,11 @@ fn show() {
let mut req = ::req(app.clone(), Method::Get, "/api/v1/users/foo");
let mut response = ok_resp!(middle.call(&mut req));
- let json: UserShowResponse = ::json(&mut response);
- // Emails should be None as when on the user/:user_id page, a user's email should
- // not be accessible in order to keep private.
- assert_eq!(None, json.user.email);
+ let json: UserShowPublicResponse = ::json(&mut response);
assert_eq!("foo", json.user.login);
let mut response = ok_resp!(middle.call(req.with_path("/api/v1/users/bar")));
- let json: UserShowResponse = ::json(&mut response);
- assert_eq!(None, json.user.email);
+ let json: UserShowPublicResponse = ::json(&mut response);
assert_eq!("bar", json.user.login);
assert_eq!(Some("https://github.com/bar".into()), json.user.url);
}
@@ -510,3 +511,196 @@ fn test_this_user_cannot_change_that_user_email() {
);
}
+
+/* Given a new user, test that if they sign in with
+ one email, change their email on GitHub, then
+ sign in again, that the email will remain
+ consistent with the original email used on
+ GitHub.
+*/
+#[test]
+fn test_insert_into_email_table() {
+ #[derive(Deserialize)]
+ struct R {
+ user: EncodablePrivateUser,
+ }
+
+ let (_b, app, middle) = ::app();
+ let mut req = ::req(app.clone(), Method::Get, "/me");
+ {
+ let conn = app.diesel_database.get().unwrap();
+ let user = NewUser {
+ gh_id: 1,
+ email: Some("potato@example.com"),
+ ..::new_user("potato")
+ };
+
+ let user = user.create_or_update(&conn).unwrap();
+ ::sign_in_as(&mut req, &user);
+ }
+
+ let mut response = ok_resp!(middle.call(
+ req.with_path("/api/v1/me").with_method(Method::Get),
+ ));
+ let r = ::json::(&mut response);
+ assert_eq!(r.user.email.unwrap(), "potato@example.com");
+ assert_eq!(r.user.login, "potato");
+
+ ::logout(&mut req);
+
+ // What if user changes their github user email
+ {
+ let conn = app.diesel_database.get().unwrap();
+ let user = NewUser {
+ gh_id: 1,
+ email: Some("banana@example.com"),
+ ..::new_user("potato")
+ };
+
+ let user = user.create_or_update(&conn).unwrap();
+ ::sign_in_as(&mut req, &user);
+ }
+
+ let mut response = ok_resp!(middle.call(
+ req.with_path("/api/v1/me").with_method(Method::Get),
+ ));
+ let r = ::json::(&mut response);
+ assert_eq!(r.user.email.unwrap(), "potato@example.com");
+ assert_eq!(r.user.login, "potato");
+}
+
+/* Given a new user, check that when an email is added,
+ changed by user on GitHub, changed on crates.io,
+ that the email remains consistent with that which
+ the user has changed
+*/
+#[test]
+fn test_insert_into_email_table_with_email_change() {
+ #[derive(Deserialize)]
+ struct R {
+ user: EncodablePrivateUser,
+ }
+
+ #[derive(Deserialize)]
+ struct S {
+ ok: bool,
+ }
+
+ let (_b, app, middle) = ::app();
+ let mut req = ::req(app.clone(), Method::Get, "/me");
+ let user = {
+ let conn = app.diesel_database.get().unwrap();
+ let user = NewUser {
+ gh_id: 1,
+ email: Some("potato@example.com"),
+ ..::new_user("potato")
+ };
+
+ let user = user.create_or_update(&conn).unwrap();
+ ::sign_in_as(&mut req, &user);
+ user
+ };
+
+ let mut response = ok_resp!(middle.call(
+ req.with_path("/api/v1/me").with_method(Method::Get),
+ ));
+ let r = ::json::(&mut response);
+ assert_eq!(r.user.email.unwrap(), "potato@example.com");
+ assert_eq!(r.user.login, "potato");
+
+ let body = r#"{"user":{"email":"apricot@apricots.apricot","name":"potato","login":"potato","avatar":"https://avatars0.githubusercontent.com","url":"https://github.com/potato","kind":null}}"#;
+ let mut response = ok_resp!(
+ middle.call(
+ req.with_path(&format!("/api/v1/users/{}", user.id))
+ .with_method(Method::Put)
+ .with_body(body.as_bytes()),
+ )
+ );
+ assert!(::json::(&mut response).ok);
+
+ ::logout(&mut req);
+
+ // What if user changes their github user email
+ {
+ let conn = app.diesel_database.get().unwrap();
+ let user = NewUser {
+ gh_id: 1,
+ email: Some("banana@example.com"),
+ ..::new_user("potato")
+ };
+
+ let user = user.create_or_update(&conn).unwrap();
+ ::sign_in_as(&mut req, &user);
+ }
+
+ let mut response = ok_resp!(middle.call(
+ req.with_path("/api/v1/me").with_method(Method::Get),
+ ));
+ let r = ::json::(&mut response);
+ assert_eq!(r.user.email.unwrap(), "apricot@apricots.apricot");
+ assert_eq!(r.user.login, "potato");
+}
+
+/* Given a new user, test that their email can be added
+ to the email table and a token for the email is generated
+ and added to the token table. When /confirm/:email_token is
+ requested, check that the response back is ok, and that
+ the email_verified field on user is now set to true.
+*/
+#[test]
+fn test_confirm_user_email() {
+ use cargo_registry::schema::{emails, tokens};
+
+ #[derive(Deserialize)]
+ struct R {
+ user: EncodablePrivateUser,
+ }
+
+ #[derive(Deserialize)]
+ struct S {
+ ok: bool,
+ }
+
+ let (_b, app, middle) = ::app();
+ let mut req = ::req(app.clone(), Method::Get, "/me");
+ let user = {
+ let conn = app.diesel_database.get().unwrap();
+ let user = NewUser {
+ email: Some("potato@example.com"),
+ ..::new_user("potato")
+ };
+
+ let user = user.create_or_update(&conn).unwrap();
+ ::sign_in_as(&mut req, &user);
+ user
+ };
+
+ let email_token = {
+ let conn = app.diesel_database.get().unwrap();
+ let email_info = emails::table
+ .filter(emails::user_id.eq(user.id))
+ .first::(&*conn)
+ .unwrap();
+ let token_info = tokens::table
+ .filter(tokens::email_id.eq(email_info.id))
+ .first::(&*conn)
+ .unwrap();
+ token_info.token
+ };
+
+ let mut response = ok_resp!(
+ middle.call(
+ req.with_path(&format!("/api/v1/confirm/{}", email_token))
+ .with_method(Method::Put),
+ )
+ );
+ assert!(::json::(&mut response).ok);
+
+ let mut response = ok_resp!(middle.call(
+ req.with_path("/api/v1/me").with_method(Method::Get),
+ ));
+ let r = ::json::(&mut response);
+ assert_eq!(r.user.email.unwrap(), "potato@example.com");
+ assert_eq!(r.user.login, "potato");
+ assert!(r.user.email_verified);
+}
diff --git a/src/user/mod.rs b/src/user/mod.rs
index 5ba429bb1e2..307ac007b21 100644
--- a/src/user/mod.rs
+++ b/src/user/mod.rs
@@ -5,24 +5,26 @@ use diesel::prelude::*;
use rand::{thread_rng, Rng};
use std::borrow::Cow;
use serde_json;
+use time::Timespec;
use app::RequestApp;
use db::RequestTransaction;
use krate::Follow;
use pagination::Paginate;
use schema::*;
-use util::{RequestUtils, CargoResult, human};
+use util::{RequestUtils, CargoResult, human, bad_request};
use version::EncodableVersion;
use {http, Version};
use owner::{Owner, OwnerKind, CrateOwner};
use krate::Crate;
+use email;
pub use self::middleware::{Middleware, RequestUser, AuthenticationSource};
pub mod middleware;
/// The model representing a row in the `users` database table.
-#[derive(Clone, Debug, PartialEq, Eq, Queryable, Identifiable, AsChangeset)]
+#[derive(Clone, Debug, PartialEq, Eq, Queryable, Identifiable, AsChangeset, Associations)]
pub struct User {
pub id: i32,
pub email: Option,
@@ -44,6 +46,40 @@ pub struct NewUser<'a> {
pub gh_access_token: Cow<'a, str>,
}
+#[derive(Debug, Queryable, AsChangeset, Identifiable, Associations)]
+#[belongs_to(User)]
+pub struct Email {
+ pub id: i32,
+ pub user_id: i32,
+ pub email: String,
+ pub verified: bool,
+}
+
+#[derive(Debug, Insertable, AsChangeset)]
+#[table_name = "emails"]
+pub struct NewEmail {
+ pub user_id: i32,
+ pub email: String,
+ pub verified: bool,
+}
+
+#[derive(Debug, Queryable, AsChangeset, Identifiable, Associations)]
+#[belongs_to(Email)]
+pub struct Token {
+ pub id: i32,
+ pub email_id: i32,
+ pub token: String,
+ pub created_at: Timespec,
+}
+
+#[derive(Debug, Insertable, AsChangeset)]
+#[table_name = "tokens"]
+pub struct NewToken {
+ pub email_id: i32,
+ pub token: String,
+ pub created_at: Timespec,
+}
+
impl<'a> NewUser<'a> {
pub fn new(
gh_id: i32,
@@ -69,6 +105,8 @@ impl<'a> NewUser<'a> {
use diesel::expression::dsl::sql;
use diesel::types::Integer;
use diesel::pg::upsert::*;
+ use time;
+ use diesel::result::Error;
let update_user = NewUser {
email: None,
@@ -88,12 +126,64 @@ impl<'a> NewUser<'a> {
// necessary for most fields in the database to be used as a conflict
// target :)
let conflict_target = sql::("(gh_id) WHERE gh_id > 0");
- insert(&self.on_conflict(
+ let result = insert(&self.on_conflict(
conflict_target,
do_update().set(&update_user),
)).into(users::table)
.get_result(conn)
- .map_err(Into::into)
+ .map_err(Into::into);
+
+ // To send the user an account verification email...
+ if let Some(user_email) = self.email {
+ let user_id = users::table
+ .select(users::id)
+ .filter(users::gh_id.eq(&self.gh_id))
+ .first(&*conn)
+ .unwrap();
+
+ let new_email = NewEmail {
+ user_id: user_id,
+ email: String::from(user_email),
+ verified: false,
+ };
+
+ let email_result: QueryResult = insert(&new_email.on_conflict_do_nothing())
+ .into(emails::table)
+ .get_result(conn)
+ .map_err(Into::into);
+
+ match email_result {
+ Ok(email) => {
+ let token = generate_token();
+ let new_token = NewToken {
+ email_id: email.id,
+ token: token.clone(),
+ created_at: time::now_utc().to_timespec(),
+ };
+
+ insert(&new_token).into(tokens::table).execute(conn)?;
+
+ if send_user_confirm_email(user_email, self.gh_login, &token).is_err() {
+ return Err(Error::NotFound);
+ };
+ }
+ Err(Error::NotFound) => {
+ // This block is reached if a user already has an email stored
+ // in the database. If an email already exists then we will
+ // not overwrite it with the one received from GitHub. Doing
+ // so would force us to resend a verification email each time
+ // the user logs in, which doesn't make any sense.
+ // Thus, we don't consider this case to actually be an error,
+ // so we don't do anything with it, whereas the block below
+ // will catch all other relevant errors.
+ }
+ Err(err) => {
+ return Err(err);
+ }
+ }
+ }
+
+ result
}
}
@@ -116,6 +206,7 @@ pub struct EncodablePrivateUser {
pub id: i32,
pub login: String,
pub email: Option,
+ pub email_verified: bool,
pub name: Option,
pub avatar: Option,
pub url: Option,
@@ -149,7 +240,7 @@ impl User {
}
/// Converts this `User` model into an `EncodablePrivateUser` for JSON serialization.
- pub fn encodable_private(self) -> EncodablePrivateUser {
+ pub fn encodable_private(self, email_verified: bool) -> EncodablePrivateUser {
let User {
id,
email,
@@ -162,6 +253,7 @@ impl User {
EncodablePrivateUser {
id: id,
email: email,
+ email_verified,
avatar: gh_avatar,
login: gh_login,
name: name,
@@ -320,16 +412,31 @@ pub fn me(req: &mut Request) -> CargoResult {
// This change is not preferable, we'd rather fix the request,
// perhaps adding `req.mut_extensions().insert(user)` to the
// update_user route, however this somehow does not seem to work
+
use self::users::dsl::{users, id};
- let user_id = req.user()?.id;
+ use self::emails::dsl::{emails, user_id};
+
+ let u_id = req.user()?.id;
let conn = req.db_conn()?;
- let user = users.filter(id.eq(user_id)).first::(&*conn)?;
+
+ let user_info = users.filter(id.eq(u_id)).first::(&*conn)?;
+ let email_result = emails.filter(user_id.eq(u_id)).first::(&*conn);
+
+ let (email, verified): (Option, bool) = match email_result {
+ Ok(response) => (Some(response.email), response.verified),
+ Err(_) => (None, false),
+ };
+
+ let user = User {
+ email: email,
+ ..user_info
+ };
#[derive(Serialize)]
struct R {
user: EncodablePrivateUser,
}
- Ok(req.json(&R { user: user.encodable_private() }))
+ Ok(req.json(&R { user: user.encodable_private(verified) }))
}
/// Handles the `GET /users/:user_id` route.
@@ -432,6 +539,11 @@ pub fn stats(req: &mut Request) -> CargoResult {
pub fn update_user(req: &mut Request) -> CargoResult {
use diesel::update;
use self::users::dsl::{users, gh_login, email};
+ use self::emails::dsl::user_id;
+ use self::tokens::dsl::email_id;
+ use diesel::insert;
+ use diesel::pg::upsert::*;
+ use time;
let mut body = String::new();
req.body().read_to_string(&mut body)?;
@@ -473,9 +585,156 @@ pub fn update_user(req: &mut Request) -> CargoResult {
.set(email.eq(user_email))
.execute(&*conn)?;
+ let new_email = NewEmail {
+ user_id: user.id,
+ email: String::from(user_email),
+ verified: false,
+ };
+
+ let email_result: QueryResult =
+ insert(&new_email.on_conflict(user_id, do_update().set(&new_email)))
+ .into(emails::table)
+ .get_result(&*conn)
+ .map_err(Into::into);
+
+ let token = generate_token();
+
+ match email_result {
+ Ok(email_response) => {
+ let new_token = NewToken {
+ email_id: email_response.id,
+ token: token.clone(),
+ created_at: time::now_utc().to_timespec(),
+ };
+
+ insert(&new_token.on_conflict(
+ email_id,
+ do_update().set(&new_token),
+ )).into(tokens::table)
+ .execute(&*conn)?;
+ }
+ Err(_) => {
+ return Err(human("Error in creating token"));
+ }
+ }
+
+ let email_result = send_user_confirm_email(user_email, &user.gh_login, &token);
+ email_result.map_err(
+ |_| bad_request("Email could not be sent"),
+ )?;
+
#[derive(Serialize)]
struct R {
ok: bool,
}
Ok(req.json(&R { ok: true }))
}
+
+fn send_user_confirm_email(email: &str, user_name: &str, token: &str) -> CargoResult<()> {
+ // Create a URL with token string as path to send to user
+ // If user clicks on path, look email/user up in database,
+ // make sure tokens match
+
+ let subject = "Please confirm your email address";
+ let body = format!(
+ "Hello {}! Welcome to Crates.io. Please click the
+link below to verify your email address. Thank you!\n
+https://crates.io/confirm/{}",
+ user_name,
+ token
+ );
+
+ email::send_email(email, subject, &body)
+}
+
+/// Handles the `PUT /confirm/:email_token` route
+pub fn confirm_user_email(req: &mut Request) -> CargoResult {
+ // to confirm, we must grab the token on the request as part of the URL
+ // look up the token in the tokens table
+ // find what user the token belongs to
+ // on the email table, change 'verified' to true
+ // delete the token from the tokens table
+ use diesel::{update, delete};
+
+ let conn = req.db_conn()?;
+ let req_token = &req.params()["email_token"];
+
+ let token_info = tokens::table
+ .filter(tokens::token.eq(req_token))
+ .first::(&*conn)
+ .map_err(|_| bad_request("Email token not found."))?;
+
+ let email_info = emails::table
+ .filter(emails::id.eq(token_info.email_id))
+ .first::(&*conn)
+ .map_err(|_| bad_request("Email belonging to token not found."))?;
+
+ update(emails::table.filter(emails::id.eq(email_info.id)))
+ .set(emails::verified.eq(true))
+ .execute(&*conn)
+ .map_err(|_| bad_request("Email verification could not be updated"))?;
+
+ delete(tokens::table.filter(tokens::id.eq(token_info.id)))
+ .execute(&*conn)
+ .map_err(|_| bad_request("Email token could not be deleted"))?;
+
+ #[derive(Serialize)]
+ struct R {
+ ok: bool,
+ }
+ Ok(req.json(&R { ok: true }))
+}
+
+/// Handles `PUT /user/:user_id/resend` route
+pub fn regenerate_token_and_send(req: &mut Request) -> CargoResult {
+ use diesel::pg::upsert::*;
+ use diesel::insert;
+ use time;
+ use self::tokens::dsl::email_id;
+
+ let mut body = String::new();
+ req.body().read_to_string(&mut body)?;
+ let user = req.user()?;
+ let name = &req.params()["user_id"].parse::().ok().unwrap();
+ let conn = req.db_conn()?;
+
+ // need to check if current user matches user to be updated
+ if &user.id != name {
+ return Err(human("current user does not match requested user"));
+ }
+
+ let email_info = emails::table
+ .filter(emails::user_id.eq(user.id))
+ .first::(&*conn)
+ .map_err(|_| bad_request("Email could not be found"))?;
+
+ let token = generate_token();
+
+ let new_token = NewToken {
+ email_id: email_info.id,
+ token: token.clone(),
+ created_at: time::now_utc().to_timespec(),
+ };
+
+ insert(&new_token.on_conflict(
+ email_id,
+ do_update().set(&new_token),
+ )).into(tokens::table)
+ .execute(&*conn)?;
+
+ let email_result = send_user_confirm_email(&email_info.email, &user.gh_login, &token);
+ email_result.map_err(
+ |_| bad_request("Error in sending email"),
+ )?;
+
+ #[derive(Serialize)]
+ struct R {
+ ok: bool,
+ }
+ Ok(req.json(&R { ok: true }))
+}
+
+fn generate_token() -> String {
+ let token: String = thread_rng().gen_ascii_chars().take(26).collect();
+ token
+}