Email: Rename Confirmations to Verifications, fix var names and codestyle

This commit is contained in:
veselcraft 2022-01-31 15:35:35 +03:00
parent 1df0545061
commit bd8e5318b6
No known key found for this signature in database
GPG key ID: AED66BC1AC628A4E
3 changed files with 21 additions and 22 deletions

View file

@ -5,15 +5,15 @@ use openvk\Web\Models\Entities\EmailVerification;
use openvk\Web\Models\Entities\User; use openvk\Web\Models\Entities\User;
use Nette\Database\Table\ActiveRow; use Nette\Database\Table\ActiveRow;
class Confirmations class Verifications
{ {
private $context; private $context;
private $confirmations; private $verifications;
function __construct() function __construct()
{ {
$this->context = DatabaseConnection::i()->getContext(); $this->context = DatabaseConnection::i()->getContext();
$this->confirmations = $this->context->table("email_verifications"); $this->verifications = $this->context->table("email_verifications");
} }
function toEmailVerification(?ActiveRow $ar): ?EmailVerification function toEmailVerification(?ActiveRow $ar): ?EmailVerification
@ -23,11 +23,11 @@ class Confirmations
function getByToken(string $token): ?EmailVerification function getByToken(string $token): ?EmailVerification
{ {
return $this->toEmailVerification($this->confirmations->where("key", $token)->fetch()); return $this->toEmailVerification($this->verifications->where("key", $token)->fetch());
} }
function getLatestByUser(User $user): ?EmailVerification function getLatestByUser(User $user): ?EmailVerification
{ {
return $this->toEmailVerification($this->confirmations->where("profile", $user->getId())->order("timestamp DESC")->fetch()); return $this->toEmailVerification($this->verifications->where("profile", $user->getId())->order("timestamp DESC")->fetch());
} }
} }

View file

@ -7,7 +7,7 @@ use openvk\Web\Models\Entities\EmailVerification;
use openvk\Web\Models\Repositories\IPs; use openvk\Web\Models\Repositories\IPs;
use openvk\Web\Models\Repositories\Users; use openvk\Web\Models\Repositories\Users;
use openvk\Web\Models\Repositories\Restores; use openvk\Web\Models\Repositories\Restores;
use openvk\Web\Models\Repositories\Confirmations; use openvk\Web\Models\Repositories\Verifications;
use openvk\Web\Util\Validator; use openvk\Web\Util\Validator;
use Chandler\Session\Session; use Chandler\Session\Session;
use Chandler\Security\User as ChandlerUser; use Chandler\Security\User as ChandlerUser;
@ -24,16 +24,16 @@ final class AuthPresenter extends OpenVKPresenter
private $db; private $db;
private $users; private $users;
private $restores; private $restores;
private $confirmations; private $verifications;
function __construct(Users $users, Restores $restores, Confirmations $confirmations) function __construct(Users $users, Restores $restores, Verifications $verifications)
{ {
$this->authenticator = Authenticator::i(); $this->authenticator = Authenticator::i();
$this->db = DatabaseConnection::i()->getContext(); $this->db = DatabaseConnection::i()->getContext();
$this->users = $users; $this->users = $users;
$this->restores = $restores; $this->restores = $restores;
$this->confirmations = $confirmations; $this->verifications = $verifications;
parent::__construct(); parent::__construct();
} }
@ -110,12 +110,12 @@ final class AuthPresenter extends OpenVKPresenter
} }
if (OPENVK_ROOT_CONF['openvk']['preferences']['security']['requireEmail']) { if (OPENVK_ROOT_CONF['openvk']['preferences']['security']['requireEmail']) {
$verifObj = new EmailVerification; $verification = new EmailVerification;
$verifObj->setProfile($user->getId()); $verification->setProfile($user->getId());
$verifObj->save(); $verification->save();
$params = [ $params = [
"key" => $verifObj->getKey(), "key" => $verification->getKey(),
"name" => $user->getCanonicalName(), "name" => $user->getCanonicalName(),
]; ];
$this->sendmail($user->getEmail(), "verify-email", $params); #Vulnerability possible $this->sendmail($user->getEmail(), "verify-email", $params); #Vulnerability possible
@ -282,16 +282,16 @@ final class AuthPresenter extends OpenVKPresenter
if(!$user || $user->isDeleted() || $user->isActivated()) if(!$user || $user->isDeleted() || $user->isActivated())
$this->flashFail("err", tr("error"), tr("email_error")); $this->flashFail("err", tr("error"), tr("email_error"));
$request = $this->confirmations->getLatestByUser($user); $request = $this->verifications->getLatestByUser($user);
if(!is_null($request) && $request->isNew()) if(!is_null($request) && $request->isNew())
$this->flashFail("err", tr("forbidden"), tr("email_rate_limit_error")); $this->flashFail("err", tr("forbidden"), tr("email_rate_limit_error"));
$verifObj = new EmailVerification; $verification = new EmailVerification;
$verifObj->setProfile($user->getId()); $verification->setProfile($user->getId());
$verifObj->save(); $verification->save();
$params = [ $params = [
"key" => $verifObj->getKey(), "key" => $verification->getKey(),
"name" => $user->getCanonicalName(), "name" => $user->getCanonicalName(),
]; ];
$this->sendmail($user->getEmail(), "verify-email", $params); #Vulnerability possible $this->sendmail($user->getEmail(), "verify-email", $params); #Vulnerability possible
@ -302,11 +302,10 @@ final class AuthPresenter extends OpenVKPresenter
function renderVerifyEmail(): void function renderVerifyEmail(): void
{ {
$request = $this->confirmations->getByToken(str_replace(" ", "+", $this->queryParam("key"))); $request = $this->verifications->getByToken(str_replace(" ", "+", $this->queryParam("key")));
if(!$request || !$request->isStillValid()) { if(!$request || !$request->isStillValid()) {
$this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment")); $this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
$this->redirect("/"); $this->redirect("/");
return;
} else { } else {
$user = $request->getUser(); $user = $request->getUser();
$user->setActivated(1); $user->setActivated(1);

View file

@ -32,7 +32,7 @@ services:
- openvk\Web\Models\Repositories\Tickets - openvk\Web\Models\Repositories\Tickets
- openvk\Web\Models\Repositories\Messages - openvk\Web\Models\Repositories\Messages
- openvk\Web\Models\Repositories\Restores - openvk\Web\Models\Repositories\Restores
- openvk\Web\Models\Repositories\Confirmations - openvk\Web\Models\Repositories\Verifications
- openvk\Web\Models\Repositories\Notifications - openvk\Web\Models\Repositories\Notifications
- openvk\Web\Models\Repositories\TicketComments - openvk\Web\Models\Repositories\TicketComments
- openvk\Web\Models\Repositories\IPs - openvk\Web\Models\Repositories\IPs