prepare registration support

2019-03-04 19:22:40 +01:00 · 2019-03-04 19:22:40 +01:00 · 5b523ff2f0
commit 5b523ff2f0
parent 8adca327fd
2 changed files with 127 additions and 5 deletions
--- a/index.pl
+++ b/index.pl
@ -5,7 +5,9 @@ use Mojolicious::Plugin::Authentication;
 use Cache::File;
 use DateTime;
 use DBI;
-use Encode qw(decode);
+use Encode qw(decode encode);
+use Email::Sender::Simple qw(sendmail);
+use Email::Simple;
 use Geo::Distance;
 use List::Util qw(first);
 use List::MoreUtils qw(after_incl before_incl);
@ -554,6 +556,18 @@ helper 'get_user_id' => sub {
 	}
 };

+helper 'check_if_user_name_exists' => sub {
+	my ( $self, $user_name ) = @_;
+
+	$self->app->get_userid_query->execute($user_name);
+	my $rows = $self->app->get_userid_query->fetchall_arrayref;
+
+	if ( @{$rows} ) {
+		return 1;
+	}
+	return 0;
+};
+
 helper 'get_user_travels' => sub {
 	my ( $self, $limit ) = @_;

@ -945,6 +959,88 @@ get '/x/register' => sub {
 	$self->render('register');
 };

+post '/x/register' => sub {
+	my ($self)    = @_;
+	my $user      = $self->req->param('user');
+	my $email     = $self->req->param('email');
+	my $password  = $self->req->param('password');
+	my $password2 = $self->req->param('password2');
+	my $ip        = $self->req->headers->header('X-Forwarded-For');
+	my $ua        = $self->req->headers->user_agent;
+	my $date = DateTime->now( time_zone => 'Europe/Berlin' )
+	  ->strftime('%d.%m.%Y %H:%M:%S %z');
+
+	# In case Mojolicious is not running behind a reverse proxy
+	$ip
+	  //= sprintf( '%s:%s', $self->tx->remote_address, $self->tx->remote_port );
+
+	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
+		$self->render(
+			'register',
+			invalid => 'csrf',
+		);
+		return;
+	}
+
+	if ( not length($user) ) {
+		$self->render( 'register', invalid => 'user_empty' );
+		return;
+	}
+
+	if ( $user !~ m{ ^ [0-9a-zA-Z_-]+ $ }x ) {
+		$self->render( 'register', invalid => 'user_format' );
+		return;
+	}
+
+	if ( $self->check_if_user_name_exists($user) ) {
+		$self->render( 'register', invalid => 'user_collision' );
+		return;
+	}
+
+	if ( $password ne $password2 ) {
+		$self->render( 'register', invalid => 'password_notequal' );
+		return;
+	}
+
+	if ( length($password) < 8 ) {
+		$self->render( 'register', invalid => 'password_short' );
+		return;
+	}
+
+	my $body = "Hallo, ${user}!\n\n";
+	$body .= "Mit deiner E-Mail-Adresse (${email}) wurde ein Account auf\n";
+	$body .= "travelynx.finalrewind.org angelegt.\n\n";
+	$body
+	  .= "Falls die Registrierung von dir ausging, kannst du den Account unter\n";
+	$body .= "https://travelynx.finalrewind.org/x/TODO freischalten.\n\n";
+	$body
+	  .= "Falls nicht, ignoriere diese Mail bitte. Nach 48 Stunden wird deine\n";
+	$body
+	  .= "Mail-Adresse erneut zur Registrierung freigeschaltet. Falls auch diese fehlschlägt,\n";
+	$body
+	  .= "werden wir sie dauerhaft sperren und keine Mails mehr dorthin schicken.\n\n";
+	$body .= "Daten zur Registrierung:\n";
+	$body .= " * Datum: ${date}\n";
+	$body .= " * Verwendete IP: ${ip}\n";
+	$body .= " * Verwendeter Browser gemäß User Agent: ${ua}\n\n\n";
+	$body .= "Impressum: https://travelynx.finalrewind.org/x/impressum\n";
+
+	# TODO create user object
+
+	my $reg_mail = Email::Simple->create(
+		header => [
+			To             => $email,
+			From           => 'Travelynx <travelynx@finalrewind.org>',
+			Subject        => 'Registrierung auf travelynx.finalrewind.org',
+			'Content-Type' => 'text/plain; charset=UTF-8',
+		],
+		body => encode( 'utf-8', $body ),
+	);
+	sendmail($reg_mail);
+
+	$self->render( 'login', from => 'register' );
+};
+
 get '/*station' => sub {
 	my ($self) = @_;
 	my $station = $self->stash('station');
--- a/templates/register.html.ep
+++ b/templates/register.html.ep
@ -1,24 +1,50 @@
+% if (my $invalid = stash('invalid')) {
+	<div class="row">
+		<div class="col s12">
+			<div class="card red darken-4">
+				<div class="card-content white-text">
+					% if ($invalid eq 'csrf') {
+						<span class="card-title">Ungültiger CSRF-Token</span>
+						<p>Sind Cookies aktiviert? Ansonsten könnte es sich um einen
+						Fall von <a
+						href="https://de.wikipedia.org/wiki/Cross-Site-Request-Forgery">CSRF</a>
+						handeln.</p>
+					% }
+					% elsif ($invalid eq 'credentials') {
+						<span class="card-title">Ungültige Logindaten</span>
+						<p>Falscher Account oder falsches Passwort.</p>
+					% }
+					% else {
+						<span class="card-title">Unbekannter Fehler</span>
+						<p>„<%= $invalid %>“</p>
+					% }
+				</div>
+			</div>
+		</div>
+	</div>
+% }
 <div class="row">
 	%= form_for '/x/register' => (class => 'col s12', method => 'POST') => begin
+		%= csrf_field
 		<div class="row">
 			<div class="input-field col l6 m12 s12">
 				<i class="material-icons prefix">account_circle</i>
-				<input id="account" type="text" class="validate">
+				<input name="user" id="account" type="text" class="validate">
 				<label for="account">Name</label>
 			</div>
 			<div class="input-field col l6 m12 s12">
 				<i class="material-icons prefix">email</i>
-				<input id="email" type="email" class="validate">
+				<input name="email" id="email" type="email" class="validate">
 				<label for="email">Mail-Adresse</label>
 			</div>
 			<div class="input-field col l6 m12 s12">
 				<i class="material-icons prefix">lock</i>
-				<input id="password" type="password" class="validate">
+				<input name="password" id="password" type="password" class="validate">
 				<label for="password">Passwort</label>
 			</div>
 			<div class="input-field col l6 m12 s12">
 				<i class="material-icons prefix">lock</i>
-				<input id="password2" type="password" class="validate">
+				<input name="password2" id="password2" type="password" class="validate">
 				<label for="password2">Passwort wiederholen</label>
 			</div>
 		</div>