From 16210e71476eaa14821d19f2a79c7a02d14431a9 Mon Sep 17 00:00:00 2001 From: hylom Date: Mon, 5 Nov 2018 20:26:47 +0900 Subject: [PATCH] change /newuser/password handler --- src/newslash_web/lib/Newslash/Web.pm | 2 +- .../lib/Newslash/Web/Controller/API/User.pm | 238 ++++++++++++++------- 2 files changed, 163 insertions(+), 77 deletions(-) diff --git a/src/newslash_web/lib/Newslash/Web.pm b/src/newslash_web/lib/Newslash/Web.pm index 9030eeec..4dca24a4 100644 --- a/src/newslash_web/lib/Newslash/Web.pm +++ b/src/newslash_web/lib/Newslash/Web.pm @@ -351,7 +351,7 @@ sub startup { $api->post('/newuser/validate')->to('API::User#validate_new_user'); $api->post('/newuser/create')->to('API::User#create_new_user'); - $api->post('/newuser/password')->to('API::User#update_password'); + $api->post('/newuser/password')->to('API::User#newuser_password'); $api->get('/sidebar/item')->to('API::SidebarItem#get', seclev => 1); diff --git a/src/newslash_web/lib/Newslash/Web/Controller/API/User.pm b/src/newslash_web/lib/Newslash/Web/Controller/API/User.pm index 62fbd4d7..1bda3e7a 100644 --- a/src/newslash_web/lib/Newslash/Web/Controller/API/User.pm +++ b/src/newslash_web/lib/Newslash/Web/Controller/API/User.pm @@ -2,6 +2,7 @@ package Newslash::Web::Controller::API::User; use Mojo::Base 'Mojolicious::Controller'; use Mojo::Util qw(dumper); use Mojo::JSON qw(decode_json encode_json to_json from_json); +use Email::Valid; =pod @@ -125,8 +126,8 @@ sub post { my $c = shift; my $user = $c->stash('user'); my $users = $c->model('users'); - my $data = $c->req->json; + my $uid = $data->{user_id} || $user->{uid}; if ($uid != $user->{uid} && !$user->{is_admin}) { $c->render(json => { error => 1, message => "no_privileges" }); @@ -134,8 +135,6 @@ sub post { return; } - my $message = ""; - if (!$user->{is_login}) { $c->render(json => { error => 1, message => "you are not a login user." }); $c->rendered(400); @@ -143,107 +142,194 @@ sub post { } if ($data->{type} eq "config") { - my $config = $data->{config} || {}; - delete $config->{id} if defined $config->{id}; - delete $config->{uid} if defined $config->{uid}; - delete $config->{user_id} if defined $config->{user_id}; + return $c->update_config($uid, $data); + } - my $new_cfg = $users->configs->update(id => $uid, %$config); - if ($new_cfg) { - my $target_user = $users->select(uid => $uid); + if ($data->{type} eq "sidebar") { + return $c->update_sidebar($uid, $data); + } - # update session cache - $c->user_auth->update_user_cache($target_user); + if ($data->{type} eq "message") { + return $c->update_message($uid, $data); + } - $c->render(json => {config => $new_cfg, message => ""}); - $c->event_que->emit("user", "update", $uid); - return; - } - $c->render(json => { error => 1, message => $users->last_error }); - $c->rendered(400); + if ($data->{type} eq "acl2") { + return $c->update_acl2($uid, $data); + } + + if ($data->{type} eq "email") { + return $c->update_email($uid, $data); + } + + if ($data->{type} eq "password") { + return $c->update_password($uid, $data); + } + + $c->render(json => { error => 1, message => "invalid_request" }); + $c->rendered(400); + return; +} + +sub update_config { + my ($c, $uid, $data) = @_; + my $users = $c->model('users'); + + my $config = $data->{config} || {}; + delete $config->{id} if defined $config->{id}; + delete $config->{uid} if defined $config->{uid}; + delete $config->{user_id} if defined $config->{user_id}; + + my $new_cfg = $users->configs->update(id => $uid, %$config); + if ($new_cfg) { + my $target_user = $users->select(uid => $uid); + + # update session cache + $c->user_auth->update_user_cache($target_user); + + $c->render(json => {config => $new_cfg, message => ""}); + $c->event_que->emit("user", "update", $uid); return; } + $c->render(json => { error => 1, message => $users->last_error }); + $c->rendered(400); + return; +} - if ($data->{type} eq "sidebar") { - my $new_cfg = $users->sidebar->update(uid => $uid, - config => $data->{items}); - if ($new_cfg) { - my $target_user = $users->select(uid => $uid); +sub update_sidebar { + my ($c, $uid, $data) = @_; + my $users = $c->model('users'); - # update session cache - $c->user_auth->update_user_cache($target_user); + my $new_cfg = $users->sidebar->update(uid => $uid, + config => $data->{items}); + if ($new_cfg) { + my $target_user = $users->select(uid => $uid); - $c->render(json => {items => $new_cfg, message => ""}); - $c->event_que->emit("user", "update", $uid); - return; - } - $c->render(json => { error => 1, message => $users->last_error }); - $c->rendered(500); + # update session cache + $c->user_auth->update_user_cache($target_user); + + $c->render(json => {items => $new_cfg, message => ""}); + $c->event_que->emit("user", "update", $uid); return; } + $c->render(json => { error => 1, message => $users->last_error }); + $c->rendered(500); + return; +} - if ($data->{type} eq "message") { - my $items = $data->{items}; - my $error = ""; - my $updated = 0; - my $messages = $users->messages; - for my $item (@$items) { - my $rs = $messages->update(uid => $uid, +sub update_message { + my ($c, $uid, $data) = @_; + my $users = $c->model('users'); + + my $items = $data->{items}; + my $error = ""; + my $updated = 0; + my $messages = $users->messages; + for my $item (@$items) { + my $rs = $messages->update(uid => $uid, code => $item->{code}, mode => $item->{mode}); - if (defined $rs) { - $updated += $rs; - } - else { - $error = $messages->last_error; - } + if (defined $rs) { + $updated += $rs; } - - if ($updated) { - $c->event_que->emit("user", "update_message_settings", $uid); + else { + $error = $messages->last_error; } + } - if (!$error) { - $c->render(json => {items => $items, message => $error}); - return; - } + if ($updated) { + $c->event_que->emit("user", "update_message_settings", $uid); + } - $c->render(json => { error => 1, message => $users->last_error }); - $c->rendered(400); + if (!$error) { + $c->render(json => {items => $items, message => $error}); return; } - if ($data->{type} eq "acl2") { - if (!$user->{is_admin}) { - $c->render(json => { error => 1, message => "no_privileges" }); - $c->rendered(403); - return; - } - my $rs = $users->acl2->update(uid => $uid, - adin_uid => $user->{uid}, - types => $data->{values}, - comment => $data->{comment}); - if ($rs) { - c->user_auth->update_user_cache($user); - $c->render(json => {item => $data}); - #$c->event_que->emit("user", "update_acl2", $uid); - return; - } - $c->render(json => { error => 1, message => $users->last_error }); - $c->rendered(500); + $c->render(json => { error => 1, message => $users->last_error }); + $c->rendered(400); + return; +} + +sub update_acl2 { + my ($c, $uid, $data) = @_; + my $user = $c->stash('user'); + my $users = $c->model('users'); + + if (!$user->{is_admin}) { + $c->render(json => { error => 1, message => "no_privileges" }); + $c->rendered(403); return; } + my $rs = $users->acl2->update(uid => $uid, + adin_uid => $user->{uid}, + types => $data->{values}, + comment => $data->{comment}); + if ($rs) { + $c->user_auth->update_user_cache($user); + $c->render(json => {item => $data}); + #$c->event_que->emit("user", "update_acl2", $uid); + return; + } + $c->render(json => { error => 1, message => $users->last_error }); + $c->rendered(500); + return; +} - $message = "invalid request"; - if (length($message) > 0) { - $c->render(json => { error => 1, message => $message }); - $c->rendered(400); +sub update_email { + my ($c, $uid, $data) = @_; + my $user = $c->stash('user'); + my $users = $c->model('users'); + + my $address = $data->{address}; + my $message = ""; + + if (!Email::Valid->address($address)) { + $message = "invalid_address"; + } + else { + my $rs = $c->users->change_email($user, $address); + if (!$rs) { + $message = $c->users->last_error; + } + } + + if (!$message) { + $c->render(json => { uid => $user->{uid}, email => $address }); return; } + + $c->render(json => { error => 1, message => $message }); + $c->rendered(500); return; + } sub update_password { + my ($c, $uid, $data) = @_; + my $user = $c->stash('user'); + my $users = $c->model('users'); + + if (!$data->{current_password} || !$data->{new_password}) { + $c->render(json => { error => 1, message => "no_password_given" }); + $c->rendered(400); + return; + } + + my $rs = $c->users->update_password($user, + $data->{current_password}, + $data->{new_password}); + if (!$rs) { + $c->render(json => { uid => $user->{uid} }); + return; + } + # error + $c->render(json => { error => 1, message => $c->users->last_error }); + $c->rendered(400); + return; + +}; + +sub newuser_password { my $c = shift; my $params = $c->req->json; @@ -259,7 +345,7 @@ sub update_password { $c->render(json => {}); return; } - $c->render(json => { error => 1 }); + $c->render(json => { error => 1, message => "invalid_request" }); $c->rendered(400); return; } -- 2.11.0