2021-05-12 22:09:41 +08:00
|
|
|
// Copyright 2021 The casbin Authors. All Rights Reserved.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
2021-05-12 21:38:31 +08:00
|
|
|
package controllers
|
|
|
|
|
|
2021-05-12 22:09:41 +08:00
|
|
|
import (
|
2021-09-04 22:20:47 +08:00
|
|
|
"errors"
|
2021-05-13 09:39:07 +08:00
|
|
|
"fmt"
|
2021-05-12 22:09:41 +08:00
|
|
|
"strings"
|
|
|
|
|
|
2022-01-20 14:11:46 +08:00
|
|
|
"github.com/casdoor/casdoor/object"
|
|
|
|
|
"github.com/casdoor/casdoor/util"
|
2021-05-12 22:09:41 +08:00
|
|
|
)
|
2021-05-12 21:38:31 +08:00
|
|
|
|
2021-05-24 01:18:21 +08:00
|
|
|
func (c *ApiController) getCurrentUser() *object.User {
|
|
|
|
|
var user *object.User
|
2021-07-18 07:15:22 +08:00
|
|
|
userId := c.GetSessionUsername()
|
2021-05-24 01:18:21 +08:00
|
|
|
if userId == "" {
|
|
|
|
|
user = nil
|
|
|
|
|
} else {
|
|
|
|
|
user = object.GetUser(userId)
|
|
|
|
|
}
|
|
|
|
|
return user
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-07 22:02:56 +08:00
|
|
|
// SendVerificationCode ...
|
2021-12-03 20:42:36 +08:00
|
|
|
// @Title SendVerificationCode
|
|
|
|
|
// @Tag Verification API
|
2021-12-13 09:49:43 +08:00
|
|
|
// @router /send-verification-code [post]
|
2021-05-12 21:38:31 +08:00
|
|
|
func (c *ApiController) SendVerificationCode() {
|
|
|
|
|
destType := c.Ctx.Request.Form.Get("type")
|
|
|
|
|
dest := c.Ctx.Request.Form.Get("dest")
|
2021-05-18 20:11:03 +08:00
|
|
|
orgId := c.Ctx.Request.Form.Get("organizationId")
|
2021-05-22 20:57:55 +08:00
|
|
|
checkType := c.Ctx.Request.Form.Get("checkType")
|
|
|
|
|
checkId := c.Ctx.Request.Form.Get("checkId")
|
|
|
|
|
checkKey := c.Ctx.Request.Form.Get("checkKey")
|
2021-12-07 00:05:53 +08:00
|
|
|
checkUser := c.Ctx.Request.Form.Get("checkUser")
|
2021-08-03 22:18:59 +08:00
|
|
|
remoteAddr := util.GetIPFromRequest(c.Ctx.Request)
|
2021-05-12 21:38:31 +08:00
|
|
|
|
2021-08-07 22:02:56 +08:00
|
|
|
if len(destType) == 0 || len(dest) == 0 || len(orgId) == 0 || !strings.Contains(orgId, "/") || len(checkType) == 0 || len(checkId) == 0 || len(checkKey) == 0 {
|
2021-05-18 20:11:03 +08:00
|
|
|
c.ResponseError("Missing parameter.")
|
2021-05-12 21:38:31 +08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-22 20:57:55 +08:00
|
|
|
isHuman := false
|
2021-05-24 01:02:38 +08:00
|
|
|
captchaProvider := object.GetDefaultHumanCheckProvider()
|
|
|
|
|
if captchaProvider == nil {
|
2021-05-22 20:57:55 +08:00
|
|
|
isHuman = object.VerifyCaptcha(checkId, checkKey)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !isHuman {
|
|
|
|
|
c.ResponseError("Turing test failed.")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-24 01:18:21 +08:00
|
|
|
user := c.getCurrentUser()
|
2021-05-24 01:02:38 +08:00
|
|
|
organization := object.GetOrganization(orgId)
|
|
|
|
|
application := object.GetApplicationByOrganizationName(organization.Name)
|
2021-10-31 08:49:39 +08:00
|
|
|
|
2021-12-07 00:05:53 +08:00
|
|
|
if checkUser == "true" && user == nil &&
|
|
|
|
|
object.GetUserByFields(organization.Name, dest) == nil {
|
|
|
|
|
c.ResponseError("No such user.")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-04 22:20:47 +08:00
|
|
|
sendResp := errors.New("Invalid dest type.")
|
2021-05-12 21:38:31 +08:00
|
|
|
switch destType {
|
|
|
|
|
case "email":
|
2021-05-13 09:55:37 +08:00
|
|
|
if !util.IsEmailValid(dest) {
|
|
|
|
|
c.ResponseError("Invalid Email address")
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-05-24 01:02:38 +08:00
|
|
|
|
|
|
|
|
provider := application.GetEmailProvider()
|
2021-09-04 22:20:47 +08:00
|
|
|
sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
|
2021-05-12 22:09:41 +08:00
|
|
|
case "phone":
|
2021-05-13 09:55:37 +08:00
|
|
|
if !util.IsPhoneCnValid(dest) {
|
|
|
|
|
c.ResponseError("Invalid phone number")
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-05-18 20:11:03 +08:00
|
|
|
org := object.GetOrganization(orgId)
|
|
|
|
|
if org == nil {
|
|
|
|
|
c.ResponseError("Missing parameter.")
|
|
|
|
|
return
|
2021-05-13 09:39:07 +08:00
|
|
|
}
|
2021-05-24 01:02:38 +08:00
|
|
|
|
2021-05-18 20:11:03 +08:00
|
|
|
dest = fmt.Sprintf("+%s%s", org.PhonePrefix, dest)
|
2021-05-24 01:02:38 +08:00
|
|
|
provider := application.GetSmsProvider()
|
2021-09-04 22:20:47 +08:00
|
|
|
sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, dest)
|
2021-05-12 21:38:31 +08:00
|
|
|
}
|
|
|
|
|
|
2021-09-04 22:20:47 +08:00
|
|
|
if sendResp != nil {
|
2021-10-31 08:49:39 +08:00
|
|
|
c.Data["json"] = Response{Status: "error", Msg: sendResp.Error()}
|
|
|
|
|
} else {
|
|
|
|
|
c.Data["json"] = Response{Status: "ok"}
|
2021-05-12 21:38:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.ServeJSON()
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-07 22:02:56 +08:00
|
|
|
// ResetEmailOrPhone ...
|
2021-12-03 20:42:36 +08:00
|
|
|
// @Tag Account API
|
|
|
|
|
// @Title ResetEmailOrPhone
|
|
|
|
|
// @router /api/reset-email-or-phone [post]
|
2021-05-12 21:38:31 +08:00
|
|
|
func (c *ApiController) ResetEmailOrPhone() {
|
2021-05-17 23:25:28 +08:00
|
|
|
userId, ok := c.RequireSignedIn()
|
|
|
|
|
if !ok {
|
2021-05-12 21:38:31 +08:00
|
|
|
return
|
|
|
|
|
}
|
2021-05-17 23:25:28 +08:00
|
|
|
|
2021-05-12 21:38:31 +08:00
|
|
|
user := object.GetUser(userId)
|
|
|
|
|
if user == nil {
|
|
|
|
|
c.ResponseError("No such user.")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
destType := c.Ctx.Request.Form.Get("type")
|
|
|
|
|
dest := c.Ctx.Request.Form.Get("dest")
|
|
|
|
|
code := c.Ctx.Request.Form.Get("code")
|
|
|
|
|
if len(dest) == 0 || len(code) == 0 || len(destType) == 0 {
|
|
|
|
|
c.ResponseError("Missing parameter.")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-13 09:39:07 +08:00
|
|
|
checkDest := dest
|
|
|
|
|
if destType == "phone" {
|
2021-05-16 22:58:30 +08:00
|
|
|
org := object.GetOrganizationByUser(user)
|
2021-05-13 09:39:07 +08:00
|
|
|
phonePrefix := "86"
|
|
|
|
|
if org != nil && org.PhonePrefix != "" {
|
|
|
|
|
phonePrefix = org.PhonePrefix
|
|
|
|
|
}
|
|
|
|
|
checkDest = fmt.Sprintf("+%s%s", phonePrefix, dest)
|
|
|
|
|
}
|
|
|
|
|
if ret := object.CheckVerificationCode(checkDest, code); len(ret) != 0 {
|
2021-05-12 21:38:31 +08:00
|
|
|
c.ResponseError(ret)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch destType {
|
|
|
|
|
case "email":
|
|
|
|
|
user.Email = dest
|
|
|
|
|
object.SetUserField(user, "email", user.Email)
|
2021-05-12 22:09:41 +08:00
|
|
|
case "phone":
|
2021-05-13 09:39:07 +08:00
|
|
|
user.Phone = dest
|
2021-05-12 22:09:41 +08:00
|
|
|
object.SetUserField(user, "phone", user.Phone)
|
2021-05-12 21:38:31 +08:00
|
|
|
default:
|
|
|
|
|
c.ResponseError("Unknown type.")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-18 20:11:03 +08:00
|
|
|
object.DisableVerificationCode(checkDest)
|
2021-05-12 21:38:31 +08:00
|
|
|
c.Data["json"] = Response{Status: "ok"}
|
|
|
|
|
c.ServeJSON()
|
|
|
|
|
}
|
