feat: login by code (#344)

Signed-off-by: abingcbc <abingcbc626@gmail.com>
2025-07-03 12:30:19 +08:00 · 2021-12-07 00:05:53 +08:00
parent 113398c36b
commit 70a550d8bc
13 changed files with 95 additions and 49 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -139,53 +139,35 @@ func (c *ApiController) Login() {

 		if form.Password == "" {
 			var verificationCodeType string
+			var checkResult string

 			// check result through Email or Phone
-			if strings.Contains(form.Email, "@") {
+			if strings.Contains(form.Username, "@") {
 				verificationCodeType = "email"
-				checkResult := object.CheckVerificationCode(form.Email, form.EmailCode)
-				if len(checkResult) != 0 {
-					responseText := fmt.Sprintf("Email%s", checkResult)
-					c.ResponseError(responseText)
-					return
-				}
+				checkResult = object.CheckVerificationCode(form.Username, form.Code)
 			} else {
 				verificationCodeType = "phone"
-				checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Email)
-				checkResult := object.CheckVerificationCode(checkPhone, form.EmailCode)
-				if len(checkResult) != 0 {
-					responseText := fmt.Sprintf("Phone%s", checkResult)
+				if len(form.PhonePrefix) == 0 {
+					responseText := fmt.Sprintf("%s%s", verificationCodeType, "No phone prefix")
 					c.ResponseError(responseText)
 					return
 				}
+				checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username)
+				checkResult = object.CheckVerificationCode(checkPhone, form.Code)
 			}
-
-			// get user
-			var userId string
-			if form.Username == "" {
-				userId, _ = c.RequireSignedIn()
-			} else {
-				userId = fmt.Sprintf("%s/%s", form.Organization, form.Username)
-			}
-
-			user = object.GetUser(userId)
-			if user == nil {
-				c.ResponseError("No such user.")
+			if len(checkResult) != 0 {
+				responseText := fmt.Sprintf("%s%s", verificationCodeType, checkResult)
+				c.ResponseError(responseText)
 				return
 			}

 			// disable the verification code
-			switch verificationCodeType {
-			case "email":
-				if user.Email != form.Email {
-					c.ResponseError("wrong email!")
-				}
-				object.DisableVerificationCode(form.Email)
-			case "phone":
-				if user.Phone != form.Email {
-					c.ResponseError("wrong phone!")
-				}
-				object.DisableVerificationCode(form.Email)
+			object.DisableVerificationCode(form.Username)
+
+			user = object.GetUserByFields(form.Organization, form.Username)
+			if user == nil {
+				c.ResponseError("No such user.")
+				return
 			}
 		} else {
 			password := form.Password
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -45,6 +45,7 @@ func (c *ApiController) SendVerificationCode() {
 	checkType := c.Ctx.Request.Form.Get("checkType")
 	checkId := c.Ctx.Request.Form.Get("checkId")
 	checkKey := c.Ctx.Request.Form.Get("checkKey")
+	checkUser := c.Ctx.Request.Form.Get("checkUser")
 	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)

 	if len(destType) == 0 || len(dest) == 0 || len(orgId) == 0 || !strings.Contains(orgId, "/") || len(checkType) == 0 || len(checkId) == 0 || len(checkKey) == 0 {
@ -67,6 +68,12 @@ func (c *ApiController) SendVerificationCode() {
 	organization := object.GetOrganization(orgId)
 	application := object.GetApplicationByOrganizationName(organization.Name)

+	if checkUser == "true" && user == nil &&
+		object.GetUserByFields(organization.Name, dest) == nil {
+		c.ResponseError("No such user.")
+		return
+	}
+
 	sendResp := errors.New("Invalid dest type.")
 	switch destType {
 	case "email":