root/http/reguser.cc

/*  This file is part of Alue, the multiprotocol Internet discussion daemon

    Copyright © 2009, 2010 Antti-Juhani Kaijanaho

    Alue is free software: you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Alue is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Alue.  If not, see <http://www.gnu.org/licenses/>.

 */

#include "authn.hh"
#include "compose.hh"
#include "error_resource.hh"
#include "redir_resource.hh"
#include "request.hh"
#include "templated_resource.hh"
#include "session.hh"
#include "token.hh"

#include "../config.hh"
#include "../db/db.hh"
#include "../db/user.hh"
#include "../db/user_exists.hh"
#include "../html/util.hh"
#include "../logger/logline.hh"
#include "../msg/lexutils.hh"
#include "../server.hh"
#include "../smtp_client/smtp_client.hh"
#include "../tlate/tlate.hh"
#include "../util.hh"

#include <boost/nondet_random.hpp>
#include <boost/shared_ptr.hpp>

namespace http
{
        class reguser : public templated_resource
        {
        public:
                reguser(server::conn_cb cb) 
                        : templated_resource(cb, "reguser.html")
                        {}

                void set_attributes(boost::shared_ptr<request>,
                                    tlate::data_model::ptr);

                void reload_action(boost::shared_ptr<request> req,
                                   tlate::data_model::ptr,
                                   std::string error_message = "");

                void post_action(boost::shared_ptr<request> req,
                                 tlate::data_model::ptr);
        };

        void reguser::reload_action(boost::shared_ptr<request> req,
                                    tlate::data_model::ptr am,
                                    std::string error_message)
        {
                if (!error_message.empty())
                        am->insert("error", html::quote(error_message, false));
                am->insert("userid", req->get_form_field("userid"));
        }

        void reguser::post_action(boost::shared_ptr<request> req,
                                  tlate::data_model::ptr am)
        {
                boost::random_device rand;
                std::string (*const pd)(std::string) = uri::percent_decode;

                std::string pw1 = req->get_form_field("passwd");
                std::string pw2 = req->get_form_field("repass");

                std::string err = db::user::passwd_problems(pw1);
                if (pw1 != pw2) err = "Passwords did not match.";

                if (!err.empty())
                {
                        reload_action(req, am, err);
                        return;
                }

                std::string uid = pd(req->get_form_field("userid"));
                if (uid.find_first_of("\t ") != std::string::npos)
                {
                        reload_action(req, am,
                                      "User id should not contain whitespace.");
                        return;
                }

                boost::shared_ptr<db::user> u;
                try
                {
                        u = cb.dbase().create_user(pd(req->get_form_field("userid")),
                                                   pw1);
                }
                catch (db::user_exists)
                {
                        reload_action(req, am, 
                                      "That user id is not available.");
                        return;
                }

                boost::shared_ptr<session> sess(new session());
                sess->authenticate(u, req->get_form_field("passwd"));

                boost::shared_ptr<resource> rr
                        (new redir_resource(cb, "/editme", "303 See other"));
                throw resource_exception(rr, sess);
        }

        void reguser::set_attributes(boost::shared_ptr<request> req,
                                     tlate::data_model::ptr am)
        {
                boost::shared_ptr<resource> resp;
                if (req->get_path() != "/register")
                {
                        resp.reset(new error_resource(cb, "404 Not found"));
                        throw resource_exception(resp);
                }
                if (req->is_authenticated())
                {
                        reload_action(req, am,
                                      "You must log out before"
                                      " you can continue registration");
                        return;
                }

                if (req->has_form_field("regbut"))
                {
                        if (req->get_method() == "POST")
                                post_action(req, am);
                        else
                                reload_action(req, am);
                }

                am->insert("action", "/register");
                am->insert("method", "post");
                am->insert("enctype", "application/x-www-form-urlencoded");
                am->insert("accept_charlist", "utf8");
       }
}

namespace
{
        class factory : public server::http_resource_factory
        {
        public:
                factory() {
                        server::register_http_resource("/register", this);
                }
                boost::shared_ptr<http::resource> operator()
                (server::conn_cb cb,std::string) {
                        boost::shared_ptr<http::resource> rv
                                (new http::reguser(cb));
                        return rv;
                }
        };
        factory f;
}