2
* Copyright 2009 Google Inc.
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
* you may not use this file except in compliance with the License.
6
* You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS-IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
17
import("stringutils");
18
import("stringutils.*");
20
import("email.sendEmail");
21
import("cache_utils.syncedWithCache");
23
import("etherpad.helpers");
24
import("etherpad.utils.*");
25
import("etherpad.sessions.getSession");
26
import("etherpad.pro.pro_accounts");
27
import("etherpad.pro.pro_accounts.getSessionProAccount");
28
import("etherpad.pro.domains");
29
import("etherpad.pro.pro_utils");
30
import("etherpad.pro.pro_account_auto_signin");
31
import("etherpad.pro.pro_config");
32
import("etherpad.pad.pad_security");
33
import("etherpad.pad.padutils");
34
import("etherpad.pad.padusers");
35
import("etherpad.collab.collab_server");
37
function onRequest() {
38
if (!getSession().tempFormData) {
39
getSession().tempFormData = {};
42
return false; // path not handled here
45
//--------------------------------------------------------------------------------
47
//--------------------------------------------------------------------------------
49
function _redirOnError(m, clearQuery) {
51
getSession().accountFormError = m;
53
var dest = request.url;
57
response.redirect(dest);
61
function setSigninNotice(m) {
62
getSession().accountSigninNotice = m;
65
function setSessionError(m) {
66
getSession().accountFormError = m;
69
function _topDiv(id, name) {
70
var m = getSession()[name];
72
delete getSession()[name];
73
return DIV({id: id}, m);
79
function _messageDiv() { return _topDiv('account-message', 'accountMessage'); }
80
function _errorDiv() { return _topDiv('account-error', 'accountFormError'); }
81
function _signinNoticeDiv() { return _topDiv('signin-notice', 'accountSigninNotice'); }
83
function _renderTemplate(name, data) {
84
data.messageDiv = _messageDiv;
85
data.errorDiv = _errorDiv;
86
data.signinNotice = _signinNoticeDiv;
87
data.tempFormData = getSession().tempFormData;
88
renderFramed('pro/account/'+name+'.ejs', data);
91
//----------------------------------------------------------------
93
//----------------------------------------------------------------
95
function render_main_get() {
96
_renderTemplate('my-account', {
97
account: getSessionProAccount(),
98
changePass: getSession().changePass
102
function render_update_info_get() {
103
response.redirect('/ep/account/');
106
function render_update_info_post() {
107
var fullName = request.params.fullName;
108
var email = trim(request.params.email);
110
getSession().tempFormData.email = email;
111
getSession().tempFormData.fullName = fullName;
113
_redirOnError(pro_accounts.validateEmail(email));
114
_redirOnError(pro_accounts.validateFullName(fullName));
116
pro_accounts.setEmail(getSessionProAccount(), email);
117
pro_accounts.setFullName(getSessionProAccount(), fullName);
119
getSession().accountMessage = "Info updated.";
120
response.redirect('/ep/account/');
123
function render_update_password_get() {
124
response.redirect('/ep/account/');
127
function render_update_password_post() {
128
var password = request.params.password;
129
var passwordConfirm = request.params.passwordConfirm;
131
if (password != passwordConfirm) { _redirOnError('Passwords did not match.'); }
133
_redirOnError(pro_accounts.validatePassword(password));
135
pro_accounts.setPassword(getSessionProAccount(), password);
137
if (getSession().changePass) {
138
delete getSession().changePass;
139
response.redirect('/');
142
getSession().accountMessage = "Password updated.";
143
response.redirect('/ep/account/');
146
//--------------------------------------------------------------------------------
148
//--------------------------------------------------------------------------------
150
function render_sign_in_get() {
151
if (request.params.uid && request.params.tp) {
152
var m = pro_accounts.authenticateTempSignIn(Number(request.params.uid), request.params.tp);
154
getSession().accountFormError = m;
155
response.redirect('/ep/account/');
158
if (request.params.instantSigninKey) {
159
_attemptInstantSignin(request.params.instantSigninKey);
161
if (getSession().recentlySignedOut && getSession().accountFormError) {
162
delete getSession().accountFormError;
163
delete getSession().recentlySignedOut;
165
// Note: must check isAccountSignedIn before calling checkAutoSignin()!
166
if (pro_accounts.isAccountSignedIn()) {
167
_redirectToPostSigninDestination();
169
pro_account_auto_signin.checkAutoSignin();
170
var domainRecord = domains.getRequestDomainRecord();
171
var showGuestBox = false;
172
if (request.params.guest && request.params.padId) {
175
_renderTemplate('signin', {
176
domain: pro_utils.getFullProDomain(),
177
siteName: toHTML(pro_config.getConfig().siteName),
178
email: getSession().tempFormData.email || "",
179
password: getSession().tempFormData.password || "",
180
rememberMe: getSession().tempFormData.rememberMe || false,
181
showGuestBox: showGuestBox,
182
localPadId: request.params.padId
186
function _attemptInstantSignin(key) {
187
// See src/etherpad/control/global_pro_account_control.js
190
syncedWithCache('global_signin_passwords', function(c) {
192
email = c[key].email;
193
password = c[key].password;
197
getSession().tempFormData.email = email;
198
_redirOnError(pro_accounts.authenticateSignIn(email, password), true);
201
function render_sign_in_post() {
202
var email = trim(request.params.email);
203
var password = request.params.password;
205
getSession().tempFormData.email = email;
206
getSession().tempFormData.rememberMe = request.params.rememberMe;
208
_redirOnError(pro_accounts.authenticateSignIn(email, password));
209
pro_account_auto_signin.setAutoSigninCookie(request.params.rememberMe);
210
_redirectToPostSigninDestination();
213
function render_guest_sign_in_get() {
214
var localPadId = request.params.padId;
215
var domainId = domains.getRequestDomainId();
216
var globalPadId = padutils.makeGlobalId(domainId, localPadId);
217
var userId = padusers.getUserId();
219
pro_account_auto_signin.checkAutoSignin();
220
pad_security.clearKnockStatus(userId, globalPadId);
222
_renderTemplate('signin-guest', {
223
localPadId: localPadId,
224
errorMessage: getSession().guestAccessError,
225
siteName: toHTML(pro_config.getConfig().siteName),
226
guestName: padusers.getUserName() || ""
230
function render_guest_sign_in_post() {
233
getSession().guestAccessError = m;
234
response.redirect(request.url);
237
var displayName = request.params.guestDisplayName;
238
var localPadId = request.params.localPadId;
239
if (!(displayName && displayName.length > 0)) {
240
_err("Please enter a display name");
242
getSession().guestDisplayName = displayName;
243
response.redirect('/ep/account/guest-knock?padId='+encodeURIComponent(localPadId)+
244
"&guestDisplayName="+encodeURIComponent(displayName));
247
function render_guest_knock_get() {
248
var localPadId = request.params.padId;
249
helpers.addClientVars({
250
localPadId: localPadId,
251
guestDisplayName: request.params.guestDisplayName,
252
padUrl: "http://"+httpHost(request.host)+"/"+localPadId
254
_renderTemplate('guest-knock', {});
257
function render_guest_knock_post() {
258
var localPadId = request.params.padId;
259
var displayName = request.params.guestDisplayName;
260
var domainId = domains.getRequestDomainId();
261
var globalPadId = padutils.makeGlobalId(domainId, localPadId);
262
var userId = padusers.getUserId();
264
response.setContentType("text/plain; charset=utf-8");
265
// has the knock already been answsered?
266
var currentAnswer = pad_security.getKnockAnswer(userId, globalPadId);
268
response.write(currentAnswer);
270
collab_server.guestKnock(globalPadId, userId, displayName);
271
response.write("wait");
275
function _redirectToPostSigninDestination() {
276
var cont = request.params.cont;
277
if (!cont) { cont = '/'; }
278
response.redirect(cont);
281
function render_sign_out() {
282
pro_account_auto_signin.setAutoSigninCookie(false);
283
pro_accounts.signOut();
284
delete getSession().padPasswordAuth;
285
getSession().recentlySignedOut = true;
286
response.redirect("/");
289
//--------------------------------------------------------------------------------
290
// create-admin-account (eepnet only)
291
//--------------------------------------------------------------------------------
293
function render_create_admin_account_get() {
294
if (pro_accounts.doesAdminExist()) {
295
renderFramedError("An admin account already exists on this domain.");
298
_renderTemplate('create-admin-account', {});
301
function render_create_admin_account_post() {
302
var email = trim(request.params.email);
303
var password = request.params.password;
304
var passwordConfirm = request.params.passwordConfirm;
305
var fullName = request.params.fullName;
307
getSession().tempFormData.email = email;
308
getSession().tempFormData.fullName = fullName;
310
if (password != passwordConfirm) { _redirOnError('Passwords did not match.'); }
312
_redirOnError(pro_accounts.validateEmail(email));
313
_redirOnError(pro_accounts.validateFullName(fullName));
314
_redirOnError(pro_accounts.validatePassword(password));
316
pro_accounts.createNewAccount(null, fullName, email, password, true);
318
var u = pro_accounts.getAccountByEmail(email, null);
320
// TODO: should we send a welcome email here?
321
//pro_accounts.sendWelcomeEmail(u);
323
_redirOnError(pro_accounts.authenticateSignIn(email, password));
325
response.redirect("/");
329
//--------------------------------------------------------------------------------
331
//--------------------------------------------------------------------------------
333
function render_forgot_password_get() {
334
if (request.params.instantSubmit && request.params.email) {
335
render_forgot_password_post();
337
_renderTemplate('forgot-password', {
338
email: getSession().tempFormData.email || ""
343
function render_forgot_password_post() {
344
var email = trim(request.params.email);
346
getSession().tempFormData.email = email;
348
var u = pro_accounts.getAccountByEmail(email, null);
350
_redirOnError("Account not found: "+email);
353
var tempPass = stringutils.randomString(10);
354
pro_accounts.setTempPassword(u, tempPass);
356
var subj = "EtherPad: Request to reset your password on "+request.domain;
357
var body = renderTemplateAsString('pro/account/forgot-password-email.ejs', {
359
recoverUrl: pro_accounts.getTempSigninUrl(u, tempPass)
361
var fromAddr = pro_utils.getEmailFromAddr();
362
sendEmail(u.email, fromAddr, subj, {}, body);
364
getSession().accountMessage = "An email has been sent to "+u.email+" with instructions to reset the password.";
365
response.redirect(request.path);