From 2aaec827321ec711b98e13335899cf750f270105 Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Sun, 31 Oct 2021 15:46:23 +0100
Subject: smtp + email confirmation (#285)

* add smtp configuration

* add email confirm + reset templates

* add email sender to testrig

* flesh out the email sender interface

* go fmt

* golint

* update from field with more clarity

* tidy up the email formatting

* fix tests

* add email sender to processor

* tidy client api processing a bit

* further tidying in fromClientAPI

* pin new account to user

* send msg to processor on new account creation

* generate confirm email uri

* remove emailer from account processor again

* add processCreateAccountFromClientAPI

* move emailer accountprocessor => userprocessor

* add email sender to user processor

* SendConfirmEmail function

* add noop email sender

* use noop email sender in tests

* only assemble message if callback is not nil

* use noop email sender if no smtp host is defined

* minify email html before sending

* fix wrong email address

* email confirm test

* fmt

* serve web hndler

* add email confirm handler

* init test log properly on testrig

* log emails that *would* have been sent

* go fmt ./...

* unexport confirm email handler

* updatedAt

* test confirm email function

* don't allow tokens older than 7 days

* change error message a bit

* add basic smtp docs

* add a few more snippets

* typo

* add email sender to outbox tests

* don't use dutch wikipedia link

* don't minify email html
---
 internal/processing/user/emailconfirm_test.go | 114 ++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 internal/processing/user/emailconfirm_test.go

(limited to 'internal/processing/user/emailconfirm_test.go')

diff --git a/internal/processing/user/emailconfirm_test.go b/internal/processing/user/emailconfirm_test.go
new file mode 100644
index 000000000..40d5956aa
--- /dev/null
+++ b/internal/processing/user/emailconfirm_test.go
@@ -0,0 +1,114 @@
+/*
+   GoToSocial
+   Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package user_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type EmailConfirmTestSuite struct {
+	UserStandardTestSuite
+}
+
+func (suite *EmailConfirmTestSuite) TestSendConfirmEmail() {
+	user := suite.testUsers["local_account_1"]
+
+	// set a bunch of stuff on the user as though zork hasn't been confirmed (perish the thought)
+	user.UnconfirmedEmail = "some.email@example.org"
+	user.Email = ""
+	user.ConfirmedAt = time.Time{}
+	user.ConfirmationSentAt = time.Time{}
+	user.ConfirmationToken = ""
+
+	err := suite.user.SendConfirmEmail(context.Background(), user, "the_mighty_zork")
+	suite.NoError(err)
+
+	// zork should have an email now
+	suite.Len(suite.sentEmails, 1)
+	email, ok := suite.sentEmails["some.email@example.org"]
+	suite.True(ok)
+
+	// a token should be set on zork
+	token := user.ConfirmationToken
+	suite.NotEmpty(token)
+
+	// email should contain the token
+	emailShould := fmt.Sprintf("Subject: GoToSocial Email Confirmation\r\nFrom: GoToSocial <test@example.org>\r\nTo: some.email@example.org\r\nMIME-version: 1.0;\nContent-Type: text/html;\r\n<!DOCTYPE html>\n<html>\n    </head>\n    <body>\n        <div>\n            <h1>\n                Hello the_mighty_zork!\n            </h1>\n        </div>\n        <div>\n            <p>\n                You are receiving this mail because you've requested an account on <a href=\"http://localhost:8080\">localhost:8080</a>.\n            </p>\n            <p>\n                We just need to confirm that this is your email address. To confirm your email, <a href=\"http://localhost:8080/confirm_email?token=%s\">click here</a> or paste the following in your browser's address bar:\n            </p>\n            <p>\n                <code>\n                    http://localhost:8080/confirm_email?token=%s\n                </code>\n            </p>\n        </div>\n        <div>\n            <p>\n                If you believe you've been sent this email in error, feel free to ignore it, or contact the administrator of <a href=\"http://localhost:8080\">localhost:8080</a>.\n            </p>\n        </div>\n    </body>\n</html>\r\n", token, token)
+	suite.Equal(emailShould, email)
+
+	// confirmationSentAt should be recent
+	suite.WithinDuration(time.Now(), user.ConfirmationSentAt, 1*time.Minute)
+}
+
+func (suite *EmailConfirmTestSuite) TestConfirmEmail() {
+	ctx := context.Background()
+
+	user := suite.testUsers["local_account_1"]
+
+	// set a bunch of stuff on the user as though zork hasn't been confirmed yet, but has had an email sent 5 minutes ago
+	user.UnconfirmedEmail = "some.email@example.org"
+	user.Email = ""
+	user.ConfirmedAt = time.Time{}
+	user.ConfirmationSentAt = time.Now().Add(-5 * time.Minute)
+	user.ConfirmationToken = "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6"
+
+	err := suite.db.UpdateByPrimaryKey(ctx, user)
+	suite.NoError(err)
+
+	// confirm with the token set above
+	updatedUser, errWithCode := suite.user.ConfirmEmail(ctx, "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6")
+	suite.NoError(errWithCode)
+
+	// email should now be confirmed and token cleared
+	suite.Equal("some.email@example.org", updatedUser.Email)
+	suite.Empty(updatedUser.UnconfirmedEmail)
+	suite.Empty(updatedUser.ConfirmationToken)
+	suite.WithinDuration(updatedUser.ConfirmedAt, time.Now(), 1*time.Minute)
+	suite.WithinDuration(updatedUser.UpdatedAt, time.Now(), 1*time.Minute)
+}
+
+func (suite *EmailConfirmTestSuite) TestConfirmEmailOldToken() {
+	ctx := context.Background()
+
+	user := suite.testUsers["local_account_1"]
+
+	// set a bunch of stuff on the user as though zork hasn't been confirmed yet, but has had an email sent 8 days ago
+	user.UnconfirmedEmail = "some.email@example.org"
+	user.Email = ""
+	user.ConfirmedAt = time.Time{}
+	user.ConfirmationSentAt = time.Now().Add(-192 * time.Hour)
+	user.ConfirmationToken = "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6"
+
+	err := suite.db.UpdateByPrimaryKey(ctx, user)
+	suite.NoError(err)
+
+	// confirm with the token set above
+	updatedUser, errWithCode := suite.user.ConfirmEmail(ctx, "1d1aa44b-afa4-49c8-ac4b-eceb61715cc6")
+	suite.Nil(updatedUser)
+	suite.EqualError(errWithCode, "ConfirmEmail: confirmation token expired")
+}
+
+func TestEmailConfirmTestSuite(t *testing.T) {
+	suite.Run(t, &EmailConfirmTestSuite{})
+}
-- 
cgit v1.2.3