winter-software/Wave
winter-software/Wave
1
0
Fork 0
Code Issues Wiki Activity

Changed email tokens to be generated and validated in EmailTemplateService

Browse source
This commit is contained in:
Mia Rose Winter 2024-02-13 13:38:57 +01:00
parent c0afba7554
commit 332abae312
Signed by: miawinter
GPG key ID: 4B6F6A83178F595E
2 changed files with 65 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Wave/Components/Pages/EmailSignup.razor
View file

@ -7,13 +7,11 @@
@using System.Net @using System.Net
@using Microsoft.AspNetCore.Identity.UI.Services @using Microsoft.AspNetCore.Identity.UI.Services
@using Microsoft.EntityFrameworkCore @using Microsoft.EntityFrameworkCore
@using Microsoft.Extensions.Caching.Distributed
@using Wave.Services @using Wave.Services
@inject ILogger<EmailSignup> Logger @inject ILogger<EmailSignup> Logger
@inject IStringLocalizer<EmailSignup> Localizer @inject IStringLocalizer<EmailSignup> Localizer
@inject IDbContextFactory<ApplicationDbContext> ContextFactory @inject IDbContextFactory<ApplicationDbContext> ContextFactory
@inject IDistributedCache TokenCache
@inject IOptions<Features> Features @inject IOptions<Features> Features
@inject IOptions<Customization> Customizations @inject IOptions<Customization> Customizations
@inject NavigationManager Navigation @inject NavigationManager Navigation
@ -60,32 +58,28 @@
private string Message { get; set; } = string.Empty; private string Message { get; set; } = string.Empty;
protected override void OnInitialized() { protected override async Task OnInitializedAsync() {
if (Features.Value.EmailSubscriptions is not true) if (Features.Value.EmailSubscriptions is not true)
throw new ApplicationException("Email subscriptions not enabled."); throw new ApplicationException("Email subscriptions not enabled.");
if (Id is null || Token is null) return; if (Id is null || Token is null) return;
try { try {
string cacheKey = "subscribe-" + Id; var id = await TemplateService.ValidateTokensAsync(Id, Token);
byte[]? tokenInCache = TokenCache.Get(cacheKey);
if (tokenInCache is null || Token != Convert.ToBase64String(tokenInCache)) { if (id is null) {
Message = Localizer["Failure_Message"]; Message = Localizer["Failure_Message"];
return; return;
} }
var realId = new Guid(Convert.FromBase64String(Id)); await using var context = await ContextFactory.CreateDbContextAsync();
using var context = ContextFactory.CreateDbContext(); var subscriber = context.Set<EmailSubscriber>().IgnoreQueryFilters().FirstOrDefault(s => s.Id == id);
var subscriber = context.Set<EmailSubscriber>().IgnoreQueryFilters().FirstOrDefault(s => s.Id == realId);
if (subscriber is null) { if (subscriber is null) {
Message = Localizer["Failure_Message"]; Message = Localizer["Failure_Message"];
return; return;
} }
subscriber.Unsubscribed = false; subscriber.Unsubscribed = false;
context.SaveChanges(); await context.SaveChangesAsync();
TokenCache.Remove(cacheKey);
Message = Localizer["Success_Message"]; Message = Localizer["Success_Message"];
} catch (Exception ex) { } catch (Exception ex) {
Logger.LogError(ex, "Error trying to confirm subscriber."); Logger.LogError(ex, "Error trying to confirm subscriber.");
@ -97,6 +91,7 @@
if (Features.Value.EmailSubscriptions is not true) if (Features.Value.EmailSubscriptions is not true)
throw new ApplicationException("Email subscriptions not enabled."); throw new ApplicationException("Email subscriptions not enabled.");
try {
Message = Localizer["Submit_Message"]; Message = Localizer["Submit_Message"];
await using var context = await ContextFactory.CreateDbContextAsync(); await using var context = await ContextFactory.CreateDbContextAsync();
@ -112,14 +107,7 @@
await context.SaveChangesAsync(); await context.SaveChangesAsync();
if (subscriber.Unsubscribed) { if (subscriber.Unsubscribed) {
string id = Convert.ToBase64String(subscriber.Id.ToByteArray()); (string id, string token) = await TemplateService.CreateConfirmTokensAsync(subscriber.Id);
string token = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
await TokenCache.SetAsync("subscribe-" + id,
Convert.FromBase64String(token),
new DistributedCacheEntryOptions {
AbsoluteExpirationRelativeToNow = TimeSpan.FromDays(1)
});
string confirmLink = Navigation.ToAbsoluteUri( string confirmLink = Navigation.ToAbsoluteUri(
$"/Email/Confirm?user={WebUtility.UrlEncode(id)}&token={WebUtility.UrlEncode(token)}").AbsoluteUri; $"/Email/Confirm?user={WebUtility.UrlEncode(id)}&token={WebUtility.UrlEncode(token)}").AbsoluteUri;
@ -135,6 +123,10 @@
$"""<p style="text-align: center"><a href="{confirmLink}">{Localizer["Submit"]}</a></p>"""); $"""<p style="text-align: center"><a href="{confirmLink}">{Localizer["Submit"]}</a></p>""");
await EmailSender.SendEmailAsync(subscriber.Email, Localizer["ConfirmEmailSubject"], body); await EmailSender.SendEmailAsync(subscriber.Email, Localizer["ConfirmEmailSubject"], body);
} }
} catch (Exception ex) {
Logger.LogError(ex, "Failed to create subscriber/send confirmation mail.");
Message = Localizer["Failure_Message"];
}
} }
private sealed class InputModel { private sealed class InputModel {

30
Wave/Services/EmailTemplateService.cs
View file

@ -1,18 +1,46 @@
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using Microsoft.Extensions.Caching.Distributed;
using Mjml.Net; using Mjml.Net;
namespace Wave.Services; namespace Wave.Services;
public partial class EmailTemplateService(ILogger<EmailTemplateService> logger) { public partial class EmailTemplateService(ILogger<EmailTemplateService> logger, IDistributedCache tokenCache) {
public enum Constants { public enum Constants {
BrowserLink, HomeLink, ContentLogo, ContentTitle, ContentBody, EmailUnsubscribeLink BrowserLink, HomeLink, ContentLogo, ContentTitle, ContentBody, EmailUnsubscribeLink
} }
private ILogger<EmailTemplateService> Logger { get; } = logger; private ILogger<EmailTemplateService> Logger { get; } = logger;
private IMjmlRenderer Renderer { get; } = new MjmlRenderer(); private IMjmlRenderer Renderer { get; } = new MjmlRenderer();
private IDistributedCache TokenCache { get; } = tokenCache;
private Regex TokenMatcher { get; } = MyRegex(); private Regex TokenMatcher { get; } = MyRegex();
public async Task<(string user, string token)> CreateConfirmTokensAsync(Guid subscriberId) {
string user = Convert.ToBase64String(subscriberId.ToByteArray());
string token = Convert.ToBase64String(Guid.NewGuid().ToByteArray());
string cacheKey = "subscribe-" + user;
await TokenCache.SetAsync(cacheKey,
Convert.FromBase64String(token),
new DistributedCacheEntryOptions {
AbsoluteExpirationRelativeToNow = TimeSpan.FromDays(1)
});
return (user, token);
}
public async Task<Guid?> ValidateTokensAsync(string user, string token) {
string cacheKey = "subscribe-" + user;
byte[]? tokenInCache = await TokenCache.GetAsync(cacheKey);
if (tokenInCache is null || token != Convert.ToBase64String(tokenInCache))
return null;
await TokenCache.RemoveAsync(cacheKey);
return new Guid(Convert.FromBase64String(user));
}
public string Default(string url, string logoLink, string title, string body) { public string Default(string url, string logoLink, string title, string body) {
return Process("default", new Dictionary<Constants, object?> { return Process("default", new Dictionary<Constants, object?> {
{Constants.HomeLink, url}, {Constants.HomeLink, url},