From c26edaedcefabb65b638ca522a6dc8f1de40841e Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Tue, 14 Jun 2011 17:43:38 -0600
Subject: [PATCH] figure out and implement the plumbing for users to confirm
 email addresses.  all that's left is actually sending email.  issue #3

---
 authority/server/email.js   |  15 +----
 authority/server/wsapi.js   |  19 +++++-
 authority/static/prove.html | 128 ++++++++++++++++++++++++++++++++++++
 3 files changed, 149 insertions(+), 13 deletions(-)
 create mode 100644 authority/static/prove.html

diff --git a/authority/server/email.js b/authority/server/email.js
index 2777ab6ca..0266c9bce 100644
--- a/authority/server/email.js
+++ b/authority/server/email.js
@@ -1,15 +1,6 @@
 const db = require('./db');
 
 exports.sendVerificationEmail = function(email, secret) {
-  console.log("fakely sending a verification email for " + email);
-  // XXX: what we would really do here is send out an email, instead
-  // we'll just wait 5 seconds and manually feed the secret back into the
-  // system, as if a user had clicked a link
-  setTimeout(function() {
-    db.gotVerificationSecret(secret, function(e) {
-      if (e) {
-        console.log("error completing the verification: " + e);
-      }
-    });
-  }, 5000);
-};
\ No newline at end of file
+    var url = "https://browserid.org/prove.html?token=" + secret;
+    console.log("sending a verification email with url: " + url);
+};
diff --git a/authority/server/wsapi.js b/authority/server/wsapi.js
index 95099e470..ba3cb07c3 100644
--- a/authority/server/wsapi.js
+++ b/authority/server/wsapi.js
@@ -27,7 +27,7 @@ function checkParams(getArgs, resp, params) {
 function isAuthed(req) {
   return (req.session && typeof req.session.authenticatedUser === 'string');
 }
-    
+
 function checkAuthed(req, resp) {
   if (!isAuthed(req)) {
     httputils.badRequest(resp, "requires authentication");
@@ -190,3 +190,20 @@ exports.sync_emails = function(req,resp) {
     });
   });
 };
+
+exports.prove_email_ownership = function(req, resp) {
+    var urlobj = url.parse(req.url, true);
+    var getArgs = urlobj.query;
+
+   // validate inputs
+    if (!checkParams(getArgs, resp, [ "token" ])) return;
+
+    db.gotVerificationSecret(getArgs.token, function(e) {
+      if (e) {
+        console.log("error completing the verification: " + e);
+        httputils.jsonResponse(resp, false);
+      } else {
+        httputils.jsonResponse(resp, true);
+      }
+    });
+}
diff --git a/authority/static/prove.html b/authority/static/prove.html
new file mode 100644
index 000000000..8d7f6915b
--- /dev/null
+++ b/authority/static/prove.html
@@ -0,0 +1,128 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>
+BrowserID -- Confirm Email 
+</title>
+<script src="../dialog/jquery-min.js"></script>
+<style type="text/css">
+
+body { margin: auto; font: 13px/1.5 Helvetica, Arial, 'Liberation Sans', FreeSans, sans-serif; }
+a:link, a:visited { font-style: italic; text-decoration: none; color: #008; }
+a:hover { border-bottom: 2px solid black ; }
+.number { font-family: 'Permanent Marker', arial, serif; font-size: 4em; float: left; padding: 0; margin: 0; vertical-align: top; width: 1.3em}
+.title { font-size: 2em; font-weight: bold; text-align: center; margin: 1.5em; }
+.intro { font-size: 1.2em; width: 600px; margin: auto; }
+.step { width: 600px; margin: auto; margin-top: 1em;}
+.desc { padding-top: 1.5em; min-height: 4.5em;}
+.output {
+  font-family: 'lucida console', monaco, 'andale mono', 'bitstream vera sans mono', consolas, monospace;
+  border: 3px solid #666;
+  -moz-border-radius: 4px;
+  -webkit-border-radius: 4px;
+  border-radius: 4px;
+  padding: .5em;
+  margin: .5em;
+  color: #ccc;
+  background-color: #333;
+/*  white-space: pre;*/
+  font-size: .9em;
+  width:600px;
+  word-wrap: break-word;
+}
+#emailList {
+  font-size: 1.0em; 
+  width: 4x00px; 
+  margin: auto; 
+  font-weight:bold;
+  margin-top:32px;
+}
+.email {
+  display:inline-block;
+}
+.emailblock a {
+  font-size:0.7em;
+  color:#405090;
+}
+.emailblock {
+  border: 1px solid #ddd;
+  -moz-border-radius: 4px;
+  -webkit-border-radius: 4px;
+  background-color:#f0f0f0;
+  width:500px;
+  padding:8px;
+  min-height:48px;
+  margin:16px auto;
+}
+.meta {
+  display:inline-block;
+  float:right;
+  font:8pt Arial;  
+}
+.meta a {
+  cursor:pointer;
+}
+.keyblock {
+  font:8pt Arial;
+}
+.date {
+  font:8pt Arial;
+}
+</style>
+<body>
+
+<div class="title">
+Email Confirmation...
+</div>
+
+<div class="intro">
+  This page is where you land when you want to confirm ownership of email addresses.
+  One moment while we attempt to confirm your address.
+</div>
+
+</body>
+<script>
+function getParameterByName( name )
+{
+  name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
+  var regexS = "[\\?&]"+name+"=([^&#]*)";
+  var regex = new RegExp( regexS );
+  var results = regex.exec( window.location.href );
+  if( results == null )
+    return "";
+  else
+    return decodeURIComponent(results[1].replace(/\+/g, " "));
+}
+
+function success() {
+  $("div.intro").text("Address confirmed!");
+  setTimeout(function() {
+    $("body").fadeOut(1500, function() {
+      window.close();
+    });
+  }, 1000);
+}
+
+function failure(why) {
+  $("div.intro").text("Error encountered while attempting to confirm your address.  please try again.  (error message: " + why + ")");
+}
+
+$(document).ready(function() {
+    $.ajax({
+      url: '/wsapi/prove_email_ownership?token=' + getParameterByName('token'),
+      success: function(status, textStatus, jqXHR) {
+        var obj = JSON.parse(status);
+        if (obj) {
+          success();
+        } else {
+          failure("unknown");
+        }
+      },
+      error: function() {
+        failure("Error Communicating With Server!");
+      }
+    });
+});
+
+</script>
+</html>
-- 
GitLab