Various tweaks and improvements
* Inner circle: users have the ability to remove themselves and can avoid being invited again in the future. * Admin actions: add a "Reset Password" ability to user accounts. * Admin "Create New User" page. * Rate limit error handling improvements for the login page.
This commit is contained in:
parent
6d46632270
commit
42aeb60853
|
@ -32,9 +32,11 @@ const (
|
||||||
// - Impersonate: ability to log in as a user account
|
// - Impersonate: ability to log in as a user account
|
||||||
// - Ban: ability to ban/unban users
|
// - Ban: ability to ban/unban users
|
||||||
// - Delete: ability to delete user accounts
|
// - Delete: ability to delete user accounts
|
||||||
|
ScopeUserCreate = "admin.user.create"
|
||||||
ScopeUserInsight = "admin.user.insights"
|
ScopeUserInsight = "admin.user.insights"
|
||||||
ScopeUserImpersonate = "admin.user.impersonate"
|
ScopeUserImpersonate = "admin.user.impersonate"
|
||||||
ScopeUserBan = "admin.user.ban"
|
ScopeUserBan = "admin.user.ban"
|
||||||
|
ScopeUserPassword = "admin.user.password"
|
||||||
ScopeUserDelete = "admin.user.delete"
|
ScopeUserDelete = "admin.user.delete"
|
||||||
ScopeUserPromote = "admin.user.promote"
|
ScopeUserPromote = "admin.user.promote"
|
||||||
|
|
||||||
|
@ -65,9 +67,11 @@ var AdminScopeDescriptions = map[string]string{
|
||||||
ScopeForumAdmin: "Ability to manage forums themselves (add or remove forums, edit their properties).",
|
ScopeForumAdmin: "Ability to manage forums themselves (add or remove forums, edit their properties).",
|
||||||
ScopeAdminScopeAdmin: "Ability to manage admin permissions for other admin accounts.",
|
ScopeAdminScopeAdmin: "Ability to manage admin permissions for other admin accounts.",
|
||||||
ScopeMaintenance: "Ability to activate maintenance mode functions of the website (turn features on or off, disable signups or logins, etc.)",
|
ScopeMaintenance: "Ability to activate maintenance mode functions of the website (turn features on or off, disable signups or logins, etc.)",
|
||||||
|
ScopeUserCreate: "Ability to manually create a new user account, bypassing the signup page.",
|
||||||
ScopeUserInsight: "Ability to see admin insights about a user profile (e.g. their block lists and who blocks them).",
|
ScopeUserInsight: "Ability to see admin insights about a user profile (e.g. their block lists and who blocks them).",
|
||||||
ScopeUserImpersonate: "Ability to log in as any user account (note: this action is logged and notifies all admins when it happens. Admins must write a reason and it is used to diagnose customer support issues, help with their certification picture, or investigate a reported Direct Message conversation they had).",
|
ScopeUserImpersonate: "Ability to log in as any user account (note: this action is logged and notifies all admins when it happens. Admins must write a reason and it is used to diagnose customer support issues, help with their certification picture, or investigate a reported Direct Message conversation they had).",
|
||||||
ScopeUserBan: "Ability to ban or unban user accounts.",
|
ScopeUserBan: "Ability to ban or unban user accounts.",
|
||||||
|
ScopeUserPassword: "Ability to reset a user's password on their behalf.",
|
||||||
ScopeUserDelete: "Ability to fully delete user accounts on their behalf.",
|
ScopeUserDelete: "Ability to fully delete user accounts on their behalf.",
|
||||||
ScopeUserPromote: "Ability to add or remove the admin status flag on a user profile.",
|
ScopeUserPromote: "Ability to add or remove the admin status flag on a user profile.",
|
||||||
ScopeFeedbackAndReports: "Ability to see admin reports and user feedback.",
|
ScopeFeedbackAndReports: "Ability to see admin reports and user feedback.",
|
||||||
|
@ -97,9 +101,11 @@ func ListAdminScopes() []string {
|
||||||
ScopeForumAdmin,
|
ScopeForumAdmin,
|
||||||
ScopeAdminScopeAdmin,
|
ScopeAdminScopeAdmin,
|
||||||
ScopeMaintenance,
|
ScopeMaintenance,
|
||||||
|
ScopeUserCreate,
|
||||||
ScopeUserInsight,
|
ScopeUserInsight,
|
||||||
ScopeUserImpersonate,
|
ScopeUserImpersonate,
|
||||||
ScopeUserBan,
|
ScopeUserBan,
|
||||||
|
ScopeUserPassword,
|
||||||
ScopeUserDelete,
|
ScopeUserDelete,
|
||||||
ScopeUserPromote,
|
ScopeUserPromote,
|
||||||
ScopeFeedbackAndReports,
|
ScopeFeedbackAndReports,
|
||||||
|
|
|
@ -166,3 +166,51 @@ func RemoveCircle() http.HandlerFunc {
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LeaveCircle allows users to remove themself from the circle.
|
||||||
|
func LeaveCircle() http.HandlerFunc {
|
||||||
|
tmpl := templates.Must("account/leave_circle.html")
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
currentUser, err := session.CurrentUser(r)
|
||||||
|
if err != nil || !currentUser.IsInnerCircle() {
|
||||||
|
templates.NotFoundPage(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Submitting the form?
|
||||||
|
if r.Method == http.MethodPost {
|
||||||
|
var (
|
||||||
|
confirm = r.PostFormValue("confirm") == "true"
|
||||||
|
dontReinvite = r.PostFormValue("dont_reinvite") == "true"
|
||||||
|
)
|
||||||
|
|
||||||
|
if !confirm {
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove them from the circle now.
|
||||||
|
if err := models.RemoveFromInnerCircle(currentUser); err != nil {
|
||||||
|
session.FlashError(w, r, "Error updating your inner circle status: %s", err)
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Confirmation message, + don't reinvite again?
|
||||||
|
if dontReinvite {
|
||||||
|
currentUser.SetProfileField("inner_circle_optout", "true")
|
||||||
|
session.Flash(w, r, "You have been removed from the inner circle, and you WILL NOT be invited again in the future.")
|
||||||
|
} else {
|
||||||
|
session.Flash(w, r, "You have been removed from the inner circle.")
|
||||||
|
}
|
||||||
|
|
||||||
|
templates.Redirect(w, "/me")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := tmpl.Execute(w, r, nil); err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
@ -38,10 +38,23 @@ func Login() http.HandlerFunc {
|
||||||
CooldownAt: config.LoginRateLimitCooldownAt,
|
CooldownAt: config.LoginRateLimitCooldownAt,
|
||||||
Cooldown: config.LoginRateLimitCooldown,
|
Cooldown: config.LoginRateLimitCooldown,
|
||||||
}
|
}
|
||||||
|
var takebackDeferredError bool
|
||||||
if err := limiter.Ping(); err != nil {
|
if err := limiter.Ping(); err != nil {
|
||||||
session.FlashError(w, r, err.Error())
|
// Is it a deferred error? Flash it at the end of the request but continue
|
||||||
templates.Redirect(w, r.URL.Path)
|
// to process this login attempt as normal.
|
||||||
return
|
if ratelimit.IsDeferredError(err) {
|
||||||
|
defer func() {
|
||||||
|
if takebackDeferredError {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
session.FlashError(w, r, err.Error())
|
||||||
|
}()
|
||||||
|
} else {
|
||||||
|
// Lock-out error, show it now and quit.
|
||||||
|
session.FlashError(w, r, err.Error())
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Look up their account.
|
// Look up their account.
|
||||||
|
@ -124,6 +137,9 @@ func Login() http.HandlerFunc {
|
||||||
log.Error("Failed to clear login rate limiter: %s", err)
|
log.Error("Failed to clear login rate limiter: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If there was going to be a deferred ratelimit error, take it back.
|
||||||
|
takebackDeferredError = true
|
||||||
|
|
||||||
// Redirect to their dashboard.
|
// Redirect to their dashboard.
|
||||||
session.Flash(w, r, "Login successful.")
|
session.Flash(w, r, "Login successful.")
|
||||||
if strings.HasPrefix(next, "/") {
|
if strings.HasPrefix(next, "/") {
|
||||||
|
|
62
pkg/controller/admin/add_user.go
Normal file
62
pkg/controller/admin/add_user.go
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
package admin
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"net/mail"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"code.nonshy.com/nonshy/website/pkg/models"
|
||||||
|
"code.nonshy.com/nonshy/website/pkg/session"
|
||||||
|
"code.nonshy.com/nonshy/website/pkg/templates"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Manually create new user accounts.
|
||||||
|
func AddUser() http.HandlerFunc {
|
||||||
|
tmpl := templates.Must("admin/add_user.html")
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if r.Method == http.MethodPost {
|
||||||
|
var (
|
||||||
|
email = strings.TrimSpace(strings.ToLower(r.PostFormValue("email")))
|
||||||
|
username = strings.TrimSpace(strings.ToLower(r.PostFormValue("username")))
|
||||||
|
password = r.PostFormValue("password")
|
||||||
|
)
|
||||||
|
|
||||||
|
// Validate the email.
|
||||||
|
if _, err := mail.ParseAddress(email); err != nil {
|
||||||
|
session.FlashError(w, r, "The email address you entered is not valid: %s", err)
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Password check.
|
||||||
|
if len(password) < 3 {
|
||||||
|
session.FlashError(w, r, "The password is required to be 3+ characters long.")
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Validate the username is OK: well formatted, not reserved, not existing.
|
||||||
|
if err := models.IsValidUsername(username); err != nil {
|
||||||
|
session.FlashError(w, r, err.Error())
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create the user.
|
||||||
|
if _, err := models.CreateUser(username, email, password); err != nil {
|
||||||
|
session.FlashError(w, r, "Couldn't create the user: %s", err)
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
session.Flash(w, r, "Created the username %s with password: %s", username, password)
|
||||||
|
templates.Redirect(w, r.URL.Path)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := tmpl.Execute(w, r, nil); err != nil {
|
||||||
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
|
@ -187,6 +187,31 @@ func UserActions() http.HandlerFunc {
|
||||||
models.LogEvent(user, currentUser, models.ChangeLogAdmin, "users", currentUser.ID, fmt.Sprintf("User admin status updated to: %s", action))
|
models.LogEvent(user, currentUser, models.ChangeLogAdmin, "users", currentUser.ID, fmt.Sprintf("User admin status updated to: %s", action))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
case "password":
|
||||||
|
// Scope check.
|
||||||
|
if !currentUser.HasAdminScope(config.ScopeUserPassword) {
|
||||||
|
session.FlashError(w, r, "Missing admin scope: %s", config.ScopeUserPassword)
|
||||||
|
templates.Redirect(w, "/admin")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if confirm {
|
||||||
|
password := r.PostFormValue("password")
|
||||||
|
if len(password) < 3 {
|
||||||
|
session.FlashError(w, r, "A password of at least 3 characters is required.")
|
||||||
|
templates.Redirect(w, r.URL.Path+fmt.Sprintf("?intent=password&user_id=%d", user.ID))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := user.SaveNewPassword(password); err != nil {
|
||||||
|
session.FlashError(w, r, "Failed to set the user's password: %s", err)
|
||||||
|
} else {
|
||||||
|
session.Flash(w, r, "The user's password has been updated to: %s", password)
|
||||||
|
}
|
||||||
|
|
||||||
|
templates.Redirect(w, "/u/"+user.Username)
|
||||||
|
return
|
||||||
|
}
|
||||||
case "delete":
|
case "delete":
|
||||||
// Scope check.
|
// Scope check.
|
||||||
if !currentUser.HasAdminScope(config.ScopeUserDelete) {
|
if !currentUser.HasAdminScope(config.ScopeUserDelete) {
|
||||||
|
|
|
@ -214,6 +214,7 @@ func UserPhotos() http.HandlerFunc {
|
||||||
"CommentMap": commentMap,
|
"CommentMap": commentMap,
|
||||||
"ViewStyle": viewStyle,
|
"ViewStyle": viewStyle,
|
||||||
"ExplicitCount": explicitCount,
|
"ExplicitCount": explicitCount,
|
||||||
|
"InnerCircleOptOut": user.GetProfileField("inner_circle_optout") == "true",
|
||||||
"InnerCircleInviteView": innerCircleInvite,
|
"InnerCircleInviteView": innerCircleInvite,
|
||||||
|
|
||||||
// Search filters
|
// Search filters
|
||||||
|
|
|
@ -651,6 +651,14 @@ func (u *User) HashPassword(password string) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SaveNewPassword updates a user's password and saves their record to the database.
|
||||||
|
func (u *User) SaveNewPassword(password string) error {
|
||||||
|
if err := u.HashPassword(password); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return u.Save()
|
||||||
|
}
|
||||||
|
|
||||||
// CheckPassword verifies the password is correct. Returns nil on success.
|
// CheckPassword verifies the password is correct. Returns nil on success.
|
||||||
func (u *User) CheckPassword(password string) error {
|
func (u *User) CheckPassword(password string) error {
|
||||||
return bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(password))
|
return bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(password))
|
||||||
|
|
47
pkg/ratelimit/errors.go
Normal file
47
pkg/ratelimit/errors.go
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
package ratelimit
|
||||||
|
|
||||||
|
import "fmt"
|
||||||
|
|
||||||
|
// ErrLockedOut is a lock-out error, sent when the user is currently throttled and
|
||||||
|
// the website is NOT to even test their password if logging in.
|
||||||
|
type ErrLockedOut struct {
|
||||||
|
message string
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrDeferred is a rate limit error which can be shown to the user AFTER their current
|
||||||
|
// login attempt is tried. For example, if they've failed to log in a few times and aren't
|
||||||
|
// currently in a LockedOut cooldown period, you can test their password and then show
|
||||||
|
// them the deferred error message at the end of the request.
|
||||||
|
type ErrDeferred struct {
|
||||||
|
message string
|
||||||
|
deferred bool
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewLockedOutError(message string, v ...interface{}) ErrLockedOut {
|
||||||
|
return ErrLockedOut{
|
||||||
|
message: fmt.Sprintf(message, v...),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewDeferredError(message string, v ...interface{}) ErrDeferred {
|
||||||
|
return ErrDeferred{
|
||||||
|
message: fmt.Sprintf(message, v...),
|
||||||
|
deferred: true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsDeferredError returns whether a ratelimit error is deferred.
|
||||||
|
func IsDeferredError(err error) bool {
|
||||||
|
if err2, ok := err.(ErrDeferred); ok {
|
||||||
|
return err2.deferred
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e ErrLockedOut) Error() string {
|
||||||
|
return e.message
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e ErrDeferred) Error() string {
|
||||||
|
return e.message
|
||||||
|
}
|
|
@ -26,6 +26,13 @@ type Data struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ping the rate limiter.
|
// Ping the rate limiter.
|
||||||
|
//
|
||||||
|
// The returned error can be one of the following types:
|
||||||
|
//
|
||||||
|
// - ErrLockedOut if the user is being cooled down - the caller should not attempt to process their request.
|
||||||
|
// - ErrDeferred if the rate limiter is being invokved - the caller can process their request, and if failed, show this error.
|
||||||
|
//
|
||||||
|
// Other error types signify internal errors, e.g. inability to set a Redis key.
|
||||||
func (l *Limiter) Ping() error {
|
func (l *Limiter) Ping() error {
|
||||||
var (
|
var (
|
||||||
key = l.Key()
|
key = l.Key()
|
||||||
|
@ -38,7 +45,7 @@ func (l *Limiter) Ping() error {
|
||||||
|
|
||||||
// Are we cooling down?
|
// Are we cooling down?
|
||||||
if now.Before(data.NotBefore) {
|
if now.Before(data.NotBefore) {
|
||||||
return fmt.Errorf(
|
return NewLockedOutError(
|
||||||
"You are doing that too often. Please wait %s before trying again.",
|
"You are doing that too often. Please wait %s before trying again.",
|
||||||
utility.FormatDurationCoarse(data.NotBefore.Sub(now)),
|
utility.FormatDurationCoarse(data.NotBefore.Sub(now)),
|
||||||
)
|
)
|
||||||
|
@ -49,7 +56,7 @@ func (l *Limiter) Ping() error {
|
||||||
|
|
||||||
// Have we hit the wall?
|
// Have we hit the wall?
|
||||||
if data.Pings >= l.Limit {
|
if data.Pings >= l.Limit {
|
||||||
return fmt.Errorf(
|
return NewLockedOutError(
|
||||||
"You have hit the rate limit; please wait the full %s before trying again.",
|
"You have hit the rate limit; please wait the full %s before trying again.",
|
||||||
utility.FormatDurationCoarse(l.Window),
|
utility.FormatDurationCoarse(l.Window),
|
||||||
)
|
)
|
||||||
|
@ -61,7 +68,7 @@ func (l *Limiter) Ping() error {
|
||||||
if err := redis.Set(key, data, l.Window); err != nil {
|
if err := redis.Set(key, data, l.Window); err != nil {
|
||||||
return fmt.Errorf("Couldn't set Redis key for rate limiter: %s", err)
|
return fmt.Errorf("Couldn't set Redis key for rate limiter: %s", err)
|
||||||
}
|
}
|
||||||
return fmt.Errorf(
|
return NewDeferredError(
|
||||||
"Please wait %s before trying again. You have %d more attempt(s) remaining before you will be locked "+
|
"Please wait %s before trying again. You have %d more attempt(s) remaining before you will be locked "+
|
||||||
"out for %s.",
|
"out for %s.",
|
||||||
utility.FormatDurationCoarse(l.Cooldown),
|
utility.FormatDurationCoarse(l.Cooldown),
|
||||||
|
|
|
@ -78,6 +78,7 @@ func New() http.Handler {
|
||||||
mux.Handle("GET /admin/unimpersonate", middleware.LoginRequired(admin.Unimpersonate()))
|
mux.Handle("GET /admin/unimpersonate", middleware.LoginRequired(admin.Unimpersonate()))
|
||||||
mux.Handle("GET /inner-circle", middleware.LoginRequired(account.InnerCircle()))
|
mux.Handle("GET /inner-circle", middleware.LoginRequired(account.InnerCircle()))
|
||||||
mux.Handle("/inner-circle/invite", middleware.LoginRequired(account.InviteCircle()))
|
mux.Handle("/inner-circle/invite", middleware.LoginRequired(account.InviteCircle()))
|
||||||
|
mux.Handle("/inner-circle/leave", middleware.LoginRequired(account.LeaveCircle()))
|
||||||
mux.Handle("GET /admin/transparency/{username}", middleware.LoginRequired(admin.Transparency()))
|
mux.Handle("GET /admin/transparency/{username}", middleware.LoginRequired(admin.Transparency()))
|
||||||
|
|
||||||
// Certification Required. Pages that only full (verified) members can access.
|
// Certification Required. Pages that only full (verified) members can access.
|
||||||
|
@ -99,6 +100,7 @@ func New() http.Handler {
|
||||||
mux.Handle("/admin/feedback", middleware.AdminRequired(config.ScopeFeedbackAndReports, admin.Feedback()))
|
mux.Handle("/admin/feedback", middleware.AdminRequired(config.ScopeFeedbackAndReports, admin.Feedback()))
|
||||||
mux.Handle("/admin/user-action", middleware.AdminRequired("", admin.UserActions()))
|
mux.Handle("/admin/user-action", middleware.AdminRequired("", admin.UserActions()))
|
||||||
mux.Handle("/admin/maintenance", middleware.AdminRequired(config.ScopeMaintenance, admin.Maintenance()))
|
mux.Handle("/admin/maintenance", middleware.AdminRequired(config.ScopeMaintenance, admin.Maintenance()))
|
||||||
|
mux.Handle("/admin/add-user", middleware.AdminRequired(config.ScopeUserCreate, admin.AddUser()))
|
||||||
mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage()))
|
mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage()))
|
||||||
mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit()))
|
mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit()))
|
||||||
mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle()))
|
mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle()))
|
||||||
|
|
|
@ -206,6 +206,13 @@
|
||||||
features such as the Chat Room.
|
features such as the Chat Room.
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
<h2>Leave the inner circle</h2>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If you would like to opt-out and leave the inner circle, you may do so by clicking
|
||||||
|
<a href="/inner-circle/leave">here</a>.
|
||||||
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
87
web/templates/account/leave_circle.html
Normal file
87
web/templates/account/leave_circle.html
Normal file
|
@ -0,0 +1,87 @@
|
||||||
|
{{define "title"}}Leave the Inner Circle{{end}}
|
||||||
|
{{define "content"}}
|
||||||
|
<div class="container">
|
||||||
|
<section class="hero is-inner-circle is-bold">
|
||||||
|
<div class="hero-body">
|
||||||
|
<div class="container">
|
||||||
|
<h1 class="title has-text-light">
|
||||||
|
<img src="/static/img/circle-24.png" class="mr-1">
|
||||||
|
Leave the Inner Circle
|
||||||
|
</h1>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<div class="block p-4">
|
||||||
|
<div class="level">
|
||||||
|
<div class="level-item">
|
||||||
|
<div class="card" style="max-width: 512px">
|
||||||
|
<header class="card-header has-background-link">
|
||||||
|
<p class="card-header-title has-text-light">
|
||||||
|
<img src="/static/img/circle-16.png" class="mr-2">
|
||||||
|
Leave the Inner Circle
|
||||||
|
</p>
|
||||||
|
</header>
|
||||||
|
<div class="card-content content">
|
||||||
|
<form id="leave_circle" method="POST" action="/inner-circle/leave">
|
||||||
|
{{InputCSRF}}
|
||||||
|
<input type="hidden" name="confirm" value="true">
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Are you sure that you want to <strong>leave the {{PrettyCircle}}?</strong>
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
This action can not be un-done easily; after leaving the inner circle, the only
|
||||||
|
way back in is for somebody in the circle to invite you again.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
In case you <strong>do not want</strong> to be invited into the circle again,
|
||||||
|
you can check the box below.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<label class="checkbox mb-4 has-text-warning">
|
||||||
|
<input type="checkbox"
|
||||||
|
name="dont_reinvite"
|
||||||
|
id="dont_reinvite"
|
||||||
|
value="true">
|
||||||
|
Don't let anyone invite me to the {{PrettyCircle}} again.
|
||||||
|
</label>
|
||||||
|
|
||||||
|
<div class="block has-text-center">
|
||||||
|
<button type="submit" class="button is-danger">Leave the Inner Circle</button>
|
||||||
|
<button type="button" class="button is-success" onclick="history.back()">Cancel</button>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
{{end}}
|
||||||
|
{{define "scripts"}}
|
||||||
|
<script>
|
||||||
|
document.addEventListener("DOMContentLoaded", () => {
|
||||||
|
let $form = document.querySelector("#leave_circle"),
|
||||||
|
$cb = document.querySelector("#dont_reinvite");
|
||||||
|
|
||||||
|
$form.addEventListener("submit", (e) => {
|
||||||
|
if ($cb.checked) {
|
||||||
|
if (!window.confirm(
|
||||||
|
"Are you sure you want to leave the circle, permanently?\n\n" +
|
||||||
|
"You have requested that nobody can re-invite you into the circle again in the future. " +
|
||||||
|
"This action CAN NOT be undone!\n\n" +
|
||||||
|
"If you want to leave open the possibility to be re-invited in the future, click Cancel " +
|
||||||
|
"and un-check that box."
|
||||||
|
)) {
|
||||||
|
e.preventDefault();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
})
|
||||||
|
</script>
|
||||||
|
{{end}}
|
|
@ -515,6 +515,12 @@
|
||||||
<span>Add/Remove admin rights</span>
|
<span>Add/Remove admin rights</span>
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="/admin/user-action?intent=password&user_id={{.User.ID}}">
|
||||||
|
<span class="icon"><i class="fa fa-lock"></i></span>
|
||||||
|
<span>Reset Password</span>
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<a href="/admin/user-action?intent=delete&user_id={{.User.ID}}">
|
<a href="/admin/user-action?intent=delete&user_id={{.User.ID}}">
|
||||||
<span class="icon"><i class="fa fa-trash"></i></span>
|
<span class="icon"><i class="fa fa-trash"></i></span>
|
||||||
|
|
154
web/templates/admin/add_user.html
Normal file
154
web/templates/admin/add_user.html
Normal file
|
@ -0,0 +1,154 @@
|
||||||
|
{{define "title"}}Admin - Create User Account{{end}}
|
||||||
|
{{define "content"}}
|
||||||
|
{{$Root := .}}
|
||||||
|
<div class="container">
|
||||||
|
<section class="hero is-danger is-bold">
|
||||||
|
<div class="hero-body">
|
||||||
|
<div class="container">
|
||||||
|
<h1 class="title">
|
||||||
|
Create User Accont
|
||||||
|
</h1>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<form method="POST" action="{{.Request.URL.Path}}">
|
||||||
|
{{InputCSRF}}
|
||||||
|
<div class="p-4">
|
||||||
|
|
||||||
|
<p class="block">
|
||||||
|
This page allows you to create a new user account. A common use case may include
|
||||||
|
when a new user was trying to sign up, but couldn't receive the confirmation e-mail,
|
||||||
|
and they reached out to have their account created manually.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<p class="block">
|
||||||
|
<strong>Important:</strong> we want all users to have verified e-mail addresses. This
|
||||||
|
form should generally only be used when somebody has e-mailed our support@ address and
|
||||||
|
we will use their sender e-mail address for the account.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<div class="field">
|
||||||
|
<label class="label" for="email">Email address:</label>
|
||||||
|
<input type="email" class="input"
|
||||||
|
placeholder="name@domain.com"
|
||||||
|
name="email"
|
||||||
|
id="email">
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="field">
|
||||||
|
<label class="label" for="username">Username:</label>
|
||||||
|
<input type="text" class="input"
|
||||||
|
name="username"
|
||||||
|
id="username">
|
||||||
|
<small class="has-text-grey">Usernames are 3 to 32 characters a-z 0-9 . -</small>
|
||||||
|
|
||||||
|
<!-- Username checking -->
|
||||||
|
<div class="notification is-info is-light py-2 px-4 mt-1"
|
||||||
|
id="username-checking" style="display: none">
|
||||||
|
<i class="fa fa-spinner fa-spin mr-1"></i> Checking username...
|
||||||
|
</div>
|
||||||
|
<div class="notification is-success is-light py-2 px-4 mt-1"
|
||||||
|
id="username-ok" style="display: none">
|
||||||
|
<i class="fa fa-check mr-1"></i> Looks good!
|
||||||
|
</div>
|
||||||
|
<div class="notification is-danger is-light py-2 px-4 mt-1"
|
||||||
|
id="username-error" style="display: none">
|
||||||
|
<i class="fa fa-xmark mr-1"></i> That username is already taken!
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="field">
|
||||||
|
<label class="label" for="password">Password:</label>
|
||||||
|
<input type="text" class="input"
|
||||||
|
name="password"
|
||||||
|
id="password">
|
||||||
|
<a href="#" id="random-password" class="has-text-warning is-size-7">
|
||||||
|
<i class="fa fa-refresh"></i> Random password
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="block">
|
||||||
|
<button type="submit" class="button is-primary"
|
||||||
|
name="intent" value="save">
|
||||||
|
Save Settings
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
{{end}}
|
||||||
|
{{define "scripts"}}
|
||||||
|
<script>
|
||||||
|
window.addEventListener("DOMContentLoaded", (event) => {
|
||||||
|
// Password randomization.
|
||||||
|
const $password = document.querySelector("#password"),
|
||||||
|
$randomize = document.querySelector("#random-password");
|
||||||
|
alphabet = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz0123456789";
|
||||||
|
$randomize.addEventListener("click", (e) => {
|
||||||
|
e.preventDefault();
|
||||||
|
let password = "";
|
||||||
|
for (let i = 0; i < 16; i++) {
|
||||||
|
password += alphabet[parseInt(Math.random() * alphabet.length)];
|
||||||
|
}
|
||||||
|
$password.value = password;
|
||||||
|
});
|
||||||
|
|
||||||
|
// Set up username checking script.
|
||||||
|
const $username = document.querySelector("#username"),
|
||||||
|
$unCheck = document.querySelector("#username-checking"),
|
||||||
|
$unOK = document.querySelector("#username-ok"),
|
||||||
|
$unError = document.querySelector("#username-error");
|
||||||
|
|
||||||
|
let onChange = (e) => {
|
||||||
|
$unCheck.style.display = "block";
|
||||||
|
$unOK.style.display = "none";
|
||||||
|
$unError.style.display = "none";
|
||||||
|
|
||||||
|
if ($username.value.length < 3) {
|
||||||
|
$unCheck.style.display = "none";
|
||||||
|
return;
|
||||||
|
};
|
||||||
|
|
||||||
|
return fetch("/v1/users/check-username", {
|
||||||
|
method: "POST",
|
||||||
|
mode: "same-origin",
|
||||||
|
cache: "no-cache",
|
||||||
|
credentials: "same-origin",
|
||||||
|
headers: {
|
||||||
|
"Content-Type": "application/json",
|
||||||
|
},
|
||||||
|
body: JSON.stringify({
|
||||||
|
"username": $username.value,
|
||||||
|
}),
|
||||||
|
})
|
||||||
|
.then((response) => response.json())
|
||||||
|
.then((data) => {
|
||||||
|
if (data.StatusCode !== 200) {
|
||||||
|
window.alert(data.data.error);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let result = data.data;
|
||||||
|
if (result.OK) {
|
||||||
|
$unOK.style.display = "block";
|
||||||
|
$unError.style.display = "none";
|
||||||
|
} else {
|
||||||
|
$unOK.style.display = "none";
|
||||||
|
$unError.style.display = "block";
|
||||||
|
}
|
||||||
|
}).catch(resp => {
|
||||||
|
window.alert(resp);
|
||||||
|
}).finally(() => {
|
||||||
|
$unCheck.style.display = "none";
|
||||||
|
})
|
||||||
|
};
|
||||||
|
|
||||||
|
if ($username != undefined) {
|
||||||
|
$username.addEventListener("change", onChange);
|
||||||
|
$username.addEventListener("blur", onChange);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
</script>
|
||||||
|
{{end}}
|
|
@ -63,6 +63,12 @@
|
||||||
Admin Permissions Management
|
Admin Permissions Management
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="/admin/add-user">
|
||||||
|
<i class="fa fa-user mr-2"></i>
|
||||||
|
Create User Account
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<a href="/admin/maintenance">
|
<a href="/admin/maintenance">
|
||||||
<i class="fa fa-wrench mr-2"></i>
|
<i class="fa fa-wrench mr-2"></i>
|
||||||
|
|
|
@ -28,6 +28,9 @@
|
||||||
{{else if eq .Intent "promote"}}
|
{{else if eq .Intent "promote"}}
|
||||||
<i class="mr-2 fa fa-peace"></i>
|
<i class="mr-2 fa fa-peace"></i>
|
||||||
Promote User
|
Promote User
|
||||||
|
{{else if eq .Intent "password"}}
|
||||||
|
<i class="mr-2 fa fa-lock"></i>
|
||||||
|
Reset Password
|
||||||
{{else if eq .Intent "delete"}}
|
{{else if eq .Intent "delete"}}
|
||||||
<i class="mr-2 fa fa-trash"></i>
|
<i class="mr-2 fa fa-trash"></i>
|
||||||
Delete User
|
Delete User
|
||||||
|
@ -239,6 +242,44 @@
|
||||||
Remove Admin
|
Remove Admin
|
||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
|
{{else if eq .Intent "password"}}
|
||||||
|
<p class="block">
|
||||||
|
This page allows you to reset a user's password on their behalf. For example, if
|
||||||
|
they have forgotten their password and aren't receiving the e-mail reset link and
|
||||||
|
they reached out for manual assistance.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<div class="field">
|
||||||
|
<label class="label" for="password">New password:</label>
|
||||||
|
<input type="text" class="input" name="password" id="password" placeholder="Password">
|
||||||
|
<a href="#" id="random-password" class="has-text-warning is-size-7">
|
||||||
|
<i class="fa fa-refresh mr-2"></i> Random password
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="field has-text-centered">
|
||||||
|
<button type="submit" name="action" value="password" class="button is-danger">
|
||||||
|
Update Password
|
||||||
|
</button>
|
||||||
|
<a href="/u/{{.User.Username}}" class="button is-success">Cancel</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<script>
|
||||||
|
window.addEventListener("DOMContentLoaded", (event) => {
|
||||||
|
// Password randomization.
|
||||||
|
const $password = document.querySelector("#password"),
|
||||||
|
$randomize = document.querySelector("#random-password");
|
||||||
|
alphabet = "ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz0123456789";
|
||||||
|
$randomize.addEventListener("click", (e) => {
|
||||||
|
e.preventDefault();
|
||||||
|
let password = "";
|
||||||
|
for (let i = 0; i < 16; i++) {
|
||||||
|
password += alphabet[parseInt(Math.random() * alphabet.length)];
|
||||||
|
}
|
||||||
|
$password.value = password;
|
||||||
|
});
|
||||||
|
});
|
||||||
|
</script>
|
||||||
{{else if eq .Intent "delete"}}
|
{{else if eq .Intent "delete"}}
|
||||||
<div class="block content">
|
<div class="block content">
|
||||||
<p>
|
<p>
|
||||||
|
|
|
@ -488,7 +488,7 @@
|
||||||
{{end}}
|
{{end}}
|
||||||
|
|
||||||
<!-- Inner circle invitation -->
|
<!-- Inner circle invitation -->
|
||||||
{{if not .IsSiteGallery}}
|
{{if and (not .IsSiteGallery) (not .InnerCircleOptOut)}}
|
||||||
{{if and (.CurrentUser.IsInnerCircle) (not .User.InnerCircle) (ne .CurrentUser.Username .User.Username) (ge .PublicPhotoCount .InnerCircleMinimumPublicPhotos)}}
|
{{if and (.CurrentUser.IsInnerCircle) (not .User.InnerCircle) (ne .CurrentUser.Username .User.Username) (ge .PublicPhotoCount .InnerCircleMinimumPublicPhotos)}}
|
||||||
<div class="block mt-0">
|
<div class="block mt-0">
|
||||||
<span class="icon"><img src="/static/img/circle-16.png"></span>
|
<span class="icon"><img src="/static/img/circle-16.png"></span>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user