writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1211 Commits
45 Branches
219 MiB
 
 
 
 
 
Tree: d3d77cee54
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd3d77cee54'
${ noResults }
writefreely/account.go

1210 lines
32 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018-2021 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"encoding/json"

  15. 	"fmt"

  16. 	"html/template"

  17. 	"net/http"

  18. 	"regexp"

  19. 	"strings"

  20. 	"sync"

  21. 	"time"

  22. 

  23. 	"github.com/gorilla/csrf"

  24. 	"github.com/gorilla/mux"

  25. 	"github.com/gorilla/sessions"

  26. 	"github.com/guregu/null/zero"

  27. 	"github.com/writeas/impart"

  28. 	"github.com/writeas/web-core/auth"

  29. 	"github.com/writeas/web-core/data"

  30. 	"github.com/writeas/web-core/log"

  31. 	"github.com/writefreely/writefreely/author"

  32. 	"github.com/writefreely/writefreely/config"

  33. 	"github.com/writefreely/writefreely/page"

  34. )

  35. 

  36. type (

  37. 	userSettings struct {

  38. 		Username string `schema:"username" json:"username"`

  39. 		Email    string `schema:"email" json:"email"`

  40. 		NewPass  string `schema:"new-pass" json:"new_pass"`

  41. 		OldPass  string `schema:"current-pass" json:"current_pass"`

  42. 		IsLogOut bool   `schema:"logout" json:"logout"`

  43. 	}

  44. 

  45. 	UserPage struct {

  46. 		page.StaticPage

  47. 

  48. 		PageTitle string

  49. 		Separator template.HTML

  50. 		IsAdmin   bool

  51. 		CanInvite bool

  52. 		CollAlias string

  53. 	}

  54. )

  55. 

  56. func NewUserPage(app *App, r *http.Request, u *User, title string, flashes []string) *UserPage {

  57. 	up := &UserPage{

  58. 		StaticPage: pageForReq(app, r),

  59. 		PageTitle:  title,

  60. 	}

  61. 	up.Username = u.Username

  62. 	up.Flashes = flashes

  63. 	up.Path = r.URL.Path

  64. 	up.IsAdmin = u.IsAdmin()

  65. 	up.CanInvite = canUserInvite(app.cfg, up.IsAdmin)

  66. 	return up

  67. }

  68. 

  69. func canUserInvite(cfg *config.Config, isAdmin bool) bool {

  70. 	return cfg.App.UserInvites != "" &&

  71. 		(isAdmin || cfg.App.UserInvites != "admin")

  72. }

  73. 

  74. func (up *UserPage) SetMessaging(u *User) {

  75. 	// up.NeedsAuth = app.db.DoesUserNeedAuth(u.ID)

  76. }

  77. 

  78. const (

  79. 	loginAttemptExpiration = 3 * time.Second

  80. )

  81. 

  82. var actuallyUsernameReg = regexp.MustCompile("username is actually ([a-z0-9\\-]+)\\. Please try that, instead")

  83. 

  84. func apiSignup(app *App, w http.ResponseWriter, r *http.Request) error {

  85. 	_, err := signup(app, w, r)

  86. 	return err

  87. }

  88. 

  89. func signup(app *App, w http.ResponseWriter, r *http.Request) (*AuthUser, error) {

  90. 	if app.cfg.App.DisablePasswordAuth {

  91. 		err := ErrDisabledPasswordAuth

  92. 		return nil, err

  93. 	}

  94. 

  95. 	reqJSON := IsJSON(r)

  96. 

  97. 	// Get params

  98. 	var ur userRegistration

  99. 	if reqJSON {

  100. 		decoder := json.NewDecoder(r.Body)

  101. 		err := decoder.Decode(&ur)

  102. 		if err != nil {

  103. 			log.Error("Couldn't parse signup JSON request: %v\n", err)

  104. 			return nil, ErrBadJSON

  105. 		}

  106. 	} else {

  107. 		// Check if user is already logged in

  108. 		u := getUserSession(app, r)

  109. 		if u != nil {

  110. 			return &AuthUser{User: u}, nil

  111. 		}

  112. 

  113. 		err := r.ParseForm()

  114. 		if err != nil {

  115. 			log.Error("Couldn't parse signup form request: %v\n", err)

  116. 			return nil, ErrBadFormData

  117. 		}

  118. 

  119. 		err = app.formDecoder.Decode(&ur, r.PostForm)

  120. 		if err != nil {

  121. 			log.Error("Couldn't decode signup form request: %v\n", err)

  122. 			return nil, ErrBadFormData

  123. 		}

  124. 	}

  125. 

  126. 	return signupWithRegistration(app, ur, w, r)

  127. }

  128. 

  129. func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWriter, r *http.Request) (*AuthUser, error) {

  130. 	reqJSON := IsJSON(r)

  131. 

  132. 	// Validate required params (alias)

  133. 	if signup.Alias == "" {

  134. 		return nil, impart.HTTPError{http.StatusBadRequest, "A username is required."}

  135. 	}

  136. 	if signup.Pass == "" {

  137. 		return nil, impart.HTTPError{http.StatusBadRequest, "A password is required."}

  138. 	}

  139. 	var desiredUsername string

  140. 	if signup.Normalize {

  141. 		// With this option we simply conform the username to what we expect

  142. 		// without complaining. Since they might've done something funny, like

  143. 		// enter: write.as/Way Out There, we'll use their raw input for the new

  144. 		// collection name and sanitize for the slug / username.

  145. 		desiredUsername = signup.Alias

  146. 		signup.Alias = getSlug(signup.Alias, "")

  147. 	}

  148. 	if !author.IsValidUsername(app.cfg, signup.Alias) {

  149. 		// Ensure the username is syntactically correct.

  150. 		return nil, impart.HTTPError{http.StatusPreconditionFailed, "Username is reserved or isn't valid. It must be at least 3 characters long, and can only include letters, numbers, and hyphens."}

  151. 	}

  152. 

  153. 	// Handle empty optional params

  154. 	hashedPass, err := auth.HashPass([]byte(signup.Pass))

  155. 	if err != nil {

  156. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}

  157. 	}

  158. 

  159. 	// Create struct to insert

  160. 	u := &User{

  161. 		Username:   signup.Alias,

  162. 		HashedPass: hashedPass,

  163. 		HasPass:    true,

  164. 		Email:      prepareUserEmail(signup.Email, app.keys.EmailKey),

  165. 		Created:    time.Now().Truncate(time.Second).UTC(),

  166. 	}

  167. 

  168. 	// Create actual user

  169. 	if err := app.db.CreateUser(app.cfg, u, desiredUsername); err != nil {

  170. 		return nil, err

  171. 	}

  172. 

  173. 	// Log invite if needed

  174. 	if signup.InviteCode != "" {

  175. 		err = app.db.CreateInvitedUser(signup.InviteCode, u.ID)

  176. 		if err != nil {

  177. 			return nil, err

  178. 		}

  179. 	}

  180. 

  181. 	// Add back unencrypted data for response

  182. 	if signup.Email != "" {

  183. 		u.Email.String = signup.Email

  184. 	}

  185. 

  186. 	resUser := &AuthUser{

  187. 		User: u,

  188. 	}

  189. 	title := signup.Alias

  190. 	if signup.Normalize {

  191. 		title = desiredUsername

  192. 	}

  193. 	resUser.Collections = &[]Collection{

  194. 		{

  195. 			Alias: signup.Alias,

  196. 			Title: title,

  197. 		},

  198. 	}

  199. 

  200. 	var token string

  201. 	if reqJSON && !signup.Web {

  202. 		token, err = app.db.GetAccessToken(u.ID)

  203. 		if err != nil {

  204. 			return nil, impart.HTTPError{http.StatusInternalServerError, "Could not create access token. Try re-authenticating."}

  205. 		}

  206. 		resUser.AccessToken = token

  207. 	} else {

  208. 		session, err := app.sessionStore.Get(r, cookieName)

  209. 		if err != nil {

  210. 			// The cookie should still save, even if there's an error.

  211. 			// Source: https://github.com/gorilla/sessions/issues/16#issuecomment-143642144

  212. 			log.Error("Session: %v; ignoring", err)

  213. 		}

  214. 		session.Values[cookieUserVal] = resUser.User.Cookie()

  215. 		err = session.Save(r, w)

  216. 		if err != nil {

  217. 			log.Error("Couldn't save session: %v", err)

  218. 			return nil, err

  219. 		}

  220. 	}

  221. 	if reqJSON {

  222. 		return resUser, impart.WriteSuccess(w, resUser, http.StatusCreated)

  223. 	}

  224. 

  225. 	return resUser, nil

  226. }

  227. 

  228. func viewLogout(app *App, w http.ResponseWriter, r *http.Request) error {

  229. 	session, err := app.sessionStore.Get(r, cookieName)

  230. 	if err != nil {

  231. 		return ErrInternalCookieSession

  232. 	}

  233. 

  234. 	// Ensure user has an email or password set before they go, so they don't

  235. 	// lose access to their account.

  236. 	val := session.Values[cookieUserVal]

  237. 	var u = &User{}

  238. 	var ok bool

  239. 	if u, ok = val.(*User); !ok {

  240. 		log.Error("Error casting user object on logout. Vals: %+v Resetting cookie.", session.Values)

  241. 

  242. 		err = session.Save(r, w)

  243. 		if err != nil {

  244. 			log.Error("Couldn't save session on logout: %v", err)

  245. 			return impart.HTTPError{http.StatusInternalServerError, "Unable to save cookie session."}

  246. 		}

  247. 

  248. 		return impart.HTTPError{http.StatusFound, "/"}

  249. 	}

  250. 

  251. 	u, err = app.db.GetUserByID(u.ID)

  252. 	if err != nil && err != ErrUserNotFound {

  253. 		return impart.HTTPError{http.StatusInternalServerError, "Unable to fetch user information."}

  254. 	}

  255. 

  256. 	session.Options.MaxAge = -1

  257. 

  258. 	err = session.Save(r, w)

  259. 	if err != nil {

  260. 		log.Error("Couldn't save session on logout: %v", err)

  261. 		return impart.HTTPError{http.StatusInternalServerError, "Unable to save cookie session."}

  262. 	}

  263. 

  264. 	return impart.HTTPError{http.StatusFound, "/"}

  265. }

  266. 

  267. func handleAPILogout(app *App, w http.ResponseWriter, r *http.Request) error {

  268. 	accessToken := r.Header.Get("Authorization")

  269. 	if accessToken == "" {

  270. 		return ErrNoAccessToken

  271. 	}

  272. 	t := auth.GetToken(accessToken)

  273. 	if len(t) == 0 {

  274. 		return ErrNoAccessToken

  275. 	}

  276. 	err := app.db.DeleteToken(t)

  277. 	if err != nil {

  278. 		return err

  279. 	}

  280. 	return impart.HTTPError{Status: http.StatusNoContent}

  281. }

  282. 

  283. func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {

  284. 	var earlyError string

  285. 	oneTimeToken := r.FormValue("with")

  286. 	if oneTimeToken != "" {

  287. 		log.Info("Calling login with one-time token.")

  288. 		err := login(app, w, r)

  289. 		if err != nil {

  290. 			log.Info("Received error: %v", err)

  291. 			earlyError = fmt.Sprintf("%s", err)

  292. 		}

  293. 	}

  294. 

  295. 	session, err := app.sessionStore.Get(r, cookieName)

  296. 	if err != nil {

  297. 		// Ignore this

  298. 		log.Error("Unable to get session; ignoring: %v", err)

  299. 	}

  300. 

  301. 	p := &struct {

  302. 		page.StaticPage

  303. 		*OAuthButtons

  304. 		To            string

  305. 		Message       template.HTML

  306. 		Flashes       []template.HTML

  307. 		LoginUsername string

  308. 	}{

  309. 		StaticPage:    pageForReq(app, r),

  310. 		OAuthButtons:  NewOAuthButtons(app.Config()),

  311. 		To:            r.FormValue("to"),

  312. 		Message:       template.HTML(""),

  313. 		Flashes:       []template.HTML{},

  314. 		LoginUsername: getTempInfo(app, "login-user", r, w),

  315. 	}

  316. 

  317. 	if earlyError != "" {

  318. 		p.Flashes = append(p.Flashes, template.HTML(earlyError))

  319. 	}

  320. 

  321. 	// Display any error messages

  322. 	flashes, _ := getSessionFlashes(app, w, r, session)

  323. 	for _, flash := range flashes {

  324. 		p.Flashes = append(p.Flashes, template.HTML(flash))

  325. 	}

  326. 	err = pages["login.tmpl"].ExecuteTemplate(w, "base", p)

  327. 	if err != nil {

  328. 		log.Error("Unable to render login: %v", err)

  329. 		return err

  330. 	}

  331. 	return nil

  332. }

  333. 

  334. func webLogin(app *App, w http.ResponseWriter, r *http.Request) error {

  335. 	err := login(app, w, r)

  336. 	if err != nil {

  337. 		username := r.FormValue("alias")

  338. 		// Login request was unsuccessful; save the error in the session and redirect them

  339. 		if err, ok := err.(impart.HTTPError); ok {

  340. 			session, _ := app.sessionStore.Get(r, cookieName)

  341. 			if session != nil {

  342. 				session.AddFlash(err.Message)

  343. 				session.Save(r, w)

  344. 			}

  345. 

  346. 			if m := actuallyUsernameReg.FindStringSubmatch(err.Message); len(m) > 0 {

  347. 				// Retain fixed username recommendation for the login form

  348. 				username = m[1]

  349. 			}

  350. 		}

  351. 

  352. 		// Pass along certain information

  353. 		saveTempInfo(app, "login-user", username, r, w)

  354. 

  355. 		// Retain post-login URL if one was given

  356. 		redirectTo := "/login"

  357. 		postLoginRedirect := r.FormValue("to")

  358. 		if postLoginRedirect != "" {

  359. 			redirectTo += "?to=" + postLoginRedirect

  360. 		}

  361. 

  362. 		log.Error("Unable to login: %v", err)

  363. 		return impart.HTTPError{http.StatusTemporaryRedirect, redirectTo}

  364. 	}

  365. 

  366. 	return nil

  367. }

  368. 

  369. var loginAttemptUsers = sync.Map{}

  370. 

  371. func login(app *App, w http.ResponseWriter, r *http.Request) error {

  372. 	reqJSON := IsJSON(r)

  373. 	oneTimeToken := r.FormValue("with")

  374. 	verbose := r.FormValue("all") == "true" || r.FormValue("verbose") == "1" || r.FormValue("verbose") == "true" || (reqJSON && oneTimeToken != "")

  375. 

  376. 	redirectTo := r.FormValue("to")

  377. 	if redirectTo == "" {

  378. 		if app.cfg.App.SingleUser {

  379. 			redirectTo = "/me/new"

  380. 		} else {

  381. 			redirectTo = "/"

  382. 		}

  383. 	}

  384. 

  385. 	var u *User

  386. 	var err error

  387. 	var signin userCredentials

  388. 

  389. 	if app.cfg.App.DisablePasswordAuth {

  390. 		err := ErrDisabledPasswordAuth

  391. 		return err

  392. 	}

  393. 

  394. 	// Log in with one-time token if one is given

  395. 	if oneTimeToken != "" {

  396. 		log.Info("Login: Logging user in via token.")

  397. 		userID := app.db.GetUserID(oneTimeToken)

  398. 		if userID == -1 {

  399. 			log.Error("Login: Got user -1 from token")

  400. 			err := ErrBadAccessToken

  401. 			err.Message = "Expired or invalid login code."

  402. 			return err

  403. 		}

  404. 		log.Info("Login: Found user %d.", userID)

  405. 

  406. 		u, err = app.db.GetUserByID(userID)

  407. 		if err != nil {

  408. 			log.Error("Unable to fetch user on one-time token login: %v", err)

  409. 			return impart.HTTPError{http.StatusInternalServerError, "There was an error retrieving the user you want."}

  410. 		}

  411. 		log.Info("Login: Got user via token")

  412. 	} else {

  413. 		// Get params

  414. 		if reqJSON {

  415. 			decoder := json.NewDecoder(r.Body)

  416. 			err := decoder.Decode(&signin)

  417. 			if err != nil {

  418. 				log.Error("Couldn't parse signin JSON request: %v\n", err)

  419. 				return ErrBadJSON

  420. 			}

  421. 		} else {

  422. 			err := r.ParseForm()

  423. 			if err != nil {

  424. 				log.Error("Couldn't parse signin form request: %v\n", err)

  425. 				return ErrBadFormData

  426. 			}

  427. 

  428. 			err = app.formDecoder.Decode(&signin, r.PostForm)

  429. 			if err != nil {

  430. 				log.Error("Couldn't decode signin form request: %v\n", err)

  431. 				return ErrBadFormData

  432. 			}

  433. 		}

  434. 

  435. 		log.Info("Login: Attempting login for '%s'", signin.Alias)

  436. 

  437. 		// Validate required params (all)

  438. 		if signin.Alias == "" {

  439. 			msg := "Parameter `alias` required."

  440. 			if signin.Web {

  441. 				msg = "A username is required."

  442. 			}

  443. 			return impart.HTTPError{http.StatusBadRequest, msg}

  444. 		}

  445. 		if !signin.EmailLogin && signin.Pass == "" {

  446. 			msg := "Parameter `pass` required."

  447. 			if signin.Web {

  448. 				msg = "A password is required."

  449. 			}

  450. 			return impart.HTTPError{http.StatusBadRequest, msg}

  451. 		}

  452. 

  453. 		// Prevent excessive login attempts on the same account

  454. 		// Skip this check in dev environment

  455. 		if !app.cfg.Server.Dev {

  456. 			now := time.Now()

  457. 			attemptExp, att := loginAttemptUsers.LoadOrStore(signin.Alias, now.Add(loginAttemptExpiration))

  458. 			if att {

  459. 				if attemptExpTime, ok := attemptExp.(time.Time); ok {

  460. 					if attemptExpTime.After(now) {

  461. 						// This user attempted previously, and the period hasn't expired yet

  462. 						return impart.HTTPError{http.StatusTooManyRequests, "You're doing that too much."}

  463. 					} else {

  464. 						// This user attempted previously, but the time expired; free up space

  465. 						loginAttemptUsers.Delete(signin.Alias)

  466. 					}

  467. 				} else {

  468. 					log.Error("Unable to cast expiration to time")

  469. 				}

  470. 			}

  471. 		}

  472. 

  473. 		// Retrieve password

  474. 		u, err = app.db.GetUserForAuth(signin.Alias)

  475. 		if err != nil {

  476. 			log.Info("Unable to getUserForAuth on %s: %v", signin.Alias, err)

  477. 			if strings.IndexAny(signin.Alias, "@") > 0 {

  478. 				log.Info("Suggesting: %s", ErrUserNotFoundEmail.Message)

  479. 				return ErrUserNotFoundEmail

  480. 			}

  481. 			return err

  482. 		}

  483. 		// Authenticate

  484. 		if u.Email.String == "" {

  485. 			// User has no email set, so check if they haven't added a password, either,

  486. 			// so we can return a more helpful error message.

  487. 			if hasPass, _ := app.db.IsUserPassSet(u.ID); !hasPass {

  488. 				log.Info("Tried logging in to %s, but no password or email.", signin.Alias)

  489. 				return impart.HTTPError{http.StatusPreconditionFailed, "This user never added a password or email address. Please contact us for help."}

  490. 			}

  491. 		}

  492. 		if len(u.HashedPass) == 0 {

  493. 			return impart.HTTPError{http.StatusUnauthorized, "This user never set a password. Perhaps try logging in via OAuth?"}

  494. 		}

  495. 		if !auth.Authenticated(u.HashedPass, []byte(signin.Pass)) {

  496. 			return impart.HTTPError{http.StatusUnauthorized, "Incorrect password."}

  497. 		}

  498. 	}

  499. 

  500. 	if reqJSON && !signin.Web {

  501. 		var token string

  502. 		if r.Header.Get("User-Agent") == "" {

  503. 			// Get last created token when User-Agent is empty

  504. 			token = app.db.FetchLastAccessToken(u.ID)

  505. 			if token == "" {

  506. 				token, err = app.db.GetAccessToken(u.ID)

  507. 			}

  508. 		} else {

  509. 			token, err = app.db.GetAccessToken(u.ID)

  510. 		}

  511. 		if err != nil {

  512. 			log.Error("Login: Unable to create access token: %v", err)

  513. 			return impart.HTTPError{http.StatusInternalServerError, "Could not create access token. Try re-authenticating."}

  514. 		}

  515. 		resUser := getVerboseAuthUser(app, token, u, verbose)

  516. 		return impart.WriteSuccess(w, resUser, http.StatusOK)

  517. 	}

  518. 

  519. 	session, err := app.sessionStore.Get(r, cookieName)

  520. 	if err != nil {

  521. 		// The cookie should still save, even if there's an error.

  522. 		log.Error("Login: Session: %v; ignoring", err)

  523. 	}

  524. 

  525. 	// Remove unwanted data

  526. 	session.Values[cookieUserVal] = u.Cookie()

  527. 	err = session.Save(r, w)

  528. 	if err != nil {

  529. 		log.Error("Login: Couldn't save session: %v", err)

  530. 		// TODO: return error

  531. 	}

  532. 

  533. 	// Send success

  534. 	if reqJSON {

  535. 		return impart.WriteSuccess(w, &AuthUser{User: u}, http.StatusOK)

  536. 	}

  537. 	log.Info("Login: Redirecting to %s", redirectTo)

  538. 	w.Header().Set("Location", redirectTo)

  539. 	w.WriteHeader(http.StatusFound)

  540. 	return nil

  541. }

  542. 

  543. func getVerboseAuthUser(app *App, token string, u *User, verbose bool) *AuthUser {

  544. 	resUser := &AuthUser{

  545. 		AccessToken: token,

  546. 		User:        u,

  547. 	}

  548. 

  549. 	// Fetch verbose user data if requested

  550. 	if verbose {

  551. 		posts, err := app.db.GetUserPosts(u)

  552. 		if err != nil {

  553. 			log.Error("Login: Unable to get user posts: %v", err)

  554. 		}

  555. 		colls, err := app.db.GetCollections(u, app.cfg.App.Host)

  556. 		if err != nil {

  557. 			log.Error("Login: Unable to get user collections: %v", err)

  558. 		}

  559. 		passIsSet, err := app.db.IsUserPassSet(u.ID)

  560. 		if err != nil {

  561. 			// TODO: correct error meesage

  562. 			log.Error("Login: Unable to get user collections: %v", err)

  563. 		}

  564. 

  565. 		resUser.Posts = posts

  566. 		resUser.Collections = colls

  567. 		resUser.User.HasPass = passIsSet

  568. 	}

  569. 	return resUser

  570. }

  571. 

  572. func viewExportOptions(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  573. 	// Fetch extra user data

  574. 	p := NewUserPage(app, r, u, "Export", nil)

  575. 

  576. 	showUserPage(w, "export", p)

  577. 	return nil

  578. }

  579. 

  580. func viewExportPosts(app *App, w http.ResponseWriter, r *http.Request) ([]byte, string, error) {

  581. 	var filename string

  582. 	var u = &User{}

  583. 	reqJSON := IsJSON(r)

  584. 	if reqJSON {

  585. 		// Use given Authorization header

  586. 		accessToken := r.Header.Get("Authorization")

  587. 		if accessToken == "" {

  588. 			return nil, filename, ErrNoAccessToken

  589. 		}

  590. 

  591. 		userID := app.db.GetUserID(accessToken)

  592. 		if userID == -1 {

  593. 			return nil, filename, ErrBadAccessToken

  594. 		}

  595. 

  596. 		var err error

  597. 		u, err = app.db.GetUserByID(userID)

  598. 		if err != nil {

  599. 			return nil, filename, impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve requested user."}

  600. 		}

  601. 	} else {

  602. 		// Use user cookie

  603. 		session, err := app.sessionStore.Get(r, cookieName)

  604. 		if err != nil {

  605. 			// The cookie should still save, even if there's an error.

  606. 			log.Error("Session: %v; ignoring", err)

  607. 		}

  608. 

  609. 		val := session.Values[cookieUserVal]

  610. 		var ok bool

  611. 		if u, ok = val.(*User); !ok {

  612. 			return nil, filename, ErrNotLoggedIn

  613. 		}

  614. 	}

  615. 

  616. 	filename = u.Username + "-posts-" + time.Now().Truncate(time.Second).UTC().Format("200601021504")

  617. 

  618. 	// Fetch data we're exporting

  619. 	var err error

  620. 	var data []byte

  621. 	posts, err := app.db.GetUserPosts(u)

  622. 	if err != nil {

  623. 		return data, filename, err

  624. 	}

  625. 

  626. 	// Export as CSV

  627. 	if strings.HasSuffix(r.URL.Path, ".csv") {

  628. 		data = exportPostsCSV(app.cfg.App.Host, u, posts)

  629. 		return data, filename, err

  630. 	}

  631. 	if strings.HasSuffix(r.URL.Path, ".zip") {

  632. 		data = exportPostsZip(u, posts)

  633. 		return data, filename, err

  634. 	}

  635. 

  636. 	if r.FormValue("pretty") == "1" {

  637. 		data, err = json.MarshalIndent(posts, "", "\t")

  638. 	} else {

  639. 		data, err = json.Marshal(posts)

  640. 	}

  641. 	return data, filename, err

  642. }

  643. 

  644. func viewExportFull(app *App, w http.ResponseWriter, r *http.Request) ([]byte, string, error) {

  645. 	var err error

  646. 	filename := ""

  647. 	u := getUserSession(app, r)

  648. 	if u == nil {

  649. 		return nil, filename, ErrNotLoggedIn

  650. 	}

  651. 	filename = u.Username + "-" + time.Now().Truncate(time.Second).UTC().Format("200601021504")

  652. 

  653. 	exportUser := compileFullExport(app, u)

  654. 

  655. 	var data []byte

  656. 	if r.FormValue("pretty") == "1" {

  657. 		data, err = json.MarshalIndent(exportUser, "", "\t")

  658. 	} else {

  659. 		data, err = json.Marshal(exportUser)

  660. 	}

  661. 	return data, filename, err

  662. }

  663. 

  664. func viewMeAPI(app *App, w http.ResponseWriter, r *http.Request) error {

  665. 	reqJSON := IsJSON(r)

  666. 	uObj := struct {

  667. 		ID       int64  `json:"id,omitempty"`

  668. 		Username string `json:"username,omitempty"`

  669. 	}{}

  670. 	var err error

  671. 

  672. 	if reqJSON {

  673. 		_, uObj.Username, err = app.db.GetUserDataFromToken(r.Header.Get("Authorization"))

  674. 		if err != nil {

  675. 			return err

  676. 		}

  677. 	} else {

  678. 		u := getUserSession(app, r)

  679. 		if u == nil {

  680. 			return impart.WriteSuccess(w, uObj, http.StatusOK)

  681. 		}

  682. 		uObj.Username = u.Username

  683. 	}

  684. 

  685. 	return impart.WriteSuccess(w, uObj, http.StatusOK)

  686. }

  687. 

  688. func viewMyPostsAPI(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  689. 	reqJSON := IsJSON(r)

  690. 	if !reqJSON {

  691. 		return ErrBadRequestedType

  692. 	}

  693. 

  694. 	var err error

  695. 	p := GetPostsCache(u.ID)

  696. 	if p == nil {

  697. 		userPostsCache.Lock()

  698. 		if userPostsCache.users[u.ID].ready == nil {

  699. 			userPostsCache.users[u.ID] = postsCacheItem{ready: make(chan struct{})}

  700. 			userPostsCache.Unlock()

  701. 

  702. 			p, err = app.db.GetUserPosts(u)

  703. 			if err != nil {

  704. 				return err

  705. 			}

  706. 

  707. 			CachePosts(u.ID, p)

  708. 		} else {

  709. 			userPostsCache.Unlock()

  710. 

  711. 			<-userPostsCache.users[u.ID].ready

  712. 			p = GetPostsCache(u.ID)

  713. 		}

  714. 	}

  715. 

  716. 	return impart.WriteSuccess(w, p, http.StatusOK)

  717. }

  718. 

  719. func viewMyCollectionsAPI(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  720. 	reqJSON := IsJSON(r)

  721. 	if !reqJSON {

  722. 		return ErrBadRequestedType

  723. 	}

  724. 

  725. 	p, err := app.db.GetCollections(u, app.cfg.App.Host)

  726. 	if err != nil {

  727. 		return err

  728. 	}

  729. 

  730. 	return impart.WriteSuccess(w, p, http.StatusOK)

  731. }

  732. 

  733. func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  734. 	p, err := app.db.GetAnonymousPosts(u)

  735. 	if err != nil {

  736. 		log.Error("unable to fetch anon posts: %v", err)

  737. 	}

  738. 	// nil-out AnonymousPosts slice for easy detection in the template

  739. 	if p != nil && len(*p) == 0 {

  740. 		p = nil

  741. 	}

  742. 

  743. 	f, err := getSessionFlashes(app, w, r, nil)

  744. 	if err != nil {

  745. 		log.Error("unable to fetch flashes: %v", err)

  746. 	}

  747. 

  748. 	c, err := app.db.GetPublishableCollections(u, app.cfg.App.Host)

  749. 	if err != nil {

  750. 		log.Error("unable to fetch collections: %v", err)

  751. 	}

  752. 

  753. 	silenced, err := app.db.IsUserSilenced(u.ID)

  754. 	if err != nil {

  755. 		log.Error("view articles: %v", err)

  756. 	}

  757. 	d := struct {

  758. 		*UserPage

  759. 		AnonymousPosts *[]PublicPost

  760. 		Collections    *[]Collection

  761. 		Silenced       bool

  762. 	}{

  763. 		UserPage:       NewUserPage(app, r, u, u.Username+"'s Posts", f),

  764. 		AnonymousPosts: p,

  765. 		Collections:    c,

  766. 		Silenced:       silenced,

  767. 	}

  768. 	d.UserPage.SetMessaging(u)

  769. 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")

  770. 	w.Header().Set("Expires", "Thu, 04 Oct 1990 20:00:00 GMT")

  771. 	showUserPage(w, "articles", d)

  772. 

  773. 	return nil

  774. }

  775. 

  776. func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  777. 	c, err := app.db.GetCollections(u, app.cfg.App.Host)

  778. 	if err != nil {

  779. 		log.Error("unable to fetch collections: %v", err)

  780. 		return fmt.Errorf("No collections")

  781. 	}

  782. 

  783. 	f, _ := getSessionFlashes(app, w, r, nil)

  784. 

  785. 	uc, _ := app.db.GetUserCollectionCount(u.ID)

  786. 	// TODO: handle any errors

  787. 

  788. 	silenced, err := app.db.IsUserSilenced(u.ID)

  789. 	if err != nil {

  790. 		log.Error("view collections %v", err)

  791. 		return fmt.Errorf("view collections: %v", err)

  792. 	}

  793. 	d := struct {

  794. 		*UserPage

  795. 		Collections *[]Collection

  796. 

  797. 		UsedCollections, TotalCollections int

  798. 

  799. 		NewBlogsDisabled bool

  800. 		Silenced         bool

  801. 	}{

  802. 		UserPage:         NewUserPage(app, r, u, u.Username+"'s Blogs", f),

  803. 		Collections:      c,

  804. 		UsedCollections:  int(uc),

  805. 		NewBlogsDisabled: !app.cfg.App.CanCreateBlogs(uc),

  806. 		Silenced:         silenced,

  807. 	}

  808. 	d.UserPage.SetMessaging(u)

  809. 	showUserPage(w, "collections", d)

  810. 

  811. 	return nil

  812. }

  813. 

  814. func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  815. 	vars := mux.Vars(r)

  816. 	c, err := app.db.GetCollection(vars["collection"])

  817. 	if err != nil {

  818. 		return err

  819. 	}

  820. 	if c.OwnerID != u.ID {

  821. 		return ErrCollectionNotFound

  822. 	}

  823. 

  824. 	// Add collection properties

  825. 	c.MonetizationPointer = app.db.GetCollectionAttribute(c.ID, "monetization_pointer")

  826. 

  827. 	silenced, err := app.db.IsUserSilenced(u.ID)

  828. 	if err != nil {

  829. 		log.Error("view edit collection %v", err)

  830. 		return fmt.Errorf("view edit collection: %v", err)

  831. 	}

  832. 	flashes, _ := getSessionFlashes(app, w, r, nil)

  833. 	obj := struct {

  834. 		*UserPage

  835. 		*Collection

  836. 		Silenced bool

  837. 	}{

  838. 		UserPage:   NewUserPage(app, r, u, "Edit "+c.DisplayTitle(), flashes),

  839. 		Collection: c,

  840. 		Silenced:   silenced,

  841. 	}

  842. 	obj.UserPage.CollAlias = c.Alias

  843. 

  844. 	showUserPage(w, "collection", obj)

  845. 	return nil

  846. }

  847. 

  848. func updateSettings(app *App, w http.ResponseWriter, r *http.Request) error {

  849. 	reqJSON := IsJSON(r)

  850. 

  851. 	var s userSettings

  852. 	var u *User

  853. 	var sess *sessions.Session

  854. 	var err error

  855. 	if reqJSON {

  856. 		accessToken := r.Header.Get("Authorization")

  857. 		if accessToken == "" {

  858. 			return ErrNoAccessToken

  859. 		}

  860. 

  861. 		u, err = app.db.GetAPIUser(accessToken)

  862. 		if err != nil {

  863. 			return ErrBadAccessToken

  864. 		}

  865. 

  866. 		decoder := json.NewDecoder(r.Body)

  867. 		err := decoder.Decode(&s)

  868. 		if err != nil {

  869. 			log.Error("Couldn't parse settings JSON request: %v\n", err)

  870. 			return ErrBadJSON

  871. 		}

  872. 

  873. 		// Prevent all username updates

  874. 		// TODO: support changing username via JSON API request

  875. 		s.Username = ""

  876. 	} else {

  877. 		u, sess = getUserAndSession(app, r)

  878. 		if u == nil {

  879. 			return ErrNotLoggedIn

  880. 		}

  881. 

  882. 		err := r.ParseForm()

  883. 		if err != nil {

  884. 			log.Error("Couldn't parse settings form request: %v\n", err)

  885. 			return ErrBadFormData

  886. 		}

  887. 

  888. 		err = app.formDecoder.Decode(&s, r.PostForm)

  889. 		if err != nil {

  890. 			log.Error("Couldn't decode settings form request: %v\n", err)

  891. 			return ErrBadFormData

  892. 		}

  893. 	}

  894. 

  895. 	// Do update

  896. 	postUpdateReturn := r.FormValue("return")

  897. 	redirectTo := "/me/settings"

  898. 	if s.IsLogOut {

  899. 		redirectTo += "?logout=1"

  900. 	} else if postUpdateReturn != "" {

  901. 		redirectTo = postUpdateReturn

  902. 	}

  903. 

  904. 	// Only do updates on values we need

  905. 	if s.Username != "" && s.Username == u.Username {

  906. 		// Username hasn't actually changed; blank it out

  907. 		s.Username = ""

  908. 	}

  909. 	err = app.db.ChangeSettings(app, u, &s)

  910. 	if err != nil {

  911. 		if reqJSON {

  912. 			return err

  913. 		}

  914. 

  915. 		if err, ok := err.(impart.HTTPError); ok {

  916. 			addSessionFlash(app, w, r, err.Message, nil)

  917. 		}

  918. 	} else {

  919. 		// Successful update.

  920. 		if reqJSON {

  921. 			return impart.WriteSuccess(w, u, http.StatusOK)

  922. 		}

  923. 

  924. 		if s.IsLogOut {

  925. 			redirectTo = "/me/logout"

  926. 		} else {

  927. 			sess.Values[cookieUserVal] = u.Cookie()

  928. 			addSessionFlash(app, w, r, "Account updated.", nil)

  929. 		}

  930. 	}

  931. 

  932. 	w.Header().Set("Location", redirectTo)

  933. 	w.WriteHeader(http.StatusFound)

  934. 	return nil

  935. }

  936. 

  937. func updatePassphrase(app *App, w http.ResponseWriter, r *http.Request) error {

  938. 	accessToken := r.Header.Get("Authorization")

  939. 	if accessToken == "" {

  940. 		return ErrNoAccessToken

  941. 	}

  942. 

  943. 	curPass := r.FormValue("current")

  944. 	newPass := r.FormValue("new")

  945. 	// Ensure a new password is given (always required)

  946. 	if newPass == "" {

  947. 		return impart.HTTPError{http.StatusBadRequest, "Provide a new password."}

  948. 	}

  949. 

  950. 	userID, sudo := app.db.GetUserIDPrivilege(accessToken)

  951. 	if userID == -1 {

  952. 		return ErrBadAccessToken

  953. 	}

  954. 

  955. 	// Ensure a current password is given if the access token doesn't have sudo

  956. 	// privileges.

  957. 	if !sudo && curPass == "" {

  958. 		return impart.HTTPError{http.StatusBadRequest, "Provide current password."}

  959. 	}

  960. 

  961. 	// Hash the new password

  962. 	hashedPass, err := auth.HashPass([]byte(newPass))

  963. 	if err != nil {

  964. 		return impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}

  965. 	}

  966. 

  967. 	// Do update

  968. 	err = app.db.ChangePassphrase(userID, sudo, curPass, hashedPass)

  969. 	if err != nil {

  970. 		return err

  971. 	}

  972. 

  973. 	return impart.WriteSuccess(w, struct{}{}, http.StatusOK)

  974. }

  975. 

  976. func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  977. 	var c *Collection

  978. 	var err error

  979. 	vars := mux.Vars(r)

  980. 	alias := vars["collection"]

  981. 	if alias != "" {

  982. 		c, err = app.db.GetCollection(alias)

  983. 		if err != nil {

  984. 			return err

  985. 		}

  986. 		if c.OwnerID != u.ID {

  987. 			return ErrCollectionNotFound

  988. 		}

  989. 	}

  990. 

  991. 	topPosts, err := app.db.GetTopPosts(u, alias)

  992. 	if err != nil {

  993. 		log.Error("Unable to get top posts: %v", err)

  994. 		return err

  995. 	}

  996. 

  997. 	flashes, _ := getSessionFlashes(app, w, r, nil)

  998. 	titleStats := ""

  999. 	if c != nil {

  1000. 		titleStats = c.DisplayTitle() + " "

  1001. 	}

  1002. 

  1003. 	silenced, err := app.db.IsUserSilenced(u.ID)

  1004. 	if err != nil {

  1005. 		log.Error("view stats: %v", err)

  1006. 		return err

  1007. 	}

  1008. 	obj := struct {

  1009. 		*UserPage

  1010. 		VisitsBlog  string

  1011. 		Collection  *Collection

  1012. 		TopPosts    *[]PublicPost

  1013. 		APFollowers int

  1014. 		Silenced    bool

  1015. 	}{

  1016. 		UserPage:   NewUserPage(app, r, u, titleStats+"Stats", flashes),

  1017. 		VisitsBlog: alias,

  1018. 		Collection: c,

  1019. 		TopPosts:   topPosts,

  1020. 		Silenced:   silenced,

  1021. 	}

  1022. 	obj.UserPage.CollAlias = c.Alias

  1023. 	if app.cfg.App.Federation {

  1024. 		folls, err := app.db.GetAPFollowers(c)

  1025. 		if err != nil {

  1026. 			return err

  1027. 		}

  1028. 		obj.APFollowers = len(*folls)

  1029. 	}

  1030. 

  1031. 	showUserPage(w, "stats", obj)

  1032. 	return nil

  1033. }

  1034. 

  1035. func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  1036. 	fullUser, err := app.db.GetUserByID(u.ID)

  1037. 	if err != nil {

  1038. 		log.Error("Unable to get user for settings: %s", err)

  1039. 		return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}

  1040. 	}

  1041. 

  1042. 	passIsSet, err := app.db.IsUserPassSet(u.ID)

  1043. 	if err != nil {

  1044. 		log.Error("Unable to get isUserPassSet for settings: %s", err)

  1045. 		return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}

  1046. 	}

  1047. 

  1048. 	flashes, _ := getSessionFlashes(app, w, r, nil)

  1049. 

  1050. 	enableOauthSlack := app.Config().SlackOauth.ClientID != ""

  1051. 	enableOauthWriteAs := app.Config().WriteAsOauth.ClientID != ""

  1052. 	enableOauthGitLab := app.Config().GitlabOauth.ClientID != ""

  1053. 	enableOauthGeneric := app.Config().GenericOauth.ClientID != ""

  1054. 	enableOauthGitea := app.Config().GiteaOauth.ClientID != ""

  1055. 

  1056. 	oauthAccounts, err := app.db.GetOauthAccounts(r.Context(), u.ID)

  1057. 	if err != nil {

  1058. 		log.Error("Unable to get oauth accounts for settings: %s", err)

  1059. 		return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}

  1060. 	}

  1061. 	for idx, oauthAccount := range oauthAccounts {

  1062. 		switch oauthAccount.Provider {

  1063. 		case "slack":

  1064. 			enableOauthSlack = false

  1065. 		case "write.as":

  1066. 			enableOauthWriteAs = false

  1067. 		case "gitlab":

  1068. 			enableOauthGitLab = false

  1069. 		case "generic":

  1070. 			oauthAccounts[idx].DisplayName = app.Config().GenericOauth.DisplayName

  1071. 			oauthAccounts[idx].AllowDisconnect = app.Config().GenericOauth.AllowDisconnect

  1072. 			enableOauthGeneric = false

  1073. 		case "gitea":

  1074. 			enableOauthGitea = false

  1075. 		}

  1076. 	}

  1077. 

  1078. 	displayOauthSection := enableOauthSlack || enableOauthWriteAs || enableOauthGitLab || enableOauthGeneric || enableOauthGitea || len(oauthAccounts) > 0

  1079. 

  1080. 	obj := struct {

  1081. 		*UserPage

  1082. 		Email                   string

  1083. 		HasPass                 bool

  1084. 		IsLogOut                bool

  1085. 		Silenced                bool

  1086. 		CSRFField               template.HTML

  1087. 		OauthSection            bool

  1088. 		OauthAccounts           []oauthAccountInfo

  1089. 		OauthSlack              bool

  1090. 		OauthWriteAs            bool

  1091. 		OauthGitLab             bool

  1092. 		GitLabDisplayName       string

  1093. 		OauthGeneric            bool

  1094. 		OauthGenericDisplayName string

  1095. 		OauthGitea              bool

  1096. 		GiteaDisplayName        string

  1097. 	}{

  1098. 		UserPage:                NewUserPage(app, r, u, "Account Settings", flashes),

  1099. 		Email:                   fullUser.EmailClear(app.keys),

  1100. 		HasPass:                 passIsSet,

  1101. 		IsLogOut:                r.FormValue("logout") == "1",

  1102. 		Silenced:                fullUser.IsSilenced(),

  1103. 		CSRFField:               csrf.TemplateField(r),

  1104. 		OauthSection:            displayOauthSection,

  1105. 		OauthAccounts:           oauthAccounts,

  1106. 		OauthSlack:              enableOauthSlack,

  1107. 		OauthWriteAs:            enableOauthWriteAs,

  1108. 		OauthGitLab:             enableOauthGitLab,

  1109. 		GitLabDisplayName:       config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),

  1110. 		OauthGeneric:            enableOauthGeneric,

  1111. 		OauthGenericDisplayName: config.OrDefaultString(app.Config().GenericOauth.DisplayName, genericOauthDisplayName),

  1112. 		OauthGitea:              enableOauthGitea,

  1113. 		GiteaDisplayName:        config.OrDefaultString(app.Config().GiteaOauth.DisplayName, giteaDisplayName),

  1114. 	}

  1115. 

  1116. 	showUserPage(w, "settings", obj)

  1117. 	return nil

  1118. }

  1119. 

  1120. func saveTempInfo(app *App, key, val string, r *http.Request, w http.ResponseWriter) error {

  1121. 	session, err := app.sessionStore.Get(r, "t")

  1122. 	if err != nil {

  1123. 		return ErrInternalCookieSession

  1124. 	}

  1125. 

  1126. 	session.Values[key] = val

  1127. 	err = session.Save(r, w)

  1128. 	if err != nil {

  1129. 		log.Error("Couldn't saveTempInfo for key-val (%s:%s): %v", key, val, err)

  1130. 	}

  1131. 	return err

  1132. }

  1133. 

  1134. func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) string {

  1135. 	session, err := app.sessionStore.Get(r, "t")

  1136. 	if err != nil {

  1137. 		return ""

  1138. 	}

  1139. 

  1140. 	// Get the information

  1141. 	var s = ""

  1142. 	var ok bool

  1143. 	if s, ok = session.Values[key].(string); !ok {

  1144. 		return ""

  1145. 	}

  1146. 

  1147. 	// Delete cookie

  1148. 	session.Options.MaxAge = -1

  1149. 	err = session.Save(r, w)

  1150. 	if err != nil {

  1151. 		log.Error("Couldn't erase temp data for key %s: %v", key, err)

  1152. 	}

  1153. 

  1154. 	// Return value

  1155. 	return s

  1156. }

  1157. 

  1158. func handleUserDelete(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  1159. 	if !app.cfg.App.OpenDeletion {

  1160. 		return impart.HTTPError{http.StatusForbidden, "Open account deletion is disabled on this instance."}

  1161. 	}

  1162. 

  1163. 	confirmUsername := r.PostFormValue("confirm-username")

  1164. 	if u.Username != confirmUsername {

  1165. 		return impart.HTTPError{http.StatusBadRequest, "Confirmation username must match your username exactly."}

  1166. 	}

  1167. 

  1168. 	// Check for account deletion safeguards in place

  1169. 	if u.IsAdmin() {

  1170. 		return impart.HTTPError{http.StatusForbidden, "Cannot delete admin."}

  1171. 	}

  1172. 

  1173. 	err := app.db.DeleteAccount(u.ID)

  1174. 	if err != nil {

  1175. 		log.Error("user delete account: %v", err)

  1176. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not delete account: %v", err)}

  1177. 	}

  1178. 

  1179. 	// FIXME: This doesn't ever appear to the user, as (I believe) the value is erased when the session cookie is reset

  1180. 	_ = addSessionFlash(app, w, r, "Thanks for writing with us! You account was deleted successfully.", nil)

  1181. 	return impart.HTTPError{http.StatusFound, "/me/logout"}

  1182. }

  1183. 

  1184. func removeOauth(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  1185. 	provider := r.FormValue("provider")

  1186. 	clientID := r.FormValue("client_id")

  1187. 	remoteUserID := r.FormValue("remote_user_id")

  1188. 

  1189. 	err := app.db.RemoveOauth(r.Context(), u.ID, provider, clientID, remoteUserID)

  1190. 	if err != nil {

  1191. 		return impart.HTTPError{Status: http.StatusInternalServerError, Message: err.Error()}

  1192. 	}

  1193. 

  1194. 	return impart.HTTPError{Status: http.StatusFound, Message: "/me/settings"}

  1195. }

  1196. 

  1197. func prepareUserEmail(input string, emailKey []byte) zero.String {

  1198. 	email := zero.NewString("", input != "")

  1199. 	if len(input) > 0 {

  1200. 		encEmail, err := data.Encrypt(emailKey, input)

  1201. 		if err != nil {

  1202. 			log.Error("Unable to encrypt email: %s\n", err)

  1203. 		} else {

  1204. 			email.String = string(encEmail)

  1205. 

  1206. 		}

  1207. 	}

  1208. 	return email

  1209. }