注册帐号时，如果尚未验证，再发一次验证信 (#765)

* 注册帐号时，如果尚未验证，再发一次验证信 * 修正2个bug。 1:未验证显示密码错误 2:未验证无法重发email * 小修正，如果已存在user，拿已有user资讯取代掉新user资讯来寄送激活码 * 激活码改成激活邮件 * 忘记密码以后，重设二步验证设定 * Revert "忘记密码以后，重设二步验证设定" This reverts commit c5ac10b11c. * 實作 https://github.com/cloudreve/Cloudreve/pull/765#discussion_r584313520
2021-03-02 12:43:14 +08:00 · 2021-03-02 12:43:14 +08:00 · a276be4098
commit a276be4098
parent 4cf6c81534
5 changed files with 31 additions and 7 deletions
--- a/middleware/auth.go
+++ b/middleware/auth.go
@ -90,7 +90,7 @@ func WebDAVAuth() gin.HandlerFunc {
 			return
 		}

-		expectedUser, err := model.GetUserByEmail(username)
+		expectedUser, err := model.GetActiveUserByEmail(username)
 		if err != nil {
 			c.Status(http.StatusUnauthorized)
 			c.Abort()
--- a/models/user.go
+++ b/models/user.go
@ -139,6 +139,13 @@ func GetActiveUserByOpenID(openid string) (User, error) {

 // GetUserByEmail 用Email获取用户
 func GetUserByEmail(email string) (User, error) {
+	var user User
+	result := DB.Set("gorm:auto_preload", true).Where("email = ?", email).First(&user)
+	return user, result.Error
+}
+
+// GetActiveUserByEmail 用Email获取可登录用户
+func GetActiveUserByEmail(email string) (User, error) {
 	var user User
 	result := DB.Set("gorm:auto_preload", true).Where("status = ? and email = ?", Active, email).First(&user)
 	return user, result.Error
--- a/routers/controllers/user.go
+++ b/routers/controllers/user.go
@ -18,7 +18,7 @@ import (
 // StartLoginAuthn 开始注册WebAuthn登录
 func StartLoginAuthn(c *gin.Context) {
 	userName := c.Param("username")
-	expectedUser, err := model.GetUserByEmail(userName)
+	expectedUser, err := model.GetActiveUserByEmail(userName)
 	if err != nil {
 		c.JSON(200, serializer.Err(serializer.CodeNotFound, "用户不存在", err))
 		return
@ -52,7 +52,7 @@ func StartLoginAuthn(c *gin.Context) {
 // FinishLoginAuthn 完成注册WebAuthn登录
 func FinishLoginAuthn(c *gin.Context) {
 	userName := c.Param("username")
-	expectedUser, err := model.GetUserByEmail(userName)
+	expectedUser, err := model.GetActiveUserByEmail(userName)
 	if err != nil {
 		c.JSON(200, serializer.Err(serializer.CodeCredentialInvalid, "用户邮箱或密码错误", err))
 		return
--- a/service/user/login.go
+++ b/service/user/login.go
@ -94,6 +94,12 @@ func (service *UserResetEmailService) Reset(c *gin.Context) serializer.Response
 	// 查找用户
 	if user, err := model.GetUserByEmail(service.UserName); err == nil {

+		if user.Status == model.Baned || user.Status == model.OveruseBaned {
+			return serializer.Err(403, "该账号已被封禁", nil)
+		}
+		if user.Status == model.NotActivicated {
+			return serializer.Err(403, "该账号未激活", nil)
+		}
 		// 创建密码重设会话
 		secret := util.RandStringRunes(32)
 		cache.Set(fmt.Sprintf("user_reset_%d", user.ID), secret, 3600)
--- a/service/user/register.go
+++ b/service/user/register.go
@ -64,10 +64,17 @@ func (service *UserRegisterService) Register(c *gin.Context) serializer.Response
 		user.Status = model.NotActivicated
 	}
 	user.GroupID = uint(defaultGroup)
-
+	userNotActivated := false
 	// 创建用户
 	if err := model.DB.Create(&user).Error; err != nil {
-		return serializer.DBErr("此邮箱已被使用", err)
+		//检查已存在使用者是否尚未激活
+		expectedUser, err := model.GetUserByEmail(service.UserName)
+		if expectedUser.Status == model.NotActivicated {
+			userNotActivated = true
+			user = expectedUser
+		} else {
+			return serializer.DBErr("此邮箱已被使用", err)
+		}
 	}

 	// 发送激活邮件
@ -100,8 +107,12 @@ func (service *UserRegisterService) Register(c *gin.Context) serializer.Response
 		if err := email.Send(user.Email, title, body); err != nil {
 			return serializer.Err(serializer.CodeInternalSetting, "无法发送激活邮件", err)
 		}
-
-		return serializer.Response{Code: 203}
+		if userNotActivated == true {
+			//原本在上面要抛出的DBErr，放来这边抛出
+			return serializer.DBErr("用户未激活，已重新发送激活邮件", nil)
+		} else {
+			return serializer.Response{Code: 203}
+		}
 	}

 	return serializer.Response{}