gonito/Handler/YourAccount.hs

module Handler.YourAccount where

import Import
import Yesod.Form.Bootstrap3 (BootstrapFormLayout (..), renderBootstrap3, bfs)

import Data.Conduit.Binary
import qualified Data.ByteString as S
import qualified Data.ByteString.Lazy as L

import System.Directory
import System.Process
import System.IO

import Handler.Common (passwordConfirmField, updatePassword, isPasswordAcceptable, tooWeakPasswordMessage)
import Handler.Shared

getYourAccountR :: Handler Html
getYourAccountR = do
    userId <- requireAuthId
    user <- runDB $ get404 userId

    enableTriggerToken userId (userTriggerToken user)

    mIndividualKey <- fetchIndividualKey $ userLocalId user

    keyS <- runDB $ selectFirst [PublicKeyUser ==. userId] []
    let key = publicKeyPubkey <$> entityVal <$> keyS
    (formWidget, formEnctype) <- generateFormPost (yourAccountForm (userName user) (userLocalId user) key (userAltRepoScheme user) (userIsAnonymous user))
    defaultLayout $ do
        setTitle "Your account"
        $(widgetFile "your-account")

fetchIndividualKey :: Maybe Text -> Handler (Maybe Text)
fetchIndividualKey Nothing = return Nothing
fetchIndividualKey (Just localId) = do
  arenaDir <- arena
  let individualKeysDir = arenaDir ++ "/individual-keys"
  liftIO $ createDirectoryIfMissing True individualKeysDir

  let individualKeyPath = (unpack individualKeysDir) ++ "/" ++ (unpack localId)
  let individualComment = (unpack localId) ++ "@gonito"

  let individualPubKeyPath = individualKeyPath ++ ".pub"

  isKeyGenerated <- liftIO $ doesFileExist individualPubKeyPath
  if not isKeyGenerated
   then
    do
          _ <- liftIO $ callProcess "/usr/bin/ssh-keygen" ["-t", "RSA", "-f", individualKeyPath, "-N",  "", "-C", individualComment]
          return ()
   else
    return ()

  fhandle <- liftIO $ openFile individualPubKeyPath ReadMode
  contents <- liftIO $ System.IO.hGetContents fhandle

  return $ Just $ pack contents

postYourAccountR :: Handler Html
postYourAccountR = do
    ((result, formWidget), formEnctype) <- runFormPost (yourAccountForm Nothing Nothing Nothing Nothing False)
    userId <- requireAuthId
    user <- runDB $ get404 userId

    enableTriggerToken userId (userTriggerToken user)

    let accountData = case result of
            FormSuccess res -> Just res
            _ -> Nothing
    mIndividualKey <- case accountData of
        Just (name, localId, mPassword, sshPubKey, mAltRepoScheme, avatarFile, anonimised) -> do
          if checkPassword mPassword
            then
             do
              mIndKey <- fetchIndividualKey localId
              updateUserAccount userId name localId mPassword sshPubKey mAltRepoScheme avatarFile anonimised
              return mIndKey
             else
              do
               tooWeakPasswordMessage
               return Nothing
        Nothing -> do
          setMessage $ toHtml ("Something went wrong, probably the password did not match" :: Text)
          return Nothing
    defaultLayout $ do
      setTitle "Your account"
      $(widgetFile "your-account")

checkPassword :: Maybe Text -> Bool
checkPassword Nothing = True
checkPassword (Just "") = True
checkPassword (Just passwd) = isPasswordAcceptable passwd

autocompleteOff :: (RenderMessage master msg2, RenderMessage master msg1) => msg1 -> msg2 -> FieldSettings master
autocompleteOff name tooltip = setts { fsAttrs = (fsAttrs setts) ++ [("autocomplete", "nope")]}
   where setts = (bfs name) { fsTooltip = Just $ SomeMessage tooltip }

yourAccountForm :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Bool -> Form (Maybe Text, Maybe Text, Maybe Text, Maybe Text, Maybe Text, Maybe FileInfo, Bool)
yourAccountForm maybeName maybeLocalId maybeSshPubKey maybeAltRepoScheme anonimised = renderBootstrap3 BootstrapBasicForm $ (,,,,,,)
    <$> aopt textField (fieldWithTooltip MsgAccountName MsgAccountNameTooltip) (Just maybeName)
    <*> aopt textField (autocompleteOff MsgId MsgIdTooltip) (Just maybeLocalId)
    <*> aopt passwordConfirmField (bfs MsgPassword) Nothing
    <*> aopt textField (fieldWithTooltip MsgSshPubKey MsgSshPubKeyTooltip) (Just maybeSshPubKey)
    <*> aopt textField (fieldWithTooltip MsgAltRepoScheme MsgAltRepoSchemeTooltip) (Just maybeAltRepoScheme)
    <*> fileAFormOpt (bfs MsgAvatar)
    <*> areq checkBoxField (bfs MsgWantToBeAnonimised) (Just anonimised)

updateUserAccount :: Key User -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe FileInfo -> Bool -> Handler ()
updateUserAccount userId name maybeLocalId maybePassword maybeSshPubKey maybeAltRepoScheme maybeAvatarFile anonimised = do
  updateJustName userId name
  updateAvatar userId maybeAvatarFile
  updateLocalIdAndPubKey userId maybeLocalId maybeSshPubKey
  updateAnonimity userId anonimised
  updateAltRepoScheme userId maybeAltRepoScheme
  case maybePassword of
    Nothing -> return ()
    Just "" -> return ()
    Just p -> updatePassword userId (Just p)

updateAvatar :: Key User -> Maybe FileInfo -> Handler ()
updateAvatar _ Nothing = return ()
updateAvatar userId (Just avatarFile) = do
  fileBytes <- runResourceT $ fileSource avatarFile $$ sinkLbs
  runDB $ update userId [UserAvatar =. Just (S.pack . L.unpack $ fileBytes)]

updateLocalIdAndPubKey :: Key User -> Maybe Text -> Maybe Text -> Handler ()
updateLocalIdAndPubKey userId (Just localId) maybeSshPubKey = do
  if isLocalIdAcceptable localId
    then
     do
      otherTheSame <- runDB $ selectFirst [UserLocalId ==. (Just localId), UserId !=. userId] []
      case otherTheSame of
        Just _ -> do
          setMessage $ toHtml ("ID already used" :: Text)
        Nothing -> do
          user <- runDB $ get404 userId
          case userLocalId user of
             Just prevLocalId -> do
               unless (prevLocalId == localId) $ setMessage $ toHtml ("only the administrator can change your ID" :: Text)
             Nothing -> do
               runDB $ update userId [UserLocalId =. Just localId]
               setMessage $ toHtml ("ID set" :: Text)
          runDB $ deleteWhere [PublicKeyUser ==. userId]
          case maybeSshPubKey of
            Just key -> do
              _ <- runDB $ insert $ PublicKey {
                publicKeyUser=userId,
                publicKeyPubkey=key }
              setMessage $ toHtml ("SSH public key added; now it may take 10 minutes for the keys to be active, please be patient" :: Text)
              return ()
            Nothing -> return ()
    else
      setMessage $ toHtml ("unexpected ID (use only lower-case letters, digits and hyphens, start with a letter)" :: Text)

updateLocalIdAndPubKey _ Nothing (Just _) = do
  setMessage $ toHtml ("SSH public key cannot be added without an ID" :: Text)

updateLocalIdAndPubKey _ Nothing Nothing = return ()

updateAltRepoScheme :: Key User -> Maybe Text -> Handler ()
updateAltRepoScheme userId mAltRepoScheme = runDB $ update userId [UserAltRepoScheme =. mAltRepoScheme]

updateJustName :: Key User -> Maybe Text -> Handler ()
updateJustName userId name = runDB $ update userId [UserName =. name]

updateAnonimity :: Key User -> Bool -> Handler ()
updateAnonimity userId anonimised = runDB $ update userId [UserIsAnonymous =. anonimised]

getAvatarR :: UserId -> Handler TypedContent
getAvatarR userId = do
    user <- runDB $ get404 userId
    case userAvatar user of
     Just avatarBytes -> do
       addHeader "Content-Disposition" "attachment; filename=\"avatar.png\""
       sendResponse (typePng, toContent avatarBytes)
     Nothing -> do
       sendFile typeSvg "static/images/male-avatar.svg"
add "your account" option 2015-09-30 20:15:33 +02:00			`module Handler.YourAccount where`

			`import Import`
remove some warnings 2016-12-03 13:36:32 +01:00			`import Yesod.Form.Bootstrap3 (BootstrapFormLayout (..), renderBootstrap3, bfs)`
add "your account" option 2015-09-30 20:15:33 +02:00
add avatars 2016-05-03 10:21:40 +02:00			`import Data.Conduit.Binary`
			`import qualified Data.ByteString as S`
			`import qualified Data.ByteString.Lazy as L`
create/verify password reset links 2017-02-18 10:26:02 +01:00
Generate invidual key 2022-01-19 10:48:38 +01:00			`import System.Directory`
			`import System.Process`
			`import System.IO`

password quality is checked in account settings as well 2017-02-18 10:59:27 +01:00			`import Handler.Common (passwordConfirmField, updatePassword, isPasswordAcceptable, tooWeakPasswordMessage)`
take description & tags from commit log message 2017-09-27 22:44:00 +02:00			`import Handler.Shared`

add "your account" option 2015-09-30 20:15:33 +02:00			`getYourAccountR :: Handler Html`
			`getYourAccountR = do`
			`userId <- requireAuthId`
			`user <- runDB $ get404 userId`
trigger evaluation remotely 2017-09-28 11:29:48 +02:00
			`enableTriggerToken userId (userTriggerToken user)`

Generate invidual key 2022-01-19 10:48:38 +01:00			`mIndividualKey <- fetchIndividualKey $ userLocalId user`

refactor for multiple public keys 2015-11-11 22:37:25 +01:00			`keyS <- runDB $ selectFirst [PublicKeyUser ==. userId] []`
			`let key = publicKeyPubkey <$> entityVal <$> keyS`
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`(formWidget, formEnctype) <- generateFormPost (yourAccountForm (userName user) (userLocalId user) key (userAltRepoScheme user) (userIsAnonymous user))`
add "your account" option 2015-09-30 20:15:33 +02:00			`defaultLayout $ do`
			`setTitle "Your account"`
			`$(widgetFile "your-account")`

Generate invidual key 2022-01-19 10:48:38 +01:00			`fetchIndividualKey :: Maybe Text -> Handler (Maybe Text)`
			`fetchIndividualKey Nothing = return Nothing`
			`fetchIndividualKey (Just localId) = do`
			`arenaDir <- arena`
			`let individualKeysDir = arenaDir ++ "/individual-keys"`
			`liftIO $ createDirectoryIfMissing True individualKeysDir`

			`let individualKeyPath = (unpack individualKeysDir) ++ "/" ++ (unpack localId)`
			`let individualComment = (unpack localId) ++ "@gonito"`

			`let individualPubKeyPath = individualKeyPath ++ ".pub"`

			`isKeyGenerated <- liftIO $ doesFileExist individualPubKeyPath`
			`if not isKeyGenerated`
			`then`
			`do`
Hook up individual keys 2022-01-19 12:46:23 +01:00			`_ <- liftIO $ callProcess "/usr/bin/ssh-keygen" ["-t", "RSA", "-f", individualKeyPath, "-N", "", "-C", individualComment]`
Generate invidual key 2022-01-19 10:48:38 +01:00			`return ()`
			`else`
			`return ()`

			`fhandle <- liftIO $ openFile individualPubKeyPath ReadMode`
			`contents <- liftIO $ System.IO.hGetContents fhandle`

			`return $ Just $ pack contents`

add "your account" option 2015-09-30 20:15:33 +02:00			`postYourAccountR :: Handler Html`
			`postYourAccountR = do`
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`((result, formWidget), formEnctype) <- runFormPost (yourAccountForm Nothing Nothing Nothing Nothing False)`
info on shutting down Person by Mozilla 2016-12-03 14:33:55 +01:00			`userId <- requireAuthId`
clarification as regards passwords 2016-12-03 15:19:11 +01:00			`user <- runDB $ get404 userId`
trigger evaluation remotely 2017-09-28 11:29:48 +02:00
			`enableTriggerToken userId (userTriggerToken user)`

remove some warnings 2016-12-03 13:36:32 +01:00			`let accountData = case result of`
add "your account" option 2015-09-30 20:15:33 +02:00			`FormSuccess res -> Just res`
			`_ -> Nothing`
Hook up individual keys 2022-01-19 12:46:23 +01:00			`mIndividualKey <- case accountData of`
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`Just (name, localId, mPassword, sshPubKey, mAltRepoScheme, avatarFile, anonimised) -> do`
password quality is checked in account settings as well 2017-02-18 10:59:27 +01:00			`if checkPassword mPassword`
			`then`
Hook up individual keys 2022-01-19 12:46:23 +01:00			`do`
			`mIndKey <- fetchIndividualKey localId`
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`updateUserAccount userId name localId mPassword sshPubKey mAltRepoScheme avatarFile anonimised`
Hook up individual keys 2022-01-19 12:46:23 +01:00			`return mIndKey`
			`else`
			`do`
			`tooWeakPasswordMessage`
			`return Nothing`
info on shutting down Person by Mozilla 2016-12-03 14:33:55 +01:00			`Nothing -> do`
			`setMessage $ toHtml ("Something went wrong, probably the password did not match" :: Text)`
Hook up individual keys 2022-01-19 12:46:23 +01:00			`return Nothing`
add "your account" option 2015-09-30 20:15:33 +02:00			`defaultLayout $ do`
info on shutting down Person by Mozilla 2016-12-03 14:33:55 +01:00			`setTitle "Your account"`
			`$(widgetFile "your-account")`

password quality is checked in account settings as well 2017-02-18 10:59:27 +01:00			`checkPassword :: Maybe Text -> Bool`
fix setting your account without changing the password 2017-02-26 09:54:05 +01:00			`checkPassword Nothing = True`
			`checkPassword (Just "") = True`
password quality is checked in account settings as well 2017-02-18 10:59:27 +01:00			`checkPassword (Just passwd) = isPasswordAcceptable passwd`
add "your account" option 2015-09-30 20:15:33 +02:00
improve creating challenges 2018-09-01 12:01:35 +02:00			`autocompleteOff :: (RenderMessage master msg2, RenderMessage master msg1) => msg1 -> msg2 -> FieldSettings master`
use tooltips instead of a list 2017-09-23 15:04:40 +02:00			`autocompleteOff name tooltip = setts { fsAttrs = (fsAttrs setts) ++ [("autocomplete", "nope")]}`
			`where setts = (bfs name) { fsTooltip = Just $ SomeMessage tooltip }`

Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`yourAccountForm :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Bool -> Form (Maybe Text, Maybe Text, Maybe Text, Maybe Text, Maybe Text, Maybe FileInfo, Bool)`
			`yourAccountForm maybeName maybeLocalId maybeSshPubKey maybeAltRepoScheme anonimised = renderBootstrap3 BootstrapBasicForm $ (,,,,,,)`
use tooltips instead of a list 2017-09-23 15:04:40 +02:00			`<$> aopt textField (fieldWithTooltip MsgAccountName MsgAccountNameTooltip) (Just maybeName)`
			`<*> aopt textField (autocompleteOff MsgId MsgIdTooltip) (Just maybeLocalId)`
login via HashDB 2016-12-03 14:14:39 +01:00			`<*> aopt passwordConfirmField (bfs MsgPassword) Nothing`
use tooltips instead of a list 2017-09-23 15:04:40 +02:00			`<*> aopt textField (fieldWithTooltip MsgSshPubKey MsgSshPubKeyTooltip) (Just maybeSshPubKey)`
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`<*> aopt textField (fieldWithTooltip MsgAltRepoScheme MsgAltRepoSchemeTooltip) (Just maybeAltRepoScheme)`
add avatars 2016-05-03 10:21:40 +02:00			`<*> fileAFormOpt (bfs MsgAvatar)`
add checkbox for anonimity 2017-03-18 14:51:09 +01:00			`<*> areq checkBoxField (bfs MsgWantToBeAnonimised) (Just anonimised)`
ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`updateUserAccount :: Key User -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe FileInfo -> Bool -> Handler ()`
			`updateUserAccount userId name maybeLocalId maybePassword maybeSshPubKey maybeAltRepoScheme maybeAvatarFile anonimised = do`
ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00			`updateJustName userId name`
add avatars 2016-05-03 10:21:40 +02:00			`updateAvatar userId maybeAvatarFile`
ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00			`updateLocalIdAndPubKey userId maybeLocalId maybeSshPubKey`
add checkbox for anonimity 2017-03-18 14:51:09 +01:00			`updateAnonimity userId anonimised`
Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`updateAltRepoScheme userId maybeAltRepoScheme`
fix setting your account without changing the password 2017-02-26 09:54:05 +01:00			`case maybePassword of`
			`Nothing -> return ()`
			`Just "" -> return ()`
			`Just p -> updatePassword userId (Just p)`
ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00
add avatars 2016-05-03 10:21:40 +02:00			`updateAvatar :: Key User -> Maybe FileInfo -> Handler ()`
			`updateAvatar _ Nothing = return ()`
			`updateAvatar userId (Just avatarFile) = do`
			`fileBytes <- runResourceT $ fileSource avatarFile $$ sinkLbs`
			`runDB $ update userId [UserAvatar =. Just (S.pack . L.unpack $ fileBytes)]`

ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00			`updateLocalIdAndPubKey :: Key User -> Maybe Text -> Maybe Text -> Handler ()`
			`updateLocalIdAndPubKey userId (Just localId) maybeSshPubKey = do`
			`if isLocalIdAcceptable localId`
			`then`
			`do`
			`otherTheSame <- runDB $ selectFirst [UserLocalId ==. (Just localId), UserId !=. userId] []`
			`case otherTheSame of`
			`Just _ -> do`
			`setMessage $ toHtml ("ID already used" :: Text)`
			`Nothing -> do`
			`user <- runDB $ get404 userId`
			`case userLocalId user of`
			`Just prevLocalId -> do`
			`unless (prevLocalId == localId) $ setMessage $ toHtml ("only the administrator can change your ID" :: Text)`
info on keys 2016-03-14 21:12:54 +01:00			`Nothing -> do`
			`runDB $ update userId [UserLocalId =. Just localId]`
			`setMessage $ toHtml ("ID set" :: Text)`
refactor for multiple public keys 2015-11-11 22:37:25 +01:00			`runDB $ deleteWhere [PublicKeyUser ==. userId]`
			`case maybeSshPubKey of`
			`Just key -> do`
remove some warnings 2016-12-03 13:36:32 +01:00			`_ <- runDB $ insert $ PublicKey {`
refactor for multiple public keys 2015-11-11 22:37:25 +01:00			`publicKeyUser=userId,`
			`publicKeyPubkey=key }`
info on keys 2016-03-14 21:12:54 +01:00			`setMessage $ toHtml ("SSH public key added; now it may take 10 minutes for the keys to be active, please be patient" :: Text)`
refactor for multiple public keys 2015-11-11 22:37:25 +01:00			`return ()`
			`Nothing -> return ()`
ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00			`else`
			`setMessage $ toHtml ("unexpected ID (use only lower-case letters, digits and hyphens, start with a letter)" :: Text)`

			`updateLocalIdAndPubKey _ Nothing (Just _) = do`
			`setMessage $ toHtml ("SSH public key cannot be added without an ID" :: Text)`

			`updateLocalIdAndPubKey _ Nothing Nothing = return ()`

Be possible to set alternative repo scheme 2020-02-21 23:16:06 +01:00			`updateAltRepoScheme :: Key User -> Maybe Text -> Handler ()`
			`updateAltRepoScheme userId mAltRepoScheme = runDB $ update userId [UserAltRepoScheme =. mAltRepoScheme]`

ID and SSH pub key can be set by the user 2015-11-10 21:35:42 +01:00			`updateJustName :: Key User -> Maybe Text -> Handler ()`
			`updateJustName userId name = runDB $ update userId [UserName =. name]`
add avatars 2016-05-03 10:21:40 +02:00
add checkbox for anonimity 2017-03-18 14:51:09 +01:00			`updateAnonimity :: Key User -> Bool -> Handler ()`
			`updateAnonimity userId anonimised = runDB $ update userId [UserIsAnonymous =. anonimised]`
add avatars 2016-05-03 10:21:40 +02:00
			`getAvatarR :: UserId -> Handler TypedContent`
			`getAvatarR userId = do`
			`user <- runDB $ get404 userId`
			`case userAvatar user of`
			`Just avatarBytes -> do`
			`addHeader "Content-Disposition" "attachment; filename=\"avatar.png\""`
			`sendResponse (typePng, toContent avatarBytes)`
			`Nothing -> do`
			`sendFile typeSvg "static/images/male-avatar.svg"`