public function activate($tokenid = null)
{
$token = $tokenid ? db()->table('token')->get('token', $tokenid)->fetch() : null;
#The token should have been created by the Auth Server
if ($token && $token->app !== null) {
throw new PublicException('Token level insufficient', 403);
}
if ($token) {
$token->user->verified = 1;
$token->user->store();
} else {
$token = TokenModel::create(null, 1800, false);
$token->user = $this->user;
$token->store();
$url = new absoluteURL('user', 'activate', $token->token);
EmailModel::queue($this->user->email, 'Activate your account', sprintf('Click here to activate your account: <a href="%s">%s</a>', $url, $url));
}
#We need to redirect the user back to the home page
$this->response->getHeaders()->redirect(new URL(array('message' => 'success')));
}
/**
*
* GET Parameters:
* - appId - Id of the app trying to relay the message
* - appSecret - App Secret to authenticate the App
* - userId - Either a valid email or a user id
*
* @todo Introduce email permissions for certain applications
* @param int $userid Deprecated, do not use
* @throws PublicException
* @throws Exception
* @throws HTTPMethodException
*/
public function send($userid = null)
{
//TODO: Add search by username
try {
#Check if the request is post and subject and body are not empty
if (!$this->request->isPost()) {
throw new HTTPMethodException();
}
/*
* Retrieve the email / userId from the request. This should either be posted
* or getted.
*/
$userid = isset($_GET['to']) ? $_GET['to'] : _def($_POST['to'], $userid);
/*
* We check whether we received any data at all via POST for the recipient.
* We can obviously not relay any email to any user if we don't know where
* to send it to.
*/
if (!$userid) {
throw new PublicException('This enpoint requires a recipient');
}
/*
* Get the application authorizing the email. Although we do not log this
* right now, it's gonna be invaluable to help determining whether an app
* was compromised and is sending garbage.
*/
if (!$this->token) {
$app = db()->table('authapp')->get('appID', $_GET['appId'])->addRestriction('appSecret', $_GET['appSecret'])->fetch();
} else {
$app = $this->token->app;
}
if (!$app) {
throw new Exception('Could not authenticate the application trying to send the email');
}
/*
* Determine what kind of id you were sent to determine where to send the
* email to.
*/
if (filter_var($userid, FILTER_VALIDATE_EMAIL)) {
$email = $userid;
} elseif (is_numeric($userid)) {
$user = db()->table('user')->get('_id', _def($_POST['to'], $userid))->fetch();
$email = $user->email;
}
$vsubject = validate()->addRule(new EmptyValidationRule('Subject cannot be empty'));
$vcontent = validate()->addRule(new EmptyValidationRule('Message body cannot be empty'));
validate($vsubject->setValue($_POST['subject']), $vcontent->setValue($_POST['body']));
#Create the message and put it into the message queue
EmailModel::queue($email, $vsubject->getValue(), $vcontent->getValue())->store();
#Everything was okay - that's it. The email will be delivered later
} catch (ValidationException $e) {
$this->view->set('errors', $e->getResult());
} catch (HTTPMethodException $e) {
//Do nothing, we'll serve it with get
}
}
