| 
									
										
										
										
											2024-12-09 21:11:46 +01:00
										 |  |  | // Copyright (C) 2023-present sam/u1f320 (vulpine.solutions) | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // This program is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  | // it under the terms of the GNU Affero General Public License as published | 
					
						
							|  |  |  | // by the Free Software Foundation, either version 3 of the License, or | 
					
						
							|  |  |  | // (at your option) any later version. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // This program is distributed in the hope that it will be useful, | 
					
						
							|  |  |  | // but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							|  |  |  | // GNU Affero General Public License for more details. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // You should have received a copy of the GNU Affero General Public License | 
					
						
							|  |  |  | // along with this program.  If not, see <https://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  | using System.Net; | 
					
						
							|  |  |  | using EntityFramework.Exceptions.Common; | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  | using Foxnouns.Backend.Database; | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | using Foxnouns.Backend.Database.Models; | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  | using Foxnouns.Backend.Dto; | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | using Foxnouns.Backend.Extensions; | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  | using Foxnouns.Backend.Middleware; | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  | using Foxnouns.Backend.Services; | 
					
						
							| 
									
										
										
										
											2024-11-03 02:07:07 +01:00
										 |  |  | using Foxnouns.Backend.Services.Auth; | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | using Foxnouns.Backend.Utils; | 
					
						
							| 
									
										
										
										
											2024-09-14 16:37:52 +02:00
										 |  |  | using JetBrains.Annotations; | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  | using Microsoft.AspNetCore.Mvc; | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | using Microsoft.EntityFrameworkCore; | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  | using NodaTime; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace Foxnouns.Backend.Controllers.Authentication; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  | [Route("/api/internal/auth/email")] | 
					
						
							| 
									
										
										
										
											2024-12-10 15:28:44 +01:00
										 |  |  | [ApiExplorerSettings(IgnoreApi = true)] | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  | public class EmailAuthController( | 
					
						
							| 
									
										
										
										
											2024-09-14 16:37:52 +02:00
										 |  |  |     [UsedImplicitly] Config config, | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  |     DatabaseContext db, | 
					
						
							| 
									
										
										
										
											2024-09-09 14:50:00 +02:00
										 |  |  |     AuthService authService, | 
					
						
							|  |  |  |     MailService mailService, | 
					
						
							| 
									
										
										
										
											2024-12-11 21:17:46 +01:00
										 |  |  |     EmailRateLimiter rateLimiter, | 
					
						
							| 
									
										
										
										
											2024-09-09 14:50:00 +02:00
										 |  |  |     KeyCacheService keyCacheService, | 
					
						
							|  |  |  |     UserRendererService userRenderer, | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  |     IClock clock, | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |     ILogger logger | 
					
						
							|  |  |  | ) : ApiControllerBase | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2024-09-04 14:25:44 +02:00
										 |  |  |     private readonly ILogger _logger = logger.ForContext<EmailAuthController>(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |     [HttpPost("register/init")] | 
					
						
							|  |  |  |     public async Task<IActionResult> RegisterInitAsync( | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |         [FromBody] EmailRegisterRequest req, | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         CancellationToken ct = default | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |         CheckRequirements(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         if (!req.Email.Contains('@')) | 
					
						
							|  |  |  |             throw new ApiError.BadRequest("Email is invalid", "email", req.Email); | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         string state = await keyCacheService.GenerateRegisterEmailStateAsync(req.Email, null, ct); | 
					
						
							| 
									
										
										
										
											2024-09-11 16:23:45 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |         // If there's already a user with that email address, pretend we sent an email but actually ignore it | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         if ( | 
					
						
							|  |  |  |             await db.AuthMethods.AnyAsync( | 
					
						
							|  |  |  |                 a => a.AuthType == AuthType.Email && a.RemoteId == req.Email, | 
					
						
							|  |  |  |                 ct | 
					
						
							|  |  |  |             ) | 
					
						
							|  |  |  |         ) | 
					
						
							| 
									
										
										
										
											2024-12-08 15:17:18 +01:00
										 |  |  |         { | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  |             return NoContent(); | 
					
						
							| 
									
										
										
										
											2024-12-08 15:17:18 +01:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-11 21:17:46 +01:00
										 |  |  |         if (IsRateLimited()) | 
					
						
							|  |  |  |             return NoContent(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-09 14:50:00 +02:00
										 |  |  |         mailService.QueueAccountCreationEmail(req.Email, state); | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  |         return NoContent(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [HttpPost("callback")] | 
					
						
							| 
									
										
										
										
											2024-12-11 01:48:07 +01:00
										 |  |  |     public async Task<IActionResult> CallbackAsync([FromBody] EmailCallbackRequest req) | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |         CheckRequirements(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         RegisterEmailState? state = await keyCacheService.GetRegisterEmailStateAsync(req.State); | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |         if (state is not { ExistingUserId: null }) | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |             throw new ApiError.BadRequest("Invalid state", "state", req.State); | 
					
						
							| 
									
										
										
										
											2024-09-11 16:23:45 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         string ticket = AuthUtils.RandomToken(); | 
					
						
							| 
									
										
										
										
											2024-09-11 16:23:45 +02:00
										 |  |  |         await keyCacheService.SetKeyAsync($"email:{ticket}", state.Email, Duration.FromMinutes(20)); | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         return Ok(new CallbackResponse(false, ticket, state.Email, null, null, null)); | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |     [HttpPost("register")] | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |     public async Task<IActionResult> CompleteRegistrationAsync( | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |         [FromBody] EmailCompleteRegistrationRequest req | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |     ) | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2024-10-02 21:05:52 +02:00
										 |  |  |         CheckRequirements(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         string? email = await keyCacheService.GetKeyAsync($"email:{req.Ticket}"); | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         if (email == null) | 
					
						
							|  |  |  |             throw new ApiError.BadRequest("Unknown ticket", "ticket", req.Ticket); | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         User user = await authService.CreateUserWithPasswordAsync( | 
					
						
							|  |  |  |             req.Username, | 
					
						
							|  |  |  |             email, | 
					
						
							|  |  |  |             req.Password | 
					
						
							|  |  |  |         ); | 
					
						
							|  |  |  |         Application frontendApp = await db.GetFrontendApplicationAsync(); | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         (string? tokenStr, Token? token) = authService.GenerateToken( | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |             user, | 
					
						
							|  |  |  |             frontendApp, | 
					
						
							|  |  |  |             ["*"], | 
					
						
							|  |  |  |             clock.GetCurrentInstant() + Duration.FromDays(365) | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |         db.Add(token); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-11 16:23:45 +02:00
										 |  |  |         await db.SaveChangesAsync(); | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-11 16:23:45 +02:00
										 |  |  |         await keyCacheService.DeleteKeyAsync($"email:{req.Ticket}"); | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         return Ok( | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |             new AuthResponse( | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |                 await userRenderer.RenderUserAsync(user, user, renderMembers: false), | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |                 tokenStr, | 
					
						
							|  |  |  |                 token.ExpiresAt | 
					
						
							|  |  |  |             ) | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  |     [HttpPost("login")] | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |     [ProducesResponseType<AuthResponse>(StatusCodes.Status200OK)] | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |     public async Task<IActionResult> LoginAsync( | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |         [FromBody] EmailLoginRequest req, | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         CancellationToken ct = default | 
					
						
							|  |  |  |     ) | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |         CheckRequirements(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         (User? user, AuthService.EmailAuthenticationResult authenticationResult) = | 
					
						
							|  |  |  |             await authService.AuthenticateUserAsync(req.Email, req.Password, ct); | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  |         if (authenticationResult == AuthService.EmailAuthenticationResult.MfaRequired) | 
					
						
							|  |  |  |             throw new NotImplementedException("MFA is not implemented yet"); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         Application frontendApp = await db.GetFrontendApplicationAsync(ct); | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-04 14:25:44 +02:00
										 |  |  |         _logger.Debug("Logging user {Id} in with email and password", user.Id); | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         (string? tokenStr, Token? token) = authService.GenerateToken( | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |             user, | 
					
						
							|  |  |  |             frontendApp, | 
					
						
							|  |  |  |             ["*"], | 
					
						
							|  |  |  |             clock.GetCurrentInstant() + Duration.FromDays(365) | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  |         db.Add(token); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-04 14:25:44 +02:00
										 |  |  |         _logger.Debug("Generated token {TokenId} for {UserId}", token.Id, user.Id); | 
					
						
							| 
									
										
										
										
											2024-06-12 16:19:49 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-09 14:37:59 +02:00
										 |  |  |         await db.SaveChangesAsync(ct); | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |         return Ok( | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |             new AuthResponse( | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |                 await userRenderer.RenderUserAsync(user, user, renderMembers: false, ct: ct), | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  |                 tokenStr, | 
					
						
							|  |  |  |                 token.ExpiresAt | 
					
						
							|  |  |  |             ) | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2024-06-12 03:47:20 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |     [HttpPost("change-password")] | 
					
						
							|  |  |  |     [Authorize("*")] | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |     public async Task<IActionResult> UpdatePasswordAsync([FromBody] EmailChangePasswordRequest req) | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |     { | 
					
						
							|  |  |  |         if (!await authService.ValidatePasswordAsync(CurrentUser!, req.Current)) | 
					
						
							|  |  |  |             throw new ApiError.Forbidden("Invalid password"); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         ValidationUtils.Validate([("new", ValidationUtils.ValidatePassword(req.New))]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         await authService.SetUserPasswordAsync(CurrentUser!, req.New); | 
					
						
							|  |  |  |         await db.SaveChangesAsync(); | 
					
						
							|  |  |  |         return NoContent(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     [HttpPost("add-email")] | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  |     [Authorize("*")] | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |     public async Task<IActionResult> AddEmailAddressAsync([FromBody] AddEmailAddressRequest req) | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2024-10-02 21:05:52 +02:00
										 |  |  |         CheckRequirements(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         List<AuthMethod> emails = await db | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |             .AuthMethods.Where(m => m.UserId == CurrentUser!.Id && m.AuthType == AuthType.Email) | 
					
						
							|  |  |  |             .ToListAsync(); | 
					
						
							|  |  |  |         if (emails.Count > AuthUtils.MaxAuthMethodsPerType) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             throw new ApiError.BadRequest( | 
					
						
							|  |  |  |                 "Too many email addresses, maximum of 3 per account.", | 
					
						
							|  |  |  |                 "email", | 
					
						
							|  |  |  |                 null | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 02:46:39 +02:00
										 |  |  |         if (emails.Count != 0) | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |         { | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |             if (!await authService.ValidatePasswordAsync(CurrentUser!, req.Password)) | 
					
						
							| 
									
										
										
										
											2024-10-02 02:46:39 +02:00
										 |  |  |                 throw new ApiError.Forbidden("Invalid password"); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         else | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             await authService.SetUserPasswordAsync(CurrentUser!, req.Password); | 
					
						
							|  |  |  |             await db.SaveChangesAsync(); | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         string state = await keyCacheService.GenerateRegisterEmailStateAsync( | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |             req.Email, | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |             CurrentUser!.Id | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |         ); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         bool emailExists = await db | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |             .AuthMethods.Where(m => m.AuthType == AuthType.Email && m.RemoteId == req.Email) | 
					
						
							|  |  |  |             .AnyAsync(); | 
					
						
							|  |  |  |         if (emailExists) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             return NoContent(); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-11 21:17:46 +01:00
										 |  |  |         if (IsRateLimited()) | 
					
						
							|  |  |  |             return NoContent(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 00:52:49 +02:00
										 |  |  |         mailService.QueueAddEmailAddressEmail(req.Email, state, CurrentUser.Username); | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  |         return NoContent(); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |     [HttpPost("add-email/callback")] | 
					
						
							|  |  |  |     [Authorize("*")] | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |     public async Task<IActionResult> AddEmailCallbackAsync([FromBody] EmailCallbackRequest req) | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |     { | 
					
						
							|  |  |  |         CheckRequirements(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |         RegisterEmailState? state = await keyCacheService.GetRegisterEmailStateAsync(req.State); | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |         if (state?.ExistingUserId != CurrentUser!.Id) | 
					
						
							|  |  |  |             throw new ApiError.BadRequest("Invalid state", "state", req.State); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         try | 
					
						
							|  |  |  |         { | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |             AuthMethod authMethod = await authService.AddAuthMethodAsync( | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |                 CurrentUser.Id, | 
					
						
							|  |  |  |                 AuthType.Email, | 
					
						
							|  |  |  |                 state.Email | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |             _logger.Debug( | 
					
						
							|  |  |  |                 "Added email auth {AuthId} for user {UserId}", | 
					
						
							|  |  |  |                 authMethod.Id, | 
					
						
							|  |  |  |                 CurrentUser.Id | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return Ok( | 
					
						
							| 
									
										
										
										
											2024-12-08 20:17:30 +01:00
										 |  |  |                 new AddOauthAccountResponse( | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |                     authMethod.Id, | 
					
						
							|  |  |  |                     AuthType.Email, | 
					
						
							|  |  |  |                     authMethod.RemoteId, | 
					
						
							| 
									
										
										
										
											2024-12-08 15:07:25 +01:00
										 |  |  |                     null | 
					
						
							| 
									
										
										
										
											2024-12-04 17:43:02 +01:00
										 |  |  |                 ) | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         catch (UniqueConstraintException) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             throw new ApiError( | 
					
						
							|  |  |  |                 "That email address is already linked.", | 
					
						
							|  |  |  |                 HttpStatusCode.BadRequest, | 
					
						
							|  |  |  |                 ErrorCode.AccountAlreadyLinked | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-10-02 00:15:14 +02:00
										 |  |  |     public record AddEmailAddressRequest(string Email, string Password); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |     private void CheckRequirements() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2024-10-01 21:58:13 +02:00
										 |  |  |         if (!config.EmailAuth.Enabled) | 
					
						
							| 
									
										
										
										
											2024-09-10 02:39:07 +02:00
										 |  |  |             throw new ApiError.BadRequest("Email authentication is not enabled on this instance."); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2024-12-11 21:17:46 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /// <summary> | 
					
						
							|  |  |  |     /// Checks whether the context's IP address is rate limited from dispatching emails. | 
					
						
							|  |  |  |     /// </summary> | 
					
						
							|  |  |  |     private bool IsRateLimited() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if (HttpContext.Connection.RemoteIpAddress == null) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             _logger.Information( | 
					
						
							|  |  |  |                 "No remote IP address in HTTP context for email-related request, ignoring as we can't rate limit it" | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |             return true; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ( | 
					
						
							|  |  |  |             !rateLimiter.IsLimited( | 
					
						
							|  |  |  |                 HttpContext.Connection.RemoteIpAddress.ToString(), | 
					
						
							|  |  |  |                 out Duration retryAfter | 
					
						
							|  |  |  |             ) | 
					
						
							|  |  |  |         ) | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         _logger.Information( | 
					
						
							|  |  |  |             "IP address cannot send email until {RetryAfter}, ignoring", | 
					
						
							|  |  |  |             retryAfter | 
					
						
							|  |  |  |         ); | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2024-10-02 00:28:07 +02:00
										 |  |  | } |