Commit f5e507b5 authored by o@immerda.ch's avatar o@immerda.ch
Browse files

greatly simplify trees token management and add recovery email feature

parent f8c947e7
// Place all the styles related to the recovery_email controller here.
// They will automatically be included in application.css.
// You can use Sass (SCSS) here: http://sass-lang.com/
......@@ -31,11 +31,6 @@ class ApplicationController < ActionController::Base
end
helper_method :recovery_token
def recovery_token_present?
session[:trees_token_present]
end
helper_method :recovery_token_present?
def admin?
@is_admin ||= Admin::Enabled && Admin::Admins.include?(current_user)
end
......
......@@ -92,22 +92,23 @@ module ApiBackend
end
def self.trees_token(user, pw)
post(["reveal_recovery_token"], {"email"=> user, "password" => pw})
post(["generate_recovery_token"], {"email"=> user, "password" => pw})
end
def self.trees_delete_token(user, pw)
post(["trees_recovery_token_delete"], {"email"=> user, "password" => pw})
def self.set_recovery_email(email, recovery)
post(["set_recovery_email"], {"email"=> email, "recovery_email" => recovery})
end
def self.generate_new_email_tokens(num)
post(["generate_new_email_tokens"], {"number"=> num})
end
def self.create_new_mailbox(email, pw, trees_enabled, new_email_token, keep_recovery_token)
def self.create_new_mailbox(email, pw, trees_enabled, new_email_token, recovery_email, keep_recovery_token)
post(["create_new_mailbox"], {"email" => email,
"password" => pw,
"trees_enabled" => trees_enabled,
"new_email_token" => new_email_token,
"recovery_email" => recovery_email,
"keep_recovery_token" => keep_recovery_token,
})
end
......
class RecoveryEmailController < ApplicationController
def show
if params[:recovery_email]
res = ApiBackend::set_recovery_email(current_user, params[:recovery_email])
if res && res['result'] == "success"
flash[:notice] = :success
redirect_to '/'
else
flash[:notice] = :failed
end
end
end
end
......@@ -56,7 +56,7 @@ class SignupController < ApplicationController
res = ApiBackend::create_new_mailbox(
full_email, @new_pw, @enable_trees, @token,
@keep_recovery_token == 'yes')
@recovery_email, @keep_recovery_token == 'yes')
if res && res['result'] == 'success'
flash.delete(:notice)
if @keep_recovery_token == 'no'
......
class TreesController < ApplicationController
def redirect
if trees_enabled?
if recovery_token_present? && !recovery_token
redirect_to '/trees_token/request'
else
def show
if params[:pass]
res = ApiBackend::trees_enable(current_user, params['pass'])
if res && res['result'] == 'success'
session[:trees_enabled] = true
flash[:notice] = :trees_enabled
redirect_to '/trees_token'
else
flash[:notice] = :trees_enable_failed
end
else
redirect_to '/trees/enable'
end
end
def enable
res = ApiBackend::trees_enable(current_user, params['pass'])
if res && res['result'] == 'success'
session[:trees_enabled] = true
session[:trees_token_present] = true
session[:trees_recovery_token] = res['trees_recovery_token']
flash[:notice] = :trees_enabled
else
flash[:notice] = :trees_enable_failed
end
redirect_to '/trees'
end
end
class TreesTokenController < ApplicationController
def fetch
if !recovery_token && params['pass']
res = ApiBackend::trees_token(current_user, params['pass'])
def show
if params[:pass]
res = ApiBackend::trees_token(current_user, params[:pass])
if res && res['result'] == "success"
session[:trees_recovery_token] = res['trees_recovery_token']
redirect_to '/trees_token'
return
flash.delete(:notice)
else
flash[:notice] = :get_token_failed
end
end
redirect_to '/trees'
end
def destroy
res = ApiBackend::trees_delete_token(current_user, params['pass'])
if res && res['result'] == 'success'
flash[:notice] = :token_cleared
session[:trees_token_present] = false
session[:trees_recovery_token] = nil
redirect_to '/index'
else
flash[:notice] = :clear_token_failed
redirect_to '/trees_token'
end
end
end
module RecoveryEmailHelper
end
......@@ -3,15 +3,16 @@
<li><%= link_to (t :change_password), password_path %>
<br /><%= t(:change_password_short_help) %>
</li>
<li><%= link_to (t :recovery_email) , recovery_email_path %>
<br /><%= t(:recovery_email_short_help) %>
</li>
<% if trees_enabled? %>
<li><%= link_to (t :app_passwords) , app_passwords_path %>
<br /><%= t(:app_passwords_short_help) %>
</li>
<% if recovery_token_present? %>
<li><%= link_to (t :recovery_token) , trees_path %>
<li><%= link_to (t :recovery_token) , trees_token_path %>
<br /><%= t(:trees_token_short_help) %>
</li>
<% end %>
<% else %>
<li><%= link_to (t :trees_settings) , trees_path %> (beta)
<br /><%= t(:enable_trees_short_help) %>
......
<h3><%= t :recovery_email %></h3>
<p>
<%= t :recovery_email_help %>
</p>
<%= form_tag("/recovery_email", method: "post") do %>
<%= label_tag(:recovery_email, (t :recovery_email)) %>
<%= text_field_tag(:recovery_email) %>
<br />
<%= submit_tag(t :submit) %>
<% end %>
......@@ -82,7 +82,7 @@
</td><td>
</td></tr>
</table>
<%= t :recovery_email_help %>
<%= t :recovery_email_short_help %>
<br />
<br />
......
......@@ -3,7 +3,7 @@
<%= t :encrypt_mailbox_help %>
<%= t :encrypt_mailbox_help_existing %>
</p>
<%= form_tag("/trees/enable", method: "post") do %>
<%= form_tag("/trees", method: "post") do %>
<%= label_tag(:pass, (t :password_for_enable)) %>
<%= password_field_tag(:pass) %>
<%= submit_tag(t :activate) %>
......
<h3><%= t :recovery_token %></h3>
<p>
<%= t :recovery_token_help %>
</p>
<%= form_tag("/trees_token/request", method: "post") do %>
<%= label_tag(:pass, (t :password_for_reveal)) %>
<%= password_field_tag(:pass) %>
<br />
<%= submit_tag(t :recovery_token_show) %>
<% end %>
<% if recovery_token %>
<h3><%= t :recovery_token %></h3>
<p>
<%= t :recovery_token_help %>
</p>
<b>Token</b> <div class="recovery-token"><%= recovery_token %></div>
<% if recovery_token %>
<p>
<%= t :recovery_token_help %>
</p>
<br>
<h3><%= t :clear_recovery_token %></h3>
<p>
<%= t :clear_recovery_token_help %>
</p>
<%= form_tag("/trees_token", method: "post") do %>
<%= label_tag(:pass, (t :password_for_clear)) %>
<%= password_field_tag(:pass) %>
<%= submit_tag(t :clear_token) %>
<% end %>
<b>Token</b> <div class="recovery-token"><%= recovery_token %></div>
<% else %>
<%= t :recovery_token_deleted %>
<p>
<%= t :recovery_token_help %>
</p>
<%= form_tag("/trees_token", method: "post") do %>
<%= label_tag(:pass, (t :password_for_reveal)) %>
<%= password_field_tag(:pass) %>
<br />
<%= submit_tag(t :recovery_token_show) %>
<% end %>
<% end %>
<br />
<%= link_to t(:back), '/' %>
......@@ -15,16 +15,11 @@ de:
encrypt_mailbox_help: "ACHTUNG: Diese Funktion ist erst im Testbetrieb. Es könnten Mails verloren gehen. Aktiviere diese Funktion, damit alle Emails verschlüsselt in deiner Mailbox abgelegt werden."
encrypt_mailbox_help_existing: "(Das gilt zZ. nur für neue Mails)"
recovery_token: "Sicherheits Token"
recovery_token_help: "Bewahre diesen Token sicher auf. Diesen kannst du uns schicken, wenn du dein Passwort vergessen hast, um ein neues zu setzen."
clear_recovery_token: "Token bestätigen und Kopie löschen"
clear_recovery_token_help: "Wenn du deinen Token sicher abgelegt hast, kannst du dies hier bestätigen. Danach vernichten wir unsere Kopie. Wir empfehlen diesen Schritt! ACHTUNG: Wenn du dein Passwort vergisst und den Token verlierst, sind alle Mails in deiner Mailbox verloren."
recovery_token_help: "Hier kannst du einen Token generieren, mit dem du deine verschlüsselten Mails wiederherstellen kannst, wenn du dein Passwort vergisst. Bewahre diesen Token sicher auf. Ohne Token können wir deine Mails nicht wiederherstellen, wenn du dein Passwort vergisst."
trees_enabled: "Verschlüsselung aktiviert"
token_cleared: "Token Kopie gelöscht"
clear_token: "Token Kopie löschen"
password_changed: "Passwort geändert"
login_failed: "Anmelden fehlgeschlagen"
login: "Anmelden"
recovery_token_deleted: "Kein Token hinterlegt"
recovery_token_show: "Token anzeigen"
pwstrength: "Passwortstärke"
password_change_mismatch: "Die eingegebenen Passwörter stimmen nicht überein"
......@@ -32,7 +27,6 @@ de:
password_policy_fail: "Das gewählte Passwort ist zu einfach zu erraten"
password_change_failed: "Passwortänderung fehlgeschlagen"
get_token_failed: "Token kann zur Zeit nicht angezeigt werden"
clear_token_failed: "Token kann zur Zeit nicht "
trees_enable_failed: "Verschlüsselung kann zur Zeit nicht aktiviert werden"
unlock: "entsperren"
update: "aktualisieren"
......@@ -56,8 +50,9 @@ de:
new_account_intro1: "Dein Konto ist erstellt! Hier ein paar infos"
new_account_intro_token: "Deine Mails sind mit deinem Passwort verschlüsselt. Wenn du es vergisst, brauchst du diesen Token, damit wir dein Passwort zurücksetzen können. Ansonsten können deine Mails nicht mehr gelesen werden. Kopiere das Token jetzt und bewahre es sicher auf, es kann später nicht mehr angezeigt werden!"
new_account_intro2: "Wir empfehlen dir im Webmail einen GPG Schlüssel zu erstellen. Die Anleitung findest du in unserem Willkommens Email, das du nun erhalten hast."
recovery_email: "Patin"
recovery_email_help: "Deine Patin kann für dich ein neues Passwort bestellen. Es muss eine Immerda email Adresse sein. Du das Feld leer lassen, oder später ändern."
recovery_email: "Backup Email"
recovery_email_help: "Du kannst hier bestimmen, von welcher Email Adresse aus du ein Passwort zurücksetzen kannst. Wenn du dies bereits getan hast, kannst du hier deine Entscheidung überschreiben. Zum entschlüsseln einer verschlüsselten Mailbox brauchst du zusätzlich einen Token."
recovery_email_short_help: "Von dieser Adresse aus kannst du dein Passwort zurücksetzen."
keep_recovery_token_help: "Beim Passwortverlust brauchst du ein Token, um deine Mailbox wiederherzustellen."
init_keep_token: "Ich kann jetzt gerade das Token nicht sicher aufbewahren und werde es später abholen."
init_delete_token: "Ich bewahre das Token selber auf."
......@@ -14,15 +14,12 @@ en:
encrypt_mailbox: "Encrypt Mailbox"
encrypt_mailbox_help: "WARNING: This feature is not stable yet and it might happen that mails become unreadable. Activate this option to encrypt all new incomming mails in your mailbox."
encrypt_mailbox_help_existing: "(Currently only applies to new incoming mails)"
clear_recovery_token: "Confirm Token and Delete Copy"
clear_recovery_token_help: "Once you have securely stored your token, you can confirm it here. We will erase our own copy of it. We hightly recommend to take this step! WARNING: If you forget your password and loose your token, all mails in your inbox will be lost."
trees_enabled: "Encryption activated"
token_cleared: "Token copy erased"
clear_token: "erase token copy"
password_changed: "Password changed"
login_failed: "Login failed"
login: "Login"
recovery_token_deleted: "No recovery token stored"
recovery_token_help: "Here you can generate a new recovery token. You can use the token to restore your encrypted emails if you forget your password. Please store it safely. Without token nor password we cannot restore your mails."
recovery_token_show: "Show token"
pwstrength: "Password strength"
password_change_mismatch: "The passwords do not match"
......@@ -30,7 +27,6 @@ en:
password_too_short: "The password is too short (min 10 characters)"
password_change_failed: "Password change failed"
get_token_failed: "Failed to display token"
clear_token_failed: "Failed to delete token"
trees_enable_failed: "Failed to enable encryption"
unlock: "unlock"
update: "update"
......@@ -50,3 +46,12 @@ en:
recovery_token_hint: "We recommend you to safely store your recovery token and clear our copy"
signup_success: "Account successfully created"
main_title: "Immerda Account Management"
new_account_intro1: "Your account is now ready! Here some things to consider"
new_account_intro_token: "Your mails are encrypted with your password. If you forget your password, you need your recovery token to gain access. If you do not have the token anymore, you mails cannot be recovered. Copy the token now and store it safely."
new_account_intro2: "We recommend you create a GPG key in the webmail. We sent you a welcome email with instructions."
recovery_email: "Recovery Email"
recovery_email_short_help: "You can request a new password from your recovery email address."
recovery_email_help: "You can set a recovery email here. From this address you can reset your password. If you already did this, then submitting it again, will override your former choice. For encrypted mailboxes you additionally need a token to recover the data."
keep_recovery_token_help: "You need this token to recover your data, when you forget your password."
init_keep_token: "Ich can't safely store the token right now. I will pick it up later."
init_delete_token: "Ich will safely store my token."
......@@ -2,13 +2,13 @@ Rails.application.routes.draw do
get '/password', to: 'password#show'
post '/password', to: 'password#update'
get '/trees', to: 'trees#redirect'
get '/trees/enable', to: 'trees#show'
post '/trees/enable', to: 'trees#enable'
get '/trees_token/request', to: 'trees_token#request'
post '/trees_token/request', to: 'trees_token#fetch'
get '/recovery_email', to: 'recovery_email#show'
post '/recovery_email', to: 'recovery_email#show'
get '/trees', to: 'trees#show'
post '/trees', to: 'trees#show'
get '/trees_token', to: 'trees_token#show'
post '/trees_token', to: 'trees_token#destroy'
post '/trees_token', to: 'trees_token#show'
get '/app_passwords', to: 'app_passwords#show'
post '/app_passwords', to: 'app_passwords#edit'
......
require 'test_helper'
class RecoveryEmailControllerTest < ActionDispatch::IntegrationTest
# test "the truth" do
# assert true
# end
end
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment