+22

lib/ATProto/PDS/API/Helpers.pm

reviewed

··· 15 15 our @EXPORT_OK = qw( 16 16 account_view 17 17 find_account 18 18 + issue_account_action_token 18 19 invite_code_view 19 20 require_admin 20 21 subject_key ··· 69 70 } 70 71 71 72 return undef; 73 73 + } 74 74 + 75 75 + sub issue_account_action_token ($c, $account, %args) { 76 76 + return undef unless $account; 77 77 + my $token = $c->store->create_action_token( 78 78 + did => $account->{did}, 79 79 + email => $account->{email}, 80 80 + purpose => $args{purpose}, 81 81 + expires_at => $args{expires_at} // (time + 3600), 82 82 + ); 83 83 + if (defined($account->{email}) && length($account->{email})) { 84 84 + $c->store->log_outbound_email( 85 85 + recipient_did => $account->{did}, 86 86 + recipient_email => $account->{email}, 87 87 + subject => $args{subject}, 88 88 + content => ref($args{content}) eq 'CODE' 89 89 + ? $args{content}->($token) 90 90 + : $args{content}, 91 91 + ); 92 92 + } 93 93 + return $token; 72 94 } 73 95 74 96 sub account_view ($account) {

+7 -12

lib/ATProto/PDS/API/Misc.pm

reviewed

··· 8 8 use Exporter 'import'; 9 9 use JSON::PP (); 10 10 11 11 - use ATProto::PDS::API::Helpers qw(find_account require_admin subject_key); 11 11 + use ATProto::PDS::API::Helpers qw(find_account issue_account_action_token require_admin subject_key); 12 12 use ATProto::PDS::API::Server qw(require_auth); 13 13 use ATProto::PDS::API::Util qw(flatten_params iso8601 pump_event_subscription subscription_start_seq xrpc_error); 14 14 use ATProto::PDS::Auth::Password qw(hash_password random_hex); ··· 59 59 my (undef, $account) = require_auth($c, audience => 'access'); 60 60 xrpc_error(400, 'InvalidRequest', 'account does not have an email address') 61 61 unless defined($account->{email}) && length($account->{email}); 62 62 - my $token = $c->store->create_action_token( 63 63 - did => $account->{did}, 64 64 - email => $account->{email}, 65 65 - purpose => 'plc_operation', 66 66 - expires_at => time + 3600, 67 67 - ); 68 68 - $c->store->log_outbound_email( 69 69 - recipient_did => $account->{did}, 70 70 - recipient_email => $account->{email}, 71 71 - subject => 'PLC update requested', 72 72 - content => "Use token $token->{token} to authorize your PLC operation.", 62 62 + issue_account_action_token( 63 63 + $c, 64 64 + $account, 65 65 + purpose => 'plc_operation', 66 66 + subject => 'PLC update requested', 67 67 + content => sub ($token) { "Use token $token->{token} to authorize your PLC operation." }, 73 68 ); 74 69 return {}; 75 70 });

+5 -26

lib/ATProto/PDS/API/Server.pm

reviewed

··· 8 8 use Exporter 'import'; 9 9 use JSON::PP (); 10 10 11 11 - use ATProto::PDS::API::Helpers qw(find_account invite_code_view require_admin verify_account_password verify_login_password); 11 11 + use ATProto::PDS::API::Helpers qw(find_account invite_code_view issue_account_action_token require_admin verify_account_password verify_login_password); 12 12 use ATProto::PDS::API::Util qw(iso8601 xrpc_error); 13 13 use ATProto::PDS::Auth::JWT qw(decode_jwt encode_jwt encode_service_jwt); 14 14 use ATProto::PDS::Auth::Password qw(hash_password random_hex); ··· 338 338 my $body = $c->req->json || {}; 339 339 my $account = $c->store->get_account_by_email($body->{email} // q()); 340 340 if ($account) { 341 341 - _issue_account_action_token( 341 341 + issue_account_action_token( 342 342 $c, 343 343 $account, 344 344 purpose => 'password_reset', ··· 376 376 $registry->register('com.atproto.server.requestEmailConfirmation', sub ($c, $endpoint) { 377 377 my (undef, $account) = require_auth($c, audience => 'access'); 378 378 return {} unless $account->{email}; 379 379 - _issue_account_action_token( 379 379 + issue_account_action_token( 380 380 $c, 381 381 $account, 382 382 purpose => 'email_confirm', ··· 410 410 my (undef, $account) = require_auth($c, audience => 'access'); 411 411 my $token_required = defined $account->{email_confirmed_at} ? 1 : 0; 412 412 if ($token_required) { 413 413 - _issue_account_action_token( 413 413 + issue_account_action_token( 414 414 $c, 415 415 $account, 416 416 purpose => 'email_update', ··· 447 447 448 448 $registry->register('com.atproto.server.requestAccountDelete', sub ($c, $endpoint) { 449 449 my (undef, $account) = require_auth($c, audience => 'access', required_scope => 'full'); 450 450 - _issue_account_action_token( 450 450 + issue_account_action_token( 451 451 $c, 452 452 $account, 453 453 purpose => 'account_delete', ··· 762 762 return undef unless defined $email && length $email; 763 763 return undef unless $c->config_value('testing_auto_confirm_email', 1); 764 764 return time; 765 765 - } 766 766 - 767 767 - sub _issue_account_action_token ($c, $account, %args) { 768 768 - return undef unless $account; 769 769 - my $token = $c->store->create_action_token( 770 770 - did => $account->{did}, 771 771 - email => $account->{email}, 772 772 - purpose => $args{purpose}, 773 773 - expires_at => $args{expires_at} // (time + 3600), 774 774 - ); 775 775 - if (defined($account->{email}) && length($account->{email})) { 776 776 - $c->store->log_outbound_email( 777 777 - recipient_did => $account->{did}, 778 778 - recipient_email => $account->{email}, 779 779 - subject => $args{subject}, 780 780 - content => ref($args{content}) eq 'CODE' 781 781 - ? $args{content}->($token) 782 782 - : $args{content}, 783 783 - ); 784 784 - } 785 785 - return $token; 786 765 } 787 766 788 767 sub _require_action_token ($c, %args) {