Password reset feature

1 files changed, 42 insertions, 0 deletions

diff --git a/src/user.clj b/src/user.clj
new file mode 100644
index 0000000..9d3060f
--- /dev/null
+++ b/src/user.clj
@@ -0,0 +1,42 @@
+(ns user
+  (:use compojure
+        utils))
+
+(def *nick-regex* #"^[A-Za-z0-9\-_∆˚†]*$")
+
+(defn is-invalid-nick? [n]
+  (cond
+   (< (count n) 3) "NICK_TOO_SHORT"
+   (not (re-matches *nick-regex* n)) "NICK_INVALID_CHARS"))
+
+(defn fetch-nick [nick]
+  (let [q1 "SELECT * FROM users WHERE nick = ? LIMIT 1"
+        ; ORDER BY ensures consistent retrieval of ambiguious names
+        q2 "SELECT * FROM users WHERE lower(nick) = ? ORDER BY nick LIMIT 1"]
+    (or (first-or-nil (do-select [q1 nick]))
+        (first-or-nil (do-select [q2 (lower-case nick)])))))
+
+(defn authorize-nick-hash [nick hash]
+  (let [db-user (fetch-nick nick)]
+    (and db-user (= (db-user :hash) hash) db-user)))
+
+(defn update-nick-hash [nick hash]
+  (if (not (assert-update
+            (do-update :users ["nick=?" nick]
+                       {:hash hash})))
+    ; TODO: logging
+    (println (format "Error updating hash for %s" nick))))
+
+
+(defn reset-token [nick hash ts]
+  (sha1-hash nick hash ts))
+
+(defn reset-link [nick token ts]
+  (url-params "http://dump.fm/reset" {"nick"  nick
+                                      "ts"    ts
+                                      "token" token}))
+
+(defn valid-reset-link? [nick token ts]
+  (if-let [info (fetch-nick nick)]
+    (and (= token (reset-token (info :nick) (info :hash) ts))
+         (>= ts (ms-ago (days 2))))))
\ No newline at end of file