dudeswave/src/dudeswave_app.erl

@@ -18,6 +18,8 @@
 
 -export([bootstrap/3, start/2, stop/1]).
 
+-include_lib("dudeswave/include/defines.hrl").
+
 start(_Type, StartArgs) ->
 	crypto:rand_seed(),
 
@@ -36,7 +38,6 @@ start(_Type, StartArgs) ->
 
 	Dispatch = cowboy_router:compile([
 	    {'_', [
-	        {"/api/v1/auth", dudeswave_auth_handler, #{}},
 	        {"/api/v1/user", dudeswave_user_handler, #{}},
 	        {"/", dudeswave_handler, #{}}
 	    ]}

dudeswave/src/dudeswave_auth.erl

@@ -17,8 +17,8 @@
 -moduledoc """
 Dudes users management module.
 
-Here lives all the functions for the APIs needed to create, update and delete
-users from the dudeswave database.
+Here lives all the functions needed to create, update and delete users
+from the dudeswave database.
 """.
 
 -include_lib("dudeswave/include/defines.hrl").
@@ -59,7 +59,7 @@ authenticate(User, {cookie, Cookie}) ->
 		{ok, [R]} ->
 			CurTime = calendar:now_to_universal_time(erlang:timestamp()),
 			CookieTime = R#object.value,
-			{user, CookieUser} = proplists:lookup(user, R#object.metadata),
+			CookieUser = lists:keyfind(user, 1, R#object.metadata),
 
 			if
 				CookieTime >= CurTime ->
@@ -83,14 +83,11 @@ authenticate(User, {password, Password}) ->
 				    erlang:system_time(seconds) + ?DEFVALIDITY * 86400
 			end,
 
-			{hash, Hash} = proplists:lookup(hash, R#object.metadata),
-			{salt, Salt} = proplists:lookup(salt, R#object.metadata),
-			{approved, Appr} = proplists:lookup(approved, R#object.metadata),
-
+			{ok, Hash} = lists:keyfind(hash, 1, R#object.metadata),
+			{ok, Salt} = lists:keyfind(salt, 1, R#object.metadata),
 			Auth = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
 
 			if
-				Appr =/= true -> false;
 				Auth =:= Hash ->
 					Cookie = base64:encode(rand:bytes(64)),
 					case storage:write(?COOKIESBUCK, <<Cookie/binary>>,
@@ -126,7 +123,7 @@ Invalidate and delete `Cookie` associated with `User` from the system.
 logout(User, Cookie) ->
 	case storage:read(?COOKIESBUCK, Cookie) of
 		{ok, [R]} ->
-			{user, User} = proplists:lookup(user, R#object.metadata),
+			{user, User} = lists:keyfind(user, 1, R#object.metadata),
 			storage:delete(?COOKIESBUCK, Cookie);
 		{ok, []} ->
 			{error, not_found};
@@ -174,7 +171,8 @@ Spec:
 The `User` is created, and stored in the application's users bucket
 `Password` is salted and hashed with SHA256 before being stored.
 
-The new user is saved with a metadata `approved` of `false`,
+The new user is saved with a metadata `status` of `waiting_confirmation`,
+based on the application settings, the confirmation method may vary.
 """.
 -spec new(User, Password, Email) -> ok | {error, Reason} when
 	User :: binary(),
@@ -187,7 +185,7 @@ new(User, Password, Email) ->
 	Hash = crypto:hash(sha256, <<Password/binary, Salt/binary>>),
 
 	Data = #{<<"email">> => Email},
-	Metadata = [{salt, Salt}, {hash, Hash}, {approved, false}],
+	Metadata = [{salt, Salt}, {hash, Hash}, {status, waiting_confirmation}],
 
 	storage:write(?USERSBUCK, User, Data, Metadata).
 
@@ -297,7 +295,7 @@ invalidate_cookies(Req) ->
 	Req1.
 
 -doc """
-Set the authentication cookies for the provided client request
+Set the authentication cookies for the provided clien request
 
 Spec:
 

dudeswave/src/dudeswave_user_handler.erl

@@ -17,6 +17,14 @@
 -moduledoc """
 JSON API to manage users.
 
+The username is passed in a cookie. The handler recover it from the
+session. Cookies are:
+
+```
+dudename: the actual username
+dudeauth: the authentication cookie
+```
+
 If the session is not valid, all the requests will return `403 Forbidden` to
 the client. In case a technical problem occurs, `500 Internal Server Error`
 is returned.