New verification method for DOI requests

Instead of sending the user's token in encrypted form, we send the same
information as the other URL parameters (username and repo path) in
encrypted form for verification.

routes/doi.go

@@ -19,8 +19,10 @@ func RequestDOI(c *context.Context) {
 		c.Status(http.StatusUnauthorized)
 		return
 	}
-	token := c.GetCookie(setting.SessionConfig.CookieName)
-	token, err := encrypt([]byte(setting.DOI.Key), token)
+
+	repo := c.Repo.Repository.FullName()
+	username := c.User.Name
+	verification, err := encrypt([]byte(setting.DOI.Key), repo+username)
 	if err != nil {
 		log.Error(2, "Could not encrypt token for DOI request: %s", err)
 		c.Status(http.StatusInternalServerError)
@@ -32,9 +34,9 @@ func RequestDOI(c *context.Context) {
 	}
 
 	params := url.Values{}
-	params.Add("repo", c.Repo.Repository.FullName())
-	params.Add("user", c.User.Name)
-	params.Add("token", token)
+	params.Add("repo", repo)
+	params.Add("user", username)
+	params.Add("verification", verification)
 	doiurl.RawQuery = params.Encode()
 	target, _ := url.PathUnescape(doiurl.String())
 	log.Trace(target)