guildgate/reset.go

101 lines
2.9 KiB
Go
Raw Permalink Normal View History

2020-09-22 18:21:01 -04:00
package main
import (
"bytes"
"fmt"
"log"
"net/http"
"net/url"
2020-09-22 18:21:01 -04:00
"gopkg.in/gomail.v2"
)
func resetLookup(res http.ResponseWriter, req *http.Request) {
log.Println("POST /reset")
2020-09-22 18:21:01 -04:00
email := req.FormValue("email")
uname, err := findLDAPAccountByEmail(email)
if err != nil {
log.Printf("Error while looking up account to email password reset to: %v\n. Account may not exist", err)
http.Redirect(res, req, "/reset/form", 303)
2020-09-22 18:21:01 -04:00
}
if uname == "" {
log.Printf("Error while looking up account to email password reset to: %v\n", err)
http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
log.Printf("Found user %v, generating password token\n", uname)
token, err := generatePasswordToken(uname)
2020-09-22 18:21:01 -04:00
fmt.Println(token)
if err != nil {
log.Printf("Error generating password token %v\n", err)
http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
log.Printf("Sending password reset email to %v\n", email)
2021-02-21 19:39:47 -05:00
go func() {
2020-09-22 18:21:01 -04:00
err = sendMail(email, uname, token)
if err != nil {
log.Printf("Error sending password reset email %v\n", err)
http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
}
2021-02-21 19:39:47 -05:00
}()
2020-09-22 18:21:01 -04:00
log.Println("Redirecting to next part of password reset")
http.Redirect(res, req, "/reset/form", 303)
2020-09-22 18:21:01 -04:00
}
func reset(res http.ResponseWriter, req *http.Request) {
token := req.FormValue("token")
newPass := req.FormValue("new_password")
user, err := validateToken(token, true)
2020-09-22 18:21:01 -04:00
if err != nil {
log.Printf("Error validing password reset token: %v\n", err)
http.Redirect(res, req, "/reset/error", 302)
2020-09-22 18:21:01 -04:00
return
}
if user == "" {
log.Printf("Error resetting password without a username\n")
http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
return
}
log.Printf("Attempting to reset password for %v", user)
err = resetLDAPAccountPassword(user, newPass)
if err == nil {
log.Printf("reset password for %v\n", user)
http.Redirect(res, req, "/reset/success", 302)
2020-09-22 18:21:01 -04:00
return
} else {
log.Printf("failed to reset password for %v:%v\n", user, err)
http.Redirect(res, req, "/reset/error", 302)
2020-09-22 18:21:01 -04:00
return
}
}
func sendMail(recp string, uname string, token string) error {
data := struct {
Recipient string
Name string
Token string
TokenURL string
2020-09-22 18:21:01 -04:00
}{
Recipient: recp,
Name: uname,
Token: token,
TokenURL: url.QueryEscape(token),
2020-09-22 18:21:01 -04:00
}
m := gomail.NewMessage()
m.SetHeader("From", Conf.Mail.Username)
m.SetHeader("To", recp)
m.SetHeader("Subject", "Identity Server Password Reset")
msg := new(bytes.Buffer)
tpl.ExecuteTemplate(msg, "reset_pass", data)
m.SetBody("text/plain", string(msg.Bytes()))
d := gomail.NewDialer(Conf.Mail.SmtpServer, Conf.Mail.SmtpPort, Conf.Mail.Username, Conf.Mail.Password)
if err := d.DialAndSend(m); err != nil {
return err
}
return nil
}