diff --git a/ldap.go b/ldap.go index 3e0f1c1..02cbf4a 100644 --- a/ldap.go +++ b/ldap.go @@ -119,7 +119,7 @@ func loginLDAPAccount(uname string, pwd string) error { return nil } -func resetLDAPAccountPassword(user string, newPass string) error { +func resetLDAPAccountPassword(user string, oldPass, newPass string) error { url := Conf.Ldap.Url userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, user, Conf.Ldap.UserOu, Conf.Ldap.LdapDc) binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc) @@ -151,7 +151,7 @@ func resetLDAPAccountPassword(user string, newPass string) error { err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries)) return errors.New(err_text) } - passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, "", newPass) + passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, oldPass, newPass) _, err = l.PasswordModify(passwordModifyRequest) if err != nil { diff --git a/main.go b/main.go index 6c877ed..a23490a 100644 --- a/main.go +++ b/main.go @@ -45,6 +45,11 @@ func main() { router.HandleFunc("/reset/form", reset).Methods("POST") router.HandleFunc("/reset/success", resetSuccessPage).Methods("GET") router.HandleFunc("/reset/error", resetErrorPage).Methods("GET") + router.HandleFunc("/change", changePageFront).Methods("GET") + router.HandleFunc("/change", change).Methods("POST") + router.HandleFunc("/change/success", changeSuccessPage).Methods("GET") + router.HandleFunc("/change/error", changeSuccessPage).Methods("GET") + log.Printf("Registering templates from %v/\n", Conf.TplPath) tpl = template.Must(template.ParseGlob(Conf.TplPath + "/*")) if Conf.UserTplPath != "" { diff --git a/reset.go b/reset.go index 163861a..b7476de 100644 --- a/reset.go +++ b/reset.go @@ -57,16 +57,38 @@ func reset(res http.ResponseWriter, req *http.Request) { return } log.Printf("Attempting to reset password for %v", user) - err = resetLDAPAccountPassword(user, newPass) + err = resetLDAPAccountPassword(user, "", newPass) if err == nil { log.Printf("reset password for %v\n", user) http.Redirect(res, req, "/reset/success", 302) return - } else { - log.Printf("failed to reset password for %v:%v\n", user, err) - http.Redirect(res, req, "/reset/error", 302) + } + log.Printf("failed to reset password for %v:%v\n", user, err) + http.Redirect(res, req, "/reset/error", 302) + return + +} + +func change(res http.ResponseWriter, req *http.Request) { + oldPass := req.FormValue("old_password") + newPass := req.FormValue("new_password") + + user := getUserName(req) + if user == "" { + log.Printf("Error changing password without a username\n") + http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } + log.Printf("Attempting to change password for %v", user) + err := resetLDAPAccountPassword(user, oldPass, newPass) + if err != nil { + log.Printf("failed to change password for %v:%v\n", user, err) + http.Redirect(res, req, "/change/error", 302) + return + } + log.Printf("change password for %v\n", user) + http.Redirect(res, req, "/change/success", 302) + return } diff --git a/templates/change_pass_front.html b/templates/change_pass_front.html new file mode 100644 index 0000000..1197426 --- /dev/null +++ b/templates/change_pass_front.html @@ -0,0 +1,59 @@ +{{ define "change_password_page_front" }} +{{ template "header" .}} +
+A lowercase letter
+A capital (uppercase) letter
+A number
+Minimum 8 characters
+