From 104982103d5f41748f81bb6aab8b5a9386d41ff0 Mon Sep 17 00:00:00 2001
From: Steve <stryan@saintnet.tech>
Date: Mon, 10 Apr 2023 17:51:49 -0400
Subject: [PATCH] add change password page

---
 ldap.go                          |  4 +--
 main.go                          |  5 +++
 reset.go                         | 30 +++++++++++++---
 templates/change_pass_front.html | 59 ++++++++++++++++++++++++++++++++
 templates/index.html             |  1 +
 web.go                           | 33 ++++++++++++++++++
 6 files changed, 126 insertions(+), 6 deletions(-)
 create mode 100644 templates/change_pass_front.html
diff --git a/ldap.go b/ldap.go
index 3e0f1c1..02cbf4a 100644
--- a/ldap.go
+++ b/ldap.go
@@ -119,7 +119,7 @@ func loginLDAPAccount(uname string, pwd string) error {
 	return nil
 }
 
-func resetLDAPAccountPassword(user string, newPass string) error {
+func resetLDAPAccountPassword(user string, oldPass, newPass string) error {
 	url := Conf.Ldap.Url
 	userdn := fmt.Sprintf("%v=%v,%v,%v", Conf.Ldap.UserAttr, user, Conf.Ldap.UserOu, Conf.Ldap.LdapDc)
 	binddn := fmt.Sprintf("%v,%v", Conf.Ldap.AdminUser, Conf.Ldap.LdapDc)
@@ -151,7 +151,7 @@ func resetLDAPAccountPassword(user string, newPass string) error {
 		err_text := fmt.Sprintf("Error finding login user: Wanted 1 result, got %v\n", len(result.Entries))
 		return errors.New(err_text)
 	}
-	passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, "", newPass)
+	passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, oldPass, newPass)
 	_, err = l.PasswordModify(passwordModifyRequest)
 
 	if err != nil {
diff --git a/main.go b/main.go
index 6c877ed..a23490a 100644
--- a/main.go
+++ b/main.go
@@ -45,6 +45,11 @@ func main() {
 	router.HandleFunc("/reset/form", reset).Methods("POST")
 	router.HandleFunc("/reset/success", resetSuccessPage).Methods("GET")
 	router.HandleFunc("/reset/error", resetErrorPage).Methods("GET")
+	router.HandleFunc("/change", changePageFront).Methods("GET")
+	router.HandleFunc("/change", change).Methods("POST")
+	router.HandleFunc("/change/success", changeSuccessPage).Methods("GET")
+	router.HandleFunc("/change/error", changeSuccessPage).Methods("GET")
+
 	log.Printf("Registering templates from %v/\n", Conf.TplPath)
 	tpl = template.Must(template.ParseGlob(Conf.TplPath + "/*"))
 	if Conf.UserTplPath != "" {
diff --git a/reset.go b/reset.go
index 163861a..b7476de 100644
--- a/reset.go
+++ b/reset.go
@@ -57,16 +57,38 @@ func reset(res http.ResponseWriter, req *http.Request) {
 		return
 	}
 	log.Printf("Attempting to reset password for %v", user)
-	err = resetLDAPAccountPassword(user, newPass)
+	err = resetLDAPAccountPassword(user, "", newPass)
 	if err == nil {
 		log.Printf("reset password for %v\n", user)
 		http.Redirect(res, req, "/reset/success", 302)
 		return
-	} else {
-		log.Printf("failed to reset password for %v:%v\n", user, err)
-		http.Redirect(res, req, "/reset/error", 302)
+	}
+	log.Printf("failed to reset password for %v:%v\n", user, err)
+	http.Redirect(res, req, "/reset/error", 302)
+	return
+
+}
+
+func change(res http.ResponseWriter, req *http.Request) {
+	oldPass := req.FormValue("old_password")
+	newPass := req.FormValue("new_password")
+
+	user := getUserName(req)
+	if user == "" {
+		log.Printf("Error changing password without a username\n")
+		http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
 		return
 	}
+	log.Printf("Attempting to change password for %v", user)
+	err := resetLDAPAccountPassword(user, oldPass, newPass)
+	if err != nil {
+		log.Printf("failed to change password for %v:%v\n", user, err)
+		http.Redirect(res, req, "/change/error", 302)
+		return
+	}
+	log.Printf("change password for %v\n", user)
+	http.Redirect(res, req, "/change/success", 302)
+	return
 
 }
 
diff --git a/templates/change_pass_front.html b/templates/change_pass_front.html
new file mode 100644
index 0000000..1197426
--- /dev/null
+++ b/templates/change_pass_front.html
@@ -0,0 +1,59 @@
+{{ define "change_password_page_front" }}
+{{ template "header" .}}
+<body>
+	<div>
+	<form method="POST" action="/change">
+	<table>
+		<tr>
+			<td>Current Password:</td>
+			<td><input type="password" id="old_password" name="old_password"</td>
+		</tr>
+		<tr>
+			<td>New Password:</td>
+			<td><input type="password" id="new_password" name="new_password" pattern="(?=.*\d)(?=.*[a-z]).{8,}" title="Must contain at least one number and at least 8 or more characters" required></td>
+		</tr>
+		<tr>
+			<td>Confirm New Password:</td>
+			<td><input type="password" name="confirm_password" id="confirm_password" onchange="check()"/></td>
+			<td><span id='message'></span></td>
+			<td><input type="checkbox" onclick="showPass()">Show Passwords</td>
+		<tr>
+			<td><input type="submit" value="Submit"></td>
+		</tr>
+	</table>
+</form> 
+</div>
+
+<div id="requirements">
+  <h3>Password must contain the following:</h3>
+  <p id="letter" class="invalid">A <b>lowercase</b> letter</p>
+  <p id="capital" class="invalid">A <b>capital (uppercase)</b> letter</p>
+  <p id="number" class="invalid">A <b>number</b></p>
+  <p id="length" class="invalid">Minimum <b>8 characters</b></p>
+</div>
+	<script>
+function check() {
+    if(document.getElementById('password').value ===
+            document.getElementById('confirm_password').value) {
+        document.getElementById('message').innerHTML = "Passwords match";
+    } else {
+        document.getElementById('message').innerHTML = "Passwords don't match";
+    }
+}
+function showPass() {
+	var x = document.getElementById("password");
+	if (x.type === "password") {
+		x.type = "text";
+	} else {
+		x.type = "password";
+	}
+	var x = document.getElementById("confirm_password");
+	if (x.type === "password") {
+		x.type = "text";
+	} else {
+		x.type = "password";
+	}
+}
+	</script>
+{{ template "footer" .}}
+{{ end }}
diff --git a/templates/index.html b/templates/index.html
index 45c88c6..ec1278c 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -2,6 +2,7 @@
 {{ template "header" .}}
 {{if .LoggedIn }}
 <p><a href="/token">Get Token</a></p>
+<p><a href="/change">Change Password</a></p>
 <p><a href="/profile/view">Profile</a></p>
 <p><a href="/minecraft">Minecraft Account Status</a></p>
 {{else}}
diff --git a/web.go b/web.go
index 7aa5896..5a4b50e 100644
--- a/web.go
+++ b/web.go
@@ -103,6 +103,39 @@ func minecraftLinkErrorPage(res http.ResponseWriter, req *http.Request) {
 	genericErrorPage(res, "Minecraft Link Failure", u, true, "Undefined", "link Minecraft account.")
 	return
 }
+
+func changePageFront(res http.ResponseWriter, req *http.Request) {
+	u := getUserName(req)
+	if u == "" {
+		http.Redirect(res, req, "/reset", 302)
+	}
+	data := struct {
+		Title    string
+		Username string
+		LoggedIn bool
+	}{
+		"Change Password",
+		u,
+		true,
+	}
+	tpl.ExecuteTemplate(res, "change_password_page_front", data)
+}
+
+func changeSuccessPage(res http.ResponseWriter, req *http.Request) {
+	log.Println("GET /change/success")
+	u := getUserName(req)
+
+	genericSuccessPage(res, "Change Password Success", u, false, "Succesfully Changed Password")
+	return
+}
+func changeErrorPage(res http.ResponseWriter, req *http.Request) {
+	log.Println("GET /change/error")
+	u := getUserName(req)
+
+	genericErrorPage(res, "Change Password Failure", u, false, "Undefined", "reset password")
+	return
+}
+
 func resetPageFront(res http.ResponseWriter, req *http.Request) {
 	log.Println("GET /reset")
 	u := getUserName(req)

Current Password:	+
New Password:
Confirm New Password:		Show Passwords