diff --git a/main.go b/main.go index b8e33b1..c7b8eae 100644 --- a/main.go +++ b/main.go @@ -14,6 +14,7 @@ var tpl *template.Template var cookieHandler = securecookie.New( securecookie.GenerateRandomKey(64), securecookie.GenerateRandomKey(32)) +var passwordTokenSet map[string]bool func main() { Conf, _ = LoadConfig() @@ -54,6 +55,7 @@ func main() { Conf.MaxID = i log.Printf("Max employeeNumber set to %v\n", Conf.MaxID) } + passwordTokenSet = make(map[string]bool) log.Printf("Guildgate starting on %v\n", Conf.Port) if Conf.Tls { log.Printf("Starting TLS\n") diff --git a/reset.go b/reset.go index bdb344d..163861a 100644 --- a/reset.go +++ b/reset.go @@ -5,6 +5,7 @@ import ( "fmt" "log" "net/http" + "net/url" "gopkg.in/gomail.v2" ) @@ -23,7 +24,7 @@ func resetLookup(res http.ResponseWriter, req *http.Request) { return } log.Printf("Found user %v, generating password token\n", uname) - token, err := generateToken(uname) + token, err := generatePasswordToken(uname) fmt.Println(token) if err != nil { log.Printf("Error generating password token %v\n", err) @@ -44,7 +45,7 @@ func reset(res http.ResponseWriter, req *http.Request) { token := req.FormValue("token") newPass := req.FormValue("new_password") - user, err := validateToken(token) + user, err := validateToken(token, true) if err != nil { log.Printf("Error validing password reset token: %v\n", err) http.Redirect(res, req, "/reset/error", 302) @@ -74,10 +75,12 @@ func sendMail(recp string, uname string, token string) error { Recipient string Name string Token string + TokenURL string }{ Recipient: recp, Name: uname, Token: token, + TokenURL: url.QueryEscape(token), } m := gomail.NewMessage() diff --git a/session.go b/session.go index 8d9db32..95f1015 100644 --- a/session.go +++ b/session.go @@ -47,7 +47,7 @@ func signup(res http.ResponseWriter, req *http.Request) { if Conf.Secret != "" && Conf.Secret != secret { //Checking it as a token - _, err := validateToken(secret) + _, err := validateToken(secret, false) if err != nil { log.Printf("Bad secret entered: %v\n", err) genericErrorPage(res, "User Creation Failure", "Unregistered", false, "Invalid Secret Token.", "to create account") diff --git a/templates/register.html b/templates/register.html index 6eb140a..0ef0c5d 100644 --- a/templates/register.html +++ b/templates/register.html @@ -19,9 +19,10 @@