Password reset partially implemented.

4 files changed, 97 insertions, 0 deletions

diff --git a/main.go b/main.go
index 632bde1..22892ef 100644
--- a/main.go
+++ b/main.go
@@ -87,6 +87,7 @@ func main() {
 	router.HandleFunc("/logout", mkHttpHandler(logout, tplMsg))
 	router.HandleFunc("/delete-acc/yes", mkHttpHandler(deleteacc, tplMsg))
 	router.HandleFunc("/delete-acc", mkHttpHandler(deleteask, tplReallyDelete))
+	router.HandleFunc("/pwreset", mkHttpHandler(pwreset, tplPwreset))
 
 	http.Handle("/", router)
 
diff --git a/pwreset.go b/pwreset.go
new file mode 100644
index 0000000..92bbbc4
--- /dev/null
+++ b/pwreset.go
@@ -0,0 +1,77 @@
+package main
+
+import (
+	"code.google.com/p/go.crypto/bcrypt"
+	"github.com/gorilla/sessions"
+	"kch42.de/gostuff/mailremind/model"
+	"log"
+	"net/http"
+)
+
+type pwresetTpldata struct {
+	Error, Success, Code, UID string
+}
+
+func pwreset(user model.User, sess *sessions.Session, req *http.Request) interface{} {
+	if err := req.ParseForm(); err != nil {
+		return &pwresetTpldata{Error: "Could not understand formdata."}
+	}
+
+	code := req.FormValue("Code")
+	_uid := req.FormValue("U")
+	pw1 := req.FormValue("Password")
+	pw2 := req.FormValue("PasswordAgain")
+
+	if code == "" {
+		return &pwresetTpldata{Error: "Wrong password reset code"}
+	}
+
+	uid, err := db.ParseDBID(_uid)
+	if err != nil {
+		return &pwresetTpldata{Error: "Invalid user ID"}
+	}
+
+	if user, err = dbcon.UserByID(uid); err != nil {
+		return &pwresetTpldata{Error: "User not found"}
+	}
+
+	if user.ActivationCode() != code {
+		return &pwresetTpldata{Error: "Wrong activation code"}
+	}
+
+	outdata := &pwresetTpldata{UID: _uid, Code: code}
+
+	if req.Method != "POST" {
+		return outdata
+	}
+
+	if pw1 == "" {
+		outdata.Error = "Password must not be empty."
+		return outdata
+	}
+
+	if pw1 != pw2 {
+		outdata.Error = "Passwords are not identical."
+		return outdata
+	}
+
+	hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost)
+	if err != nil {
+		log.Printf("Could not has password: %s", err)
+		outdata.Error = "Failed hashing you password. If this happens again, please contact support."
+		return outdata
+	}
+
+	if err := user.SetPWHash(hash); err != nil {
+		log.Printf("Error while storing new password: %s", err)
+		outdata.Error = "Could not store password. If this happens again, please contact support."
+		return outdata
+	}
+
+	if err := user.SetActivationCode(""); err != nil {
+		log.Printf("Error resetting acCode: %s", err)
+	}
+
+	outdata.Success = "Password was changed"
+	return outdata
+}
diff --git a/tpls.go b/tpls.go
index eefa25d..b05ce19 100644
--- a/tpls.go
+++ b/tpls.go
@@ -21,6 +21,7 @@ var (
 	tplMsg          *template.Template
 	tplLogin        *template.Template
 	tplReallyDelete *template.Template
+	tplPwreset      *template.Template
 )
 
 func initTpls() {
@@ -33,6 +34,7 @@ func initTpls() {
 	tplMsg = loadTpl(tplpath, "msg")
 	tplLogin = loadTpl(tplpath, "login")
 	tplReallyDelete = loadTpl(tplpath, "reallydelete")
+	tplPwreset = loadTpl(tplpath, "pwreset")
 }
 
 type msgTpldata struct {
diff --git a/tpls/pwreset.tpl b/tpls/pwreset.tpl
new file mode 100644
index 0000000..085f5cf
--- /dev/null
+++ b/tpls/pwreset.tpl
@@ -0,0 +1,17 @@
+{{define "title"}}Reset Password{{end}}
+
+{{define "content"}}
+	{{if .Success}}
+		<div class="success">{{.Success}}</div>
+	{{else}}
+		{{if .Error}}
+			<div class="error">{{.Error}}</div>
+		{{end}}
+		
+		<form action="/pwreset?Code={{.Code}}&amp;U={{.UID}}" method="post" accept-charset="UTF-8">
+			<p><strong>Password:</strong> <input type="password" name="Password" /></p>
+			<p><strong>Retype Password:</strong> <input type="password" name="PasswordAgain" /></p>
+			<p><input type="submit" /></p>
+		</form>
+	{{end}}
+{{end}}
\ No newline at end of file