From 11ec26feeabced25281b8637f928a8096690c54b Mon Sep 17 00:00:00 2001 From: Kevin Chabowski Date: Fri, 30 Aug 2013 16:58:52 +0200 Subject: Password reset partially implemented. --- main.go | 1 + pwreset.go | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ tpls.go | 2 ++ tpls/pwreset.tpl | 17 +++++++++++++ 4 files changed, 97 insertions(+) create mode 100644 pwreset.go create mode 100644 tpls/pwreset.tpl diff --git a/main.go b/main.go index 632bde1..22892ef 100644 --- a/main.go +++ b/main.go @@ -87,6 +87,7 @@ func main() { router.HandleFunc("/logout", mkHttpHandler(logout, tplMsg)) router.HandleFunc("/delete-acc/yes", mkHttpHandler(deleteacc, tplMsg)) router.HandleFunc("/delete-acc", mkHttpHandler(deleteask, tplReallyDelete)) + router.HandleFunc("/pwreset", mkHttpHandler(pwreset, tplPwreset)) http.Handle("/", router) diff --git a/pwreset.go b/pwreset.go new file mode 100644 index 0000000..92bbbc4 --- /dev/null +++ b/pwreset.go @@ -0,0 +1,77 @@ +package main + +import ( + "code.google.com/p/go.crypto/bcrypt" + "github.com/gorilla/sessions" + "kch42.de/gostuff/mailremind/model" + "log" + "net/http" +) + +type pwresetTpldata struct { + Error, Success, Code, UID string +} + +func pwreset(user model.User, sess *sessions.Session, req *http.Request) interface{} { + if err := req.ParseForm(); err != nil { + return &pwresetTpldata{Error: "Could not understand formdata."} + } + + code := req.FormValue("Code") + _uid := req.FormValue("U") + pw1 := req.FormValue("Password") + pw2 := req.FormValue("PasswordAgain") + + if code == "" { + return &pwresetTpldata{Error: "Wrong password reset code"} + } + + uid, err := db.ParseDBID(_uid) + if err != nil { + return &pwresetTpldata{Error: "Invalid user ID"} + } + + if user, err = dbcon.UserByID(uid); err != nil { + return &pwresetTpldata{Error: "User not found"} + } + + if user.ActivationCode() != code { + return &pwresetTpldata{Error: "Wrong activation code"} + } + + outdata := &pwresetTpldata{UID: _uid, Code: code} + + if req.Method != "POST" { + return outdata + } + + if pw1 == "" { + outdata.Error = "Password must not be empty." + return outdata + } + + if pw1 != pw2 { + outdata.Error = "Passwords are not identical." + return outdata + } + + hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost) + if err != nil { + log.Printf("Could not has password: %s", err) + outdata.Error = "Failed hashing you password. If this happens again, please contact support." + return outdata + } + + if err := user.SetPWHash(hash); err != nil { + log.Printf("Error while storing new password: %s", err) + outdata.Error = "Could not store password. If this happens again, please contact support." + return outdata + } + + if err := user.SetActivationCode(""); err != nil { + log.Printf("Error resetting acCode: %s", err) + } + + outdata.Success = "Password was changed" + return outdata +} diff --git a/tpls.go b/tpls.go index eefa25d..b05ce19 100644 --- a/tpls.go +++ b/tpls.go @@ -21,6 +21,7 @@ var ( tplMsg *template.Template tplLogin *template.Template tplReallyDelete *template.Template + tplPwreset *template.Template ) func initTpls() { @@ -33,6 +34,7 @@ func initTpls() { tplMsg = loadTpl(tplpath, "msg") tplLogin = loadTpl(tplpath, "login") tplReallyDelete = loadTpl(tplpath, "reallydelete") + tplPwreset = loadTpl(tplpath, "pwreset") } type msgTpldata struct { diff --git a/tpls/pwreset.tpl b/tpls/pwreset.tpl new file mode 100644 index 0000000..085f5cf --- /dev/null +++ b/tpls/pwreset.tpl @@ -0,0 +1,17 @@ +{{define "title"}}Reset Password{{end}} + +{{define "content"}} + {{if .Success}} +
{{.Success}}
+ {{else}} + {{if .Error}} +
{{.Error}}
+ {{end}} + +
+

Password:

+

Retype Password:

+

+
+ {{end}} +{{end}} \ No newline at end of file -- cgit v1.2.3-54-g00ecf