From d4fe97a9a5437d71a5a29f413ba7be6efe5f7da3 Mon Sep 17 00:00:00 2001
From: Kevin Chabowski <kevin@kch42.de>
Date: Fri, 30 Aug 2013 22:53:59 +0200
Subject: Password reset implemented

---
 mails.go          | 24 +++++++++++++++++++++++-
 mails/pwreset.tpl |  8 ++++++++
 main.go           |  1 +
 pwreset.go        | 36 ++++++++++++++++++++++++++++++++++++
 tpls.go           |  2 ++
 tpls/forgotpw.tpl | 16 ++++++++++++++++
 tpls/login.tpl    |  1 +
 7 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 mails/pwreset.tpl
 create mode 100644 tpls/forgotpw.tpl

diff --git a/mails.go b/mails.go
index 5e5a6dc..f4d6db5 100644
--- a/mails.go
+++ b/mails.go
@@ -18,7 +18,10 @@ func loadMailTpl(tplroot, name string) *template.Template {
 	return tpl
 }
 
-var mailActivationcode *template.Template
+var (
+	mailActivationcode *template.Template
+	mailPwreset        *template.Template
+)
 
 func initMails() {
 	tplroot, err := conf.GetString("paths", "mailtpls")
@@ -27,6 +30,7 @@ func initMails() {
 	}
 
 	mailActivationcode = loadMailTpl(tplroot, "activationcode")
+	mailPwreset = loadMailTpl(tplroot, "pwreset")
 }
 
 type activationcodeData struct {
@@ -50,3 +54,21 @@ func SendActivationcode(to, acCode string, uid model.DBID) bool {
 
 	return Mail(to, MailFrom, buf.Bytes())
 }
+
+func SendPwresetLink(to, code string, uid model.DBID) bool {
+	buf := new(bytes.Buffer)
+	fmt.Fprintf(buf, "To: %s\n", to)
+	fmt.Fprintf(buf, "From: %s\n", MailFrom)
+	fmt.Fprintf(buf, "Subject: Password reset request for your mailremind account\n")
+	fmt.Fprintf(buf, "Date: %s\n", time.Now().Format(time.RFC822))
+
+	fmt.Fprintln(buf, "")
+
+	url := fmt.Sprintf("%s/pwreset?U=%s&Code=%s", baseurl, uid, code)
+	if err := mailPwreset.Execute(buf, activationcodeData{url}); err != nil {
+		log.Printf("Error while executing mail template (pwreset): %s", err)
+		return false
+	}
+
+	return Mail(to, MailFrom, buf.Bytes())
+}
diff --git a/mails/pwreset.tpl b/mails/pwreset.tpl
new file mode 100644
index 0000000..49ce391
--- /dev/null
+++ b/mails/pwreset.tpl
@@ -0,0 +1,8 @@
+Hi,
+
+You (or someone else) requested a password reset for your mailremind
+account. Go to this URL, if you want to reset the password:
+
+	{{.URL}}
+
+If you didn't request a reset, you can ignore this message.
diff --git a/main.go b/main.go
index 22892ef..58d71c7 100644
--- a/main.go
+++ b/main.go
@@ -88,6 +88,7 @@ func main() {
 	router.HandleFunc("/delete-acc/yes", mkHttpHandler(deleteacc, tplMsg))
 	router.HandleFunc("/delete-acc", mkHttpHandler(deleteask, tplReallyDelete))
 	router.HandleFunc("/pwreset", mkHttpHandler(pwreset, tplPwreset))
+	router.HandleFunc("/forgotpw", mkHttpHandler(forgotpw, tplForgotpw))
 
 	http.Handle("/", router)
 
diff --git a/pwreset.go b/pwreset.go
index 92bbbc4..b428918 100644
--- a/pwreset.go
+++ b/pwreset.go
@@ -75,3 +75,39 @@ func pwreset(user model.User, sess *sessions.Session, req *http.Request) interfa
 	outdata.Success = "Password was changed"
 	return outdata
 }
+
+type forgotpwTpldata struct {
+	Error, Success string
+}
+
+func forgotpw(user model.User, sess *sessions.Session, req *http.Request) interface{} {
+	if req.Method != "POST" {
+		return &forgotpwTpldata{}
+	}
+
+	if err := req.ParseForm(); err != nil {
+		return &forgotpwTpldata{Error: "Could not understand formdata."}
+	}
+
+	email := req.FormValue("Mail")
+	if email == "" {
+		return &forgotpwTpldata{Error: "E-Mail must not be empty."}
+	}
+
+	user, err := dbcon.UserByMail(email)
+	if err != nil {
+		return &forgotpwTpldata{Error: "E-Mail not found."}
+	}
+
+	key := genAcCode()
+	if err := user.SetActivationCode(key); err != nil {
+		log.Printf("Could not store pwreset key: %s", err)
+		return &forgotpwTpldata{Error: "Could not store keyword reset code. If this happens again, please contact support."}
+	}
+
+	if !SendPwresetLink(user.Email(), key, user.ID()) {
+		return &forgotpwTpldata{Error: "Could not send reset E-Mail. If this happens again, please contact support."}
+	}
+
+	return &forgotpwTpldata{Success: "We sent you an E-Mail with further instructions."}
+}
diff --git a/tpls.go b/tpls.go
index b05ce19..14b8918 100644
--- a/tpls.go
+++ b/tpls.go
@@ -22,6 +22,7 @@ var (
 	tplLogin        *template.Template
 	tplReallyDelete *template.Template
 	tplPwreset      *template.Template
+	tplForgotpw     *template.Template
 )
 
 func initTpls() {
@@ -35,6 +36,7 @@ func initTpls() {
 	tplLogin = loadTpl(tplpath, "login")
 	tplReallyDelete = loadTpl(tplpath, "reallydelete")
 	tplPwreset = loadTpl(tplpath, "pwreset")
+	tplForgotpw = loadTpl(tplpath, "forgotpw")
 }
 
 type msgTpldata struct {
diff --git a/tpls/forgotpw.tpl b/tpls/forgotpw.tpl
new file mode 100644
index 0000000..27dda6d
--- /dev/null
+++ b/tpls/forgotpw.tpl
@@ -0,0 +1,16 @@
+{{define "title"}}Reset Password{{end}}
+
+{{define "content"}}
+	{{if .Success}}
+		<div class="success">{{.Success}}</div>
+	{{else}}
+		{{if .Error}}
+			<div class="error">{{.Error}}</div>
+		{{end}}
+		
+		<form action="/forgotpw" method="post" accept-charset="UTF-8">
+			<p><strong>E-Mail:</strong> <input type="text" name="Mail" /></p>
+			<p><input type="submit" /></p>
+		</form>
+	{{end}}
+{{end}}
\ No newline at end of file
diff --git a/tpls/login.tpl b/tpls/login.tpl
index 34541e4..b3a63e2 100644
--- a/tpls/login.tpl
+++ b/tpls/login.tpl
@@ -12,6 +12,7 @@
 			<p><strong>E-Mail</strong> <input type="text" name="Mail" /></p>
 			<p><strong>Password</strong> <input type="password" name="Password" /></p>
 			<p><input type="submit" /></p>
+			<p><a href="/forgotpw">Forgot your password?</a></p>
 		</form>
 	{{end}}
 {{end}}
\ No newline at end of file
-- 
cgit v1.2.3-54-g00ecf