diff options
author | Kevin Chabowski <kevin@kch42.de> | 2013-08-30 16:58:52 +0200 |
---|---|---|
committer | Kevin Chabowski <kevin@kch42.de> | 2013-08-30 16:58:52 +0200 |
commit | 11ec26feeabced25281b8637f928a8096690c54b (patch) | |
tree | cfbe004673dd4be4fae420ffc1955452e9b8556a | |
parent | 43bf81f08a064bbc2563c8e24f8a825100427b8e (diff) | |
download | mailremind-11ec26feeabced25281b8637f928a8096690c54b.tar.gz mailremind-11ec26feeabced25281b8637f928a8096690c54b.tar.bz2 mailremind-11ec26feeabced25281b8637f928a8096690c54b.zip |
Password reset partially implemented.
-rw-r--r-- | main.go | 1 | ||||
-rw-r--r-- | pwreset.go | 77 | ||||
-rw-r--r-- | tpls.go | 2 | ||||
-rw-r--r-- | tpls/pwreset.tpl | 17 |
4 files changed, 97 insertions, 0 deletions
@@ -87,6 +87,7 @@ func main() { router.HandleFunc("/logout", mkHttpHandler(logout, tplMsg)) router.HandleFunc("/delete-acc/yes", mkHttpHandler(deleteacc, tplMsg)) router.HandleFunc("/delete-acc", mkHttpHandler(deleteask, tplReallyDelete)) + router.HandleFunc("/pwreset", mkHttpHandler(pwreset, tplPwreset)) http.Handle("/", router) diff --git a/pwreset.go b/pwreset.go new file mode 100644 index 0000000..92bbbc4 --- /dev/null +++ b/pwreset.go @@ -0,0 +1,77 @@ +package main + +import ( + "code.google.com/p/go.crypto/bcrypt" + "github.com/gorilla/sessions" + "kch42.de/gostuff/mailremind/model" + "log" + "net/http" +) + +type pwresetTpldata struct { + Error, Success, Code, UID string +} + +func pwreset(user model.User, sess *sessions.Session, req *http.Request) interface{} { + if err := req.ParseForm(); err != nil { + return &pwresetTpldata{Error: "Could not understand formdata."} + } + + code := req.FormValue("Code") + _uid := req.FormValue("U") + pw1 := req.FormValue("Password") + pw2 := req.FormValue("PasswordAgain") + + if code == "" { + return &pwresetTpldata{Error: "Wrong password reset code"} + } + + uid, err := db.ParseDBID(_uid) + if err != nil { + return &pwresetTpldata{Error: "Invalid user ID"} + } + + if user, err = dbcon.UserByID(uid); err != nil { + return &pwresetTpldata{Error: "User not found"} + } + + if user.ActivationCode() != code { + return &pwresetTpldata{Error: "Wrong activation code"} + } + + outdata := &pwresetTpldata{UID: _uid, Code: code} + + if req.Method != "POST" { + return outdata + } + + if pw1 == "" { + outdata.Error = "Password must not be empty." + return outdata + } + + if pw1 != pw2 { + outdata.Error = "Passwords are not identical." + return outdata + } + + hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost) + if err != nil { + log.Printf("Could not has password: %s", err) + outdata.Error = "Failed hashing you password. If this happens again, please contact support." + return outdata + } + + if err := user.SetPWHash(hash); err != nil { + log.Printf("Error while storing new password: %s", err) + outdata.Error = "Could not store password. If this happens again, please contact support." + return outdata + } + + if err := user.SetActivationCode(""); err != nil { + log.Printf("Error resetting acCode: %s", err) + } + + outdata.Success = "Password was changed" + return outdata +} @@ -21,6 +21,7 @@ var ( tplMsg *template.Template tplLogin *template.Template tplReallyDelete *template.Template + tplPwreset *template.Template ) func initTpls() { @@ -33,6 +34,7 @@ func initTpls() { tplMsg = loadTpl(tplpath, "msg") tplLogin = loadTpl(tplpath, "login") tplReallyDelete = loadTpl(tplpath, "reallydelete") + tplPwreset = loadTpl(tplpath, "pwreset") } type msgTpldata struct { diff --git a/tpls/pwreset.tpl b/tpls/pwreset.tpl new file mode 100644 index 0000000..085f5cf --- /dev/null +++ b/tpls/pwreset.tpl @@ -0,0 +1,17 @@ +{{define "title"}}Reset Password{{end}} + +{{define "content"}} + {{if .Success}} + <div class="success">{{.Success}}</div> + {{else}} + {{if .Error}} + <div class="error">{{.Error}}</div> + {{end}} + + <form action="/pwreset?Code={{.Code}}&U={{.UID}}" method="post" accept-charset="UTF-8"> + <p><strong>Password:</strong> <input type="password" name="Password" /></p> + <p><strong>Retype Password:</strong> <input type="password" name="PasswordAgain" /></p> + <p><input type="submit" /></p> + </form> + {{end}} +{{end}}
\ No newline at end of file |