/
change_secondary_password.go
117 lines (101 loc) · 3.42 KB
/
change_secondary_password.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package webapp
import (
"net/http"
"github.com/authgear/authgear-server/pkg/auth/handler/webapp/viewmodels"
"github.com/authgear/authgear-server/pkg/lib/authn"
"github.com/authgear/authgear-server/pkg/lib/interaction"
"github.com/authgear/authgear-server/pkg/util/httproute"
pwd "github.com/authgear/authgear-server/pkg/util/password"
"github.com/authgear/authgear-server/pkg/util/template"
"github.com/authgear/authgear-server/pkg/util/validation"
)
var TemplateWebChangeSecondaryPasswordHTML = template.RegisterHTML(
"web/change_secondary_password.html",
Components...,
)
var ForceChangeSecondaryPasswordSchema = validation.NewSimpleSchema(`
{
"type": "object",
"properties": {
"x_new_password": { "type": "string" },
"x_confirm_password": { "type": "string" }
},
"required": ["x_new_password", "x_confirm_password"]
}
`)
func ConfigureForceChangeSecondaryPasswordRoute(route httproute.Route) httproute.Route {
return route.WithMethods("OPTIONS", "POST", "GET").
WithPathPattern("/flows/change_secondary_password")
}
type ForceChangeSecondaryPasswordHandler struct {
ControllerFactory ControllerFactory
BaseViewModel *viewmodels.BaseViewModeler
ChangePasswordViewModel viewmodels.ChangePasswordViewModeler
Renderer Renderer
PasswordPolicy PasswordPolicy
}
func (h *ForceChangeSecondaryPasswordHandler) GetData(r *http.Request, rw http.ResponseWriter, graph *interaction.Graph) (map[string]interface{}, error) {
data := make(map[string]interface{})
baseViewModel := h.BaseViewModel.ViewModel(r, rw)
passwordPolicyViewModel := viewmodels.NewPasswordPolicyViewModel(
h.PasswordPolicy.PasswordPolicy(),
h.PasswordPolicy.PasswordRules(),
baseViewModel.RawError,
viewmodels.GetDefaultPasswordPolicyViewModelOptions(),
)
changePasswordViewModel := h.ChangePasswordViewModel.NewWithGraph(graph)
viewmodels.Embed(data, baseViewModel)
viewmodels.Embed(data, passwordPolicyViewModel)
viewmodels.Embed(data, changePasswordViewModel)
viewmodels.Embed(data, ChangePasswordViewModel{
Force: true,
})
return data, nil
}
func (h *ForceChangeSecondaryPasswordHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
ctrl, err := h.ControllerFactory.New(r, w)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
defer ctrl.Serve()
ctrl.Get(func() error {
// Ensure there is an ongoing web session.
// If the user clicks back just after authentication, there is no ongoing web session.
// The user will see the normal web session not found error page.
graph, err := ctrl.InteractionGet()
if err != nil {
return err
}
data, err := h.GetData(r, w, graph)
if err != nil {
return err
}
h.Renderer.RenderHTML(w, r, TemplateWebChangeSecondaryPasswordHTML, data)
return nil
})
ctrl.PostAction("", func() error {
result, err := ctrl.InteractionPost(func() (input interface{}, err error) {
err = ForceChangeSecondaryPasswordSchema.Validator().ValidateValue(FormToJSON(r.Form))
if err != nil {
return
}
newPassword := r.Form.Get("x_new_password")
confirmPassword := r.Form.Get("x_confirm_password")
err = pwd.ConfirmPassword(newPassword, confirmPassword)
if err != nil {
return
}
input = &InputChangePassword{
AuthenticationStage: authn.AuthenticationStageSecondary,
NewPassword: newPassword,
}
return
})
if err != nil {
return err
}
result.WriteResponse(w, r)
return nil
})
}