-
Notifications
You must be signed in to change notification settings - Fork 60
/
password_reset_handler.go
95 lines (85 loc) · 2.11 KB
/
password_reset_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package uadmin
import (
"fmt"
"html/template"
"net/http"
"strconv"
)
func passwordResetHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
type Context struct {
Err string
ErrExists bool
SiteName string
Language Language
RootURL string
}
c := Context{}
c.SiteName = SiteName
c.RootURL = RootURL
c.Language = getLanguage(r)
// Get the user and the code and verify them
fmt.Println(r.FormValue("u"), r.FormValue("key"))
userID, err := strconv.ParseUint(r.FormValue("u"), 10, 64)
if err != nil {
page404Handler(w, r, nil)
return
}
user := &User{}
Get(user, "id = ?", userID)
if user.ID == 0 {
go func() {
log := &Log{}
r.Form.Set("reset-status", "invalid user id")
log.PasswordReset(r.FormValue("u"), log.Action.PasswordResetDenied(), r)
log.Save()
}()
page404Handler(w, r, nil)
return
}
otpCode := r.FormValue("key")
if !user.VerifyOTP(otpCode) {
go func() {
log := &Log{}
r.Form.Set("reset-status", "invalid otpcode: "+otpCode)
log.PasswordReset(user.Username, log.Action.PasswordResetDenied(), r)
log.Save()
}()
page404Handler(w, r, nil)
return
}
if r.Method == cPOST {
if r.FormValue("password") != r.FormValue("confirm_password") {
c.ErrExists = true
c.Err = "Password does not match the confirm password"
} else {
user.Password = hashPass(r.FormValue("password"))
user.Save()
//log successful password reset
go func() {
log := &Log{}
r.Form.Set("reset-status", "Successfully changed the password")
log.PasswordReset(user.Username, log.Action.PasswordResetSuccessful(), r)
log.Save()
}()
http.Redirect(w, r, RootURL, 303)
return
}
}
t := template.New("").Funcs(template.FuncMap{
"Tf": Tf,
})
t, err = t.ParseFiles("./templates/uadmin/" + Theme + "/resetpassword.html")
if err != nil {
Trail(ERROR, "Unable to parse resetpassword.html. %s", err)
page404Handler(w, r, nil)
return
}
// URL, _ := url.Parse(r.RequestURI)
// URLPath := strings.Split(URL.Path, "/")
err = t.ExecuteTemplate(w, "resetpassword.html", c)
// lock.Unlock()
if err != nil {
fmt.Println(err.Error())
}
}