system.resetpw.go 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. package main
  2. import (
  3. "net/http"
  4. "log"
  5. "errors"
  6. auth "imuslab.com/arozos/mod/auth"
  7. )
  8. /*
  9. Password Reset Module
  10. This module exists to serve the password restart page with security check
  11. */
  12. func system_resetpw_init(){
  13. http.HandleFunc("/system/reset/validateResetKey", system_resetpw_validateResetKeyHandler);
  14. http.HandleFunc("/system/reset/confirmPasswordReset", system_resetpw_confirmReset);
  15. }
  16. //Validate if the ysername and rkey is valid
  17. func system_resetpw_validateResetKeyHandler(w http.ResponseWriter, r *http.Request){
  18. username, err := mv(r, "username", true)
  19. if err != nil{
  20. sendErrorResponse(w, "Invalid username or key")
  21. return
  22. }
  23. rkey, err := mv(r, "rkey", true)
  24. if err != nil{
  25. sendErrorResponse(w, "Invalid username or key")
  26. return
  27. }
  28. if username == "" || rkey == "" {
  29. sendErrorResponse(w, "Invalid username or rkey")
  30. return
  31. }
  32. //Check if the pair is valid
  33. err = system_resetpw_validateResetKey(username, rkey)
  34. if err != nil{
  35. sendErrorResponse(w, err.Error())
  36. return
  37. }
  38. sendOK(w)
  39. }
  40. func system_resetpw_confirmReset(w http.ResponseWriter, r *http.Request){
  41. username, _ := mv(r, "username", true)
  42. rkey, _ := mv(r, "rkey", true)
  43. newpw, _ := mv(r, "pw", true)
  44. if (username == "" || rkey == "" || newpw == ""){
  45. sendErrorResponse(w, "Internal Server Error")
  46. return
  47. }
  48. //Check user exists
  49. if !authAgent.UserExists(username){
  50. sendErrorResponse(w, "Username not exists")
  51. return
  52. }
  53. //Validate rkey
  54. err := system_resetpw_validateResetKey(username, rkey)
  55. if err != nil{
  56. sendErrorResponse(w, err.Error())
  57. return
  58. }
  59. //OK to procced
  60. newHashedPassword := auth.Hash(newpw)
  61. err = sysdb.Write("auth", "passhash/" + username, newHashedPassword)
  62. if err != nil{
  63. sendErrorResponse(w, err.Error())
  64. return
  65. }
  66. sendOK(w);
  67. }
  68. func system_resetpw_validateResetKey(username string, key string) error{
  69. //Get current password from db
  70. passwordInDB := ""
  71. err := sysdb.Read("auth", "passhash/" + username, &passwordInDB)
  72. if err != nil{
  73. return err
  74. }
  75. //Get hashed user key
  76. hashedKey := auth.Hash(key)
  77. if (passwordInDB != hashedKey){
  78. return errors.New("Invalid Password Reset Key")
  79. }
  80. return nil
  81. }
  82. func system_resetpw_handlePasswordReset(w http.ResponseWriter, r *http.Request){
  83. //Check if the user click on this link with reset password key string. If not, ask the user to input one
  84. acc, err := mv(r, "acc", false)
  85. if err != nil || acc == "" {
  86. system_resetpw_serveIdEnterInterface(w,r);
  87. return
  88. }
  89. resetkey, err := mv(r, "rkey", false)
  90. if err != nil || resetkey == "" {
  91. system_resetpw_serveIdEnterInterface(w,r);
  92. return
  93. }
  94. //Check if the code is valid
  95. err = system_resetpw_validateResetKey(acc, resetkey)
  96. if err != nil {
  97. sendErrorResponse(w, "Invalid username or resetKey")
  98. return
  99. }
  100. //OK. Create the New Password Entering UI
  101. imageBase64, _ := LoadImageAsBase64("./web/" + iconVendor)
  102. template, err := template_load("system/reset/resetPasswordTemplate.html",map[string]interface{}{
  103. "vendor_logo": imageBase64,
  104. "host_name": *host_name,
  105. "username": acc,
  106. "rkey": resetkey,
  107. });
  108. if err != nil{
  109. log.Fatal(err);
  110. }
  111. w.Header().Set("Content-Type", "text/html; charset=UTF-8")
  112. w.Write([]byte(template))
  113. }
  114. func system_resetpw_serveIdEnterInterface(w http.ResponseWriter, r *http.Request){
  115. //Reset Key or Username not found, Serve entering interface
  116. imageBase64, _ := LoadImageAsBase64("./web/" + iconVendor)
  117. template, err := template_load("system/reset/resetCodeTemplate.html",map[string]interface{}{
  118. "vendor_logo": imageBase64,
  119. "host_name": *host_name,
  120. });
  121. if err != nil{
  122. log.Fatal(err);
  123. }
  124. w.Header().Set("Content-Type", "text/html; charset=UTF-8")
  125. w.Write([]byte(template))
  126. }