arozos/system.resetpw.go

package main

import (
	"errors"
	"log"
	"net/http"

	auth "imuslab.com/arozos/mod/auth"
	"imuslab.com/arozos/mod/common"
)

/*
	Password Reset Module

	This module exists to serve the password restart page with security check
*/

func system_resetpw_init() {
	http.HandleFunc("/system/reset/validateResetKey", system_resetpw_validateResetKeyHandler)
	http.HandleFunc("/system/reset/confirmPasswordReset", system_resetpw_confirmReset)
}

//Validate if the ysername and rkey is valid
func system_resetpw_validateResetKeyHandler(w http.ResponseWriter, r *http.Request) {
	username, err := common.Mv(r, "username", true)
	if err != nil {
		common.SendErrorResponse(w, "Invalid username or key")
		return
	}
	rkey, err := common.Mv(r, "rkey", true)
	if err != nil {
		common.SendErrorResponse(w, "Invalid username or key")
		return
	}

	if username == "" || rkey == "" {
		common.SendErrorResponse(w, "Invalid username or rkey")
		return
	}

	//Check if the pair is valid
	err = system_resetpw_validateResetKey(username, rkey)
	if err != nil {
		common.SendErrorResponse(w, err.Error())
		return
	}

	common.SendOK(w)

}

func system_resetpw_confirmReset(w http.ResponseWriter, r *http.Request) {
	username, _ := common.Mv(r, "username", true)
	rkey, _ := common.Mv(r, "rkey", true)
	newpw, _ := common.Mv(r, "pw", true)
	if username == "" || rkey == "" || newpw == "" {
		common.SendErrorResponse(w, "Internal Server Error")
		return
	}

	//Check user exists
	if !authAgent.UserExists(username) {
		common.SendErrorResponse(w, "Username not exists")
		return
	}

	//Validate rkey
	err := system_resetpw_validateResetKey(username, rkey)
	if err != nil {
		common.SendErrorResponse(w, err.Error())
		return
	}

	//OK to procced
	newHashedPassword := auth.Hash(newpw)
	err = sysdb.Write("auth", "passhash/"+username, newHashedPassword)
	if err != nil {
		common.SendErrorResponse(w, err.Error())
		return
	}

	common.SendOK(w)

}

func system_resetpw_validateResetKey(username string, key string) error {
	//Get current password from db
	passwordInDB := ""
	err := sysdb.Read("auth", "passhash/"+username, &passwordInDB)
	if err != nil {
		return err
	}

	//Get hashed user key
	hashedKey := auth.Hash(key)
	if passwordInDB != hashedKey {
		return errors.New("Invalid Password Reset Key")
	}

	return nil
}

func system_resetpw_handlePasswordReset(w http.ResponseWriter, r *http.Request) {
	//Check if the user click on this link with reset password key string. If not, ask the user to input one
	acc, err := common.Mv(r, "acc", false)
	if err != nil || acc == "" {
		system_resetpw_serveIdEnterInterface(w, r)
		return
	}

	resetkey, err := common.Mv(r, "rkey", false)
	if err != nil || resetkey == "" {
		system_resetpw_serveIdEnterInterface(w, r)
		return
	}

	//Check if the code is valid
	err = system_resetpw_validateResetKey(acc, resetkey)
	if err != nil {
		common.SendErrorResponse(w, "Invalid username or resetKey")
		return
	}

	//OK. Create the New Password Entering UI
	imageBase64, _ := common.LoadImageAsBase64("./web/" + iconVendor)
	template, err := common.Templateload("system/reset/resetPasswordTemplate.html", map[string]interface{}{
		"vendor_logo": imageBase64,
		"host_name":   *host_name,
		"username":    acc,
		"rkey":        resetkey,
	})
	if err != nil {
		log.Fatal(err)
	}
	w.Header().Set("Content-Type", "text/html; charset=UTF-8")
	w.Write([]byte(template))
}

func system_resetpw_serveIdEnterInterface(w http.ResponseWriter, r *http.Request) {
	//Reset Key or Username not found, Serve entering interface
	imageBase64, _ := common.LoadImageAsBase64("./web/" + iconVendor)
	template, err := common.Templateload("system/reset/resetCodeTemplate.html", map[string]interface{}{
		"vendor_logo": imageBase64,
		"host_name":   *host_name,
	})
	if err != nil {
		log.Fatal(err)
	}
	w.Header().Set("Content-Type", "text/html; charset=UTF-8")
	w.Write([]byte(template))
}