flounder

A simple gemini site builder
Log | Files | Refs | README | LICENSE

commit b18acf6e7fa430cf39e4c02e45bb1e4463c65b23
parent ab26d8c93d3179ea216929903435124f5aa7ed7e
Author: alex wennerberg <alex@alexwennerberg.com>
Date:   Sun,  6 Dec 2020 10:50:53 -0800

finish password reset

Diffstat:
Madmin.go | 12++++++++++--
Mgo.sum | 1+
Mhttp.go | 53+++++++++++++++++++++++++++++++++++++++++++++++------
Mtemplates/reset_pass.html | 8++++----
4 files changed, 62 insertions(+), 12 deletions(-)

diff --git a/admin.go b/admin.go @@ -9,11 +9,13 @@ package main import ( "flag" "fmt" + "golang.org/x/crypto/ssh/terminal" "io/ioutil" "log" "os" "path" "path/filepath" + "syscall" ) // TODO improve cli @@ -39,7 +41,13 @@ func runAdminCommand() { username := args[2] newUsername := args[3] err = renameUser(username, newUsername) - // case "set-password": + case "set-password": + username := args[2] + fmt.Print("Enter New Password: ") + bytePassword, err := terminal.ReadPassword(int(syscall.Stdin)) + if err != nil { + setPassword(username, bytePassword) + } } if err != nil { log.Fatal(err) @@ -57,7 +65,7 @@ func makeAdmin(username string) error { return nil } -func setPassword(username string, newPass string) error { +func setPassword(username string, newPass []byte) error { return nil } diff --git a/go.sum b/go.sum @@ -99,6 +99,7 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/http.go b/http.go @@ -334,7 +334,10 @@ func loginHandler(w http.ResponseWriter, r *http.Request) { var username string var active bool var isAdmin bool - _ = row.Scan(&username, &db_password, &active, &isAdmin) + err := row.Scan(&username, &db_password, &active, &isAdmin) + if err != nil { + panic(err) + } if db_password != nil && !active { data := struct { Error string @@ -421,6 +424,9 @@ func registerHandler(w http.ResponseWriter, r *http.Request) { errors = append(errors, err.Error()) } hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8) // TODO handle error + if err != nil { + panic(err) + } reference := r.Form.Get("reference") if len(errors) == 0 { _, err = DB.Exec("insert into user (username, email, password_hash, reference) values ($1, $2, $3, $4)", username, email, string(hashedPassword), reference) @@ -562,11 +568,46 @@ func resetPasswordHandler(w http.ResponseWriter, r *http.Request) { data := struct { PageTitle string AuthUser AuthUser - Error error - }{"Reset Password", user, nil} - err := t.ExecuteTemplate(w, "reset_pass.html", data) - if err != nil { - panic(err) + Error string + }{"Reset Password", user, ""} + if r.Method == "GET" { + err := t.ExecuteTemplate(w, "reset_pass.html", data) + if err != nil { + panic(err) + } + } else if r.Method == "POST" { + r.ParseForm() + enteredCurrPass := r.Form.Get("password") + var currPass []byte + password1 := r.Form.Get("new_password1") + password2 := r.Form.Get("new_password2") + row := DB.QueryRow("SELECT password_hash FROM user where username = ?", user.Username) + err := row.Scan(&currPass) + if password1 != password2 { + data.Error = "New passwords do not match" + } else if len(password1) < 6 { + data.Error = "Password is too short" + } else { + err = bcrypt.CompareHashAndPassword(currPass, []byte(enteredCurrPass)) + if err == nil { + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password1), 8) // TODO handle error + if err != nil { + panic(err) + } + _, err = DB.Exec("update user set password_hash = ? where username = ?", hashedPassword, user.Username) + if err != nil { + panic(err) + } + http.Redirect(w, r, "/me", http.StatusSeeOther) + return + } else { + data.Error = "That's not your current password" + } + } + err = t.ExecuteTemplate(w, "reset_pass.html", data) + if err != nil { + panic(err) + } } } diff --git a/templates/reset_pass.html b/templates/reset_pass.html @@ -7,7 +7,7 @@ id="password" name="password" size="32" - type="text" + type="password" value="" /> </div> @@ -17,7 +17,7 @@ id="new_password1" name="new_password1" size="32" - type="text" + type="password" value="" /> </div> @@ -27,7 +27,7 @@ id="new_password2" name="new_password2" size="32" - type="text" + type="password" value="" /> </div> @@ -38,6 +38,6 @@ type="submit" value="Change" /> - </form> +<div class="error">{{ .Error }} {{template "footer" .}}