all repos — flounder @ b18acf6e7fa430cf39e4c02e45bb1e4463c65b23

A small site builder for the Gemini protocol

finish password reset
alex wennerberg alex@alexwennerberg.com
Sun, 06 Dec 2020 10:50:53 -0800
commit

b18acf6e7fa430cf39e4c02e45bb1e4463c65b23

parent

ab26d8c93d3179ea216929903435124f5aa7ed7e

4 files changed, 62 insertions(+), 12 deletions(-)

jump to
M admin.goadmin.go 
@@ -9,11 +9,13 @@
 import (
 	"flag"
 	"fmt"
+	"golang.org/x/crypto/ssh/terminal"
 	"io/ioutil"
 	"log"
 	"os"
 	"path"
 	"path/filepath"
+	"syscall"
 )
 
 // TODO improve cli

@@ -39,7 +41,13 @@ case "rename-user":
 		username := args[2]
 		newUsername := args[3]
 		err = renameUser(username, newUsername)
-		// case "set-password":
+	case "set-password":
+		username := args[2]
+		fmt.Print("Enter New Password: ")
+		bytePassword, err := terminal.ReadPassword(int(syscall.Stdin))
+		if err != nil {
+			setPassword(username, bytePassword)
+		}
 	}
 	if err != nil {
 		log.Fatal(err)

@@ -57,7 +65,7 @@ log.Println("Made admin user", username)
 	return nil
 }
 
-func setPassword(username string, newPass string) error {
+func setPassword(username string, newPass []byte) error {
 	return nil
 }
M go.sumgo.sum 
@@ -99,6 +99,7 @@ golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
M http.gohttp.go 
@@ -334,7 +334,10 @@ var db_password []byte
 		var username string
 		var active bool
 		var isAdmin bool
-		_ = row.Scan(&username, &db_password, &active, &isAdmin)
+		err := row.Scan(&username, &db_password, &active, &isAdmin)
+		if err != nil {
+			panic(err)
+		}
 		if db_password != nil && !active {
 			data := struct {
 				Error     string

@@ -421,6 +424,9 @@ if err != nil {
 			errors = append(errors, err.Error())
 		}
 		hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 8) // TODO handle error
+		if err != nil {
+			panic(err)
+		}
 		reference := r.Form.Get("reference")
 		if len(errors) == 0 {
 			_, err = DB.Exec("insert into user (username, email, password_hash, reference) values ($1, $2, $3, $4)", username, email, string(hashedPassword), reference)

@@ -562,11 +568,46 @@ user := newGetAuthUser(r)
 	data := struct {
 		PageTitle string
 		AuthUser  AuthUser
-		Error     error
-	}{"Reset Password", user, nil}
-	err := t.ExecuteTemplate(w, "reset_pass.html", data)
-	if err != nil {
-		panic(err)
+		Error     string
+	}{"Reset Password", user, ""}
+	if r.Method == "GET" {
+		err := t.ExecuteTemplate(w, "reset_pass.html", data)
+		if err != nil {
+			panic(err)
+		}
+	} else if r.Method == "POST" {
+		r.ParseForm()
+		enteredCurrPass := r.Form.Get("password")
+		var currPass []byte
+		password1 := r.Form.Get("new_password1")
+		password2 := r.Form.Get("new_password2")
+		row := DB.QueryRow("SELECT password_hash FROM user where username = ?", user.Username)
+		err := row.Scan(&currPass)
+		if password1 != password2 {
+			data.Error = "New passwords do not match"
+		} else if len(password1) < 6 {
+			data.Error = "Password is too short"
+		} else {
+			err = bcrypt.CompareHashAndPassword(currPass, []byte(enteredCurrPass))
+			if err == nil {
+				hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password1), 8) // TODO handle error
+				if err != nil {
+					panic(err)
+				}
+				_, err = DB.Exec("update user set password_hash = ? where username = ?", hashedPassword, user.Username)
+				if err != nil {
+					panic(err)
+				}
+				http.Redirect(w, r, "/me", http.StatusSeeOther)
+				return
+			} else {
+				data.Error = "That's not your current password"
+			}
+		}
+		err = t.ExecuteTemplate(w, "reset_pass.html", data)
+		if err != nil {
+			panic(err)
+		}
 	}
 }
M templates/reset_pass.htmltemplates/reset_pass.html 
@@ -7,7 +7,7 @@ <input
       id="password"
       name="password"
       size="32"
-      type="text"
+      type="password"
       value=""
     />
   </div>

@@ -17,7 +17,7 @@ <input
       id="new_password1"
       name="new_password1"
       size="32"
-      type="text"
+      type="password"
       value=""
     />
   </div>

@@ -27,7 +27,7 @@ <input
       id="new_password2"
       name="new_password2"
       size="32"
-      type="text"
+      type="password"
       value=""
     />
   </div>    

@@ -38,6 +38,6 @@ name="submit"
   type="submit"
   value="Change"
 />
-
 </form>
+<div class="error">{{ .Error }}
 {{template "footer" .}}