forked from uadmin/uadmin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpassword_reset_handler.go
73 lines (66 loc) · 1.64 KB
/
password_reset_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package uadmin
import (
"net/http"
)
func passwordResetHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
type Context struct {
Err string
ErrExists bool
SiteName string
Language Language
RootURL string
Logo string
FavIcon string
}
c := Context{}
c.SiteName = SiteName
c.RootURL = RootURL
c.Language = getLanguage(r)
c.Logo = Logo
c.FavIcon = FavIcon
// Get the user and the code and verify them
userID := r.FormValue("u")
user := &User{}
Get(user, "id = ?", userID)
if user.ID == 0 {
go func() {
log := &Log{}
r.Form.Set("reset-status", "invalid user id")
log.PasswordReset(userID, log.Action.PasswordResetDenied(), r)
log.Save()
}()
pageErrorHandler(w, r, nil)
return
}
otpCode := r.FormValue("key")
if !user.VerifyOTP(otpCode) {
go func() {
log := &Log{}
r.Form.Set("reset-status", "invalid otp code: "+otpCode)
log.PasswordReset(user.Username, log.Action.PasswordResetDenied(), r)
log.Save()
}()
pageErrorHandler(w, r, nil)
return
}
if r.Method == cPOST {
if r.FormValue("password") != r.FormValue("confirm_password") {
c.ErrExists = true
c.Err = "Password does not match the confirm password"
} else {
user.Password = hashPass(r.FormValue("password"))
user.Save()
//log successful password reset
go func() {
log := &Log{}
r.Form.Set("reset-status", "Successfully changed the password")
log.PasswordReset(user.Username, log.Action.PasswordResetSuccessful(), r)
log.Save()
}()
http.Redirect(w, r, RootURL, http.StatusSeeOther)
return
}
}
RenderHTML(w, r, "./templates/uadmin/"+Theme+"/resetpassword.html", c)
}