gawells/Self-Service-Dashboard
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

add server side password change information

Browse Source
This commit is contained in:
gawells
2026-03-31 22:05:47 -04:00
parent c628c688f7
commit 737a1908e0
3 changed files with 98 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/main/ldap.go
View File

@@ -133,6 +133,41 @@ func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, da
return nil return nil
} }
func changeLDAPPassword(server *LDAPServer, userDN, oldPassword, newPassword string) error {
logging.Infof("Changing LDAP password for %s", userDN)
if server == nil || server.Connection == nil {
return fmt.Errorf("LDAP connection not initialized")
}
// Ensure connection is alive
if server.Connection.IsClosing() {
if err := reconnectToLDAPServer(server); err != nil {
return err
}
}
// Bind as the user (required for FreeIPA self-password change)
err := server.Connection.Bind(userDN, oldPassword)
if err != nil {
logging.Errorf("Failed to bind as user: %s", err.Error())
return err
}
// Perform password modify extended operation
_, err = server.Connection.PasswordModify(&ldap.PasswordModifyRequest{
UserIdentity: userDN,
OldPassword: oldPassword,
NewPassword: newPassword,
})
if err != nil {
logging.Errorf("Password modify failed: %s", err.Error())
return err
}
logging.Infof("Password successfully changed for %s", userDN)
return nil
}
func closeLDAPServer(server *LDAPServer) { func closeLDAPServer(server *LDAPServer) {
if server != nil && server.Connection != nil { if server != nil && server.Connection != nil {
logging.Debug("Closing connection to LDAP server") logging.Debug("Closing connection to LDAP server")

91
src/main/main.go
View File

@@ -309,46 +309,62 @@ func cleanupSessions() {
} }
} }
// func changePasswordHandler(w http.ResponseWriter, r *http.Request) { func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
// exist, sessionData := validateSession(r) w.Header().Set("Content-Type", "application/json")
// if !exist {
// http.Redirect(w, r, "/login", http.StatusSeeOther)
// return
// }
// err := r.ParseMultipartForm(10 << 20) // 10MB limit
// if err != nil {
// http.Error(w, "Bad request", http.StatusBadRequest)
// return
// }
// if r.FormValue("csrf_token") != sessionData.CSRFToken { exist, sessionData := validateSession(r)
// http.Error(w, "CSRF Forbidden", http.StatusForbidden) if !exist {
// return w.WriteHeader(http.StatusUnauthorized)
// } w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
return
}
// file, header, err := r.FormFile("photo") err := r.ParseMultipartForm(10 << 20)
// if err != nil { if err != nil {
// http.Error(w, "File not found", http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
// return w.Write([]byte(`{"success": false, "error": "Bad request"}`))
// } return
// defer file.Close() }
// if header.Size > (10 * 1024 * 1024) {
// http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
// return
// }
// // 3. Read file into memory if r.FormValue("csrf_token") != sessionData.CSRFToken {
// data, err := io.ReadAll(file) w.WriteHeader(http.StatusForbidden)
// if err != nil { w.Write([]byte(`{"success": false, "error": "CSRF Forbidden"}`))
// http.Error(w, "Failed to read file", http.StatusInternalServerError) return
// return }
// }
// userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN) oldPassword := r.FormValue("old_password")
// ldapServerMutex.Lock() newPassword := r.FormValue("new_password")
// defer ldapServerMutex.Unlock() newPasswordRepeat := r.FormValue("new_password_repeat")
// modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
// createUserPhoto(sessionData.data.Username, data) if newPassword != newPasswordRepeat {
// } w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(`{"success": false, "error": "Passwords do not match"}`))
return
}
userDN := fmt.Sprintf(
"uid=%s,cn=users,cn=accounts,%s",
sessionData.data.Username,
serverConfig.LDAPConfig.BaseDN,
)
err = changeLDAPPassword(ldapServer, userDN, oldPassword, newPassword)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
if strings.Contains(err.Error(), "Invalid Credentials") {
w.Write([]byte(`{"success": false, "error": "Current password incorrect"}`))
} else if strings.Contains(err.Error(), "Too soon to change password") {
w.Write([]byte(`{"success": false, "error": "Too soon to change password"}`))
} else {
w.Write([]byte(`{"success": false, "error": "Internal error"}`))
}
return
}
w.WriteHeader(http.StatusOK)
w.Write([]byte(`{"success": true}`))
}
func main() { func main() {
logging.Info("Starting the server") logging.Info("Starting the server")
@@ -380,6 +396,7 @@ func main() {
HandleFunc("/avatar", avatarHandler) HandleFunc("/avatar", avatarHandler)
HandleFunc("/change-photo", uploadPhotoHandler) HandleFunc("/change-photo", uploadPhotoHandler)
HandleFunc("/change-password", changePasswordHandler)
HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect

15
src/pages/profile_page.html
View File

@@ -205,12 +205,12 @@
method: "POST", method: "POST",
body: formData, body: formData,
}) })
.then((res) => res.json()) .then(async (res) => {
.then((data) => { const data = await res.json();
// handle success if (!res.ok) {
}) throw new Error(data.error || "Request failed");
.catch((err) => { }
displayError("Something went wrong"); return data;
}) })
.then((data) => { .then((data) => {
document document
@@ -219,6 +219,9 @@
document document
.getElementById("popup_background") .getElementById("popup_background")
.classList.add("hidden"); .classList.add("hidden");
})
.catch((err) => {
displayError(err.message);
}); });
}); });
</script> </script>