add server side password change information

src/main/ldap.go

@@ -133,6 +133,41 @@ func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, da
 	return nil
 }
 
+func changeLDAPPassword(server *LDAPServer, userDN, oldPassword, newPassword string) error {
+	logging.Infof("Changing LDAP password for %s", userDN)
+
+	if server == nil || server.Connection == nil {
+		return fmt.Errorf("LDAP connection not initialized")
+	}
+
+	// Ensure connection is alive
+	if server.Connection.IsClosing() {
+		if err := reconnectToLDAPServer(server); err != nil {
+			return err
+		}
+	}
+
+	// Bind as the user (required for FreeIPA self-password change)
+	err := server.Connection.Bind(userDN, oldPassword)
+	if err != nil {
+		logging.Errorf("Failed to bind as user: %s", err.Error())
+		return err
+	}
+
+	// Perform password modify extended operation
+	_, err = server.Connection.PasswordModify(&ldap.PasswordModifyRequest{
+		UserIdentity: userDN,
+		OldPassword:  oldPassword,
+		NewPassword:  newPassword,
+	})
+	if err != nil {
+		logging.Errorf("Password modify failed: %s", err.Error())
+		return err
+	}
+	logging.Infof("Password successfully changed for %s", userDN)
+	return nil
+}
+
 func closeLDAPServer(server *LDAPServer) {
 	if server != nil && server.Connection != nil {
 		logging.Debug("Closing connection to LDAP server")

src/main/main.go

@@ -309,46 +309,62 @@ func cleanupSessions() {
 	}
 }
 
-// func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
-// 	exist, sessionData := validateSession(r)
-// 	if !exist {
-// 		http.Redirect(w, r, "/login", http.StatusSeeOther)
-// 		return
-// 	}
-// 	err := r.ParseMultipartForm(10 << 20) // 10MB limit
-// 	if err != nil {
-// 		http.Error(w, "Bad request", http.StatusBadRequest)
-// 		return
-// 	}
+func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")
 
-// 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
-// 		http.Error(w, "CSRF Forbidden", http.StatusForbidden)
-// 		return
-// 	}
+	exist, sessionData := validateSession(r)
+	if !exist {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
+		return
+	}
 
-// 	file, header, err := r.FormFile("photo")
-// 	if err != nil {
-// 		http.Error(w, "File not found", http.StatusBadRequest)
-// 		return
-// 	}
-// 	defer file.Close()
-// 	if header.Size > (10 * 1024 * 1024) {
-// 		http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
-// 		return
-// 	}
+	err := r.ParseMultipartForm(10 << 20)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"success": false, "error": "Bad request"}`))
+		return
+	}
 
-// 	// 3. Read file into memory
-// 	data, err := io.ReadAll(file)
-// 	if err != nil {
-// 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
-// 		return
-// 	}
-// 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
-// 	ldapServerMutex.Lock()
-// 	defer ldapServerMutex.Unlock()
-// 	modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
-// 	createUserPhoto(sessionData.data.Username, data)
-// }
+	if r.FormValue("csrf_token") != sessionData.CSRFToken {
+		w.WriteHeader(http.StatusForbidden)
+		w.Write([]byte(`{"success": false, "error": "CSRF Forbidden"}`))
+		return
+	}
+
+	oldPassword := r.FormValue("old_password")
+	newPassword := r.FormValue("new_password")
+	newPasswordRepeat := r.FormValue("new_password_repeat")
+
+	if newPassword != newPasswordRepeat {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"success": false, "error": "Passwords do not match"}`))
+		return
+	}
+
+	userDN := fmt.Sprintf(
+		"uid=%s,cn=users,cn=accounts,%s",
+		sessionData.data.Username,
+		serverConfig.LDAPConfig.BaseDN,
+	)
+
+	err = changeLDAPPassword(ldapServer, userDN, oldPassword, newPassword)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+
+		if strings.Contains(err.Error(), "Invalid Credentials") {
+			w.Write([]byte(`{"success": false, "error": "Current password incorrect"}`))
+		} else if strings.Contains(err.Error(), "Too soon to change password") {
+			w.Write([]byte(`{"success": false, "error": "Too soon to change password"}`))
+		} else {
+			w.Write([]byte(`{"success": false, "error": "Internal error"}`))
+		}
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(`{"success": true}`))
+}
 
 func main() {
 	logging.Info("Starting the server")
@@ -380,6 +396,7 @@ func main() {
 
 	HandleFunc("/avatar", avatarHandler)
 	HandleFunc("/change-photo", uploadPhotoHandler)
+	HandleFunc("/change-password", changePasswordHandler)
 
 	HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect

src/pages/profile_page.html

@@ -205,12 +205,12 @@
             method: "POST",
             body: formData,
         })
-            .then((res) => res.json())
-            .then((data) => {
-                // handle success
-            })
-            .catch((err) => {
-                displayError("Something went wrong");
+            .then(async (res) => {
+                const data = await res.json();
+                if (!res.ok) {
+                    throw new Error(data.error || "Request failed");
+                }
+                return data;
             })
             .then((data) => {
                 document
@@ -219,6 +219,9 @@
                 document
                     .getElementById("popup_background")
                     .classList.add("hidden");
+            })
+            .catch((err) => {
+                displayError(err.message);
             });
     });
 </script>