Compare commits
19 Commits
074b3f8f31
...
737a1908e0
| Author | SHA1 | Date | |
|---|---|---|---|
| 737a1908e0 | |||
| c628c688f7 | |||
| d283ad0a0a | |||
| a8c8feeb3e | |||
| 939a55c44b | |||
| ffcaee7170 | |||
| 3a69c04c25 | |||
| cacddd16e2 | |||
| 2f6ff081f3 | |||
| 59bc23bdc2 | |||
| a7c33392ce | |||
| 05e01f4b23 | |||
| e2f4a0692c | |||
| efd7d15722 | |||
| 4e412e9c18 | |||
| 6220021953 | |||
|
01ca68e16b | ||
|
|
6c435e6135 | ||
|
|
e1f992e052 |
@@ -133,6 +133,41 @@ func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, da
|
||||
return nil
|
||||
}
|
||||
|
||||
func changeLDAPPassword(server *LDAPServer, userDN, oldPassword, newPassword string) error {
|
||||
logging.Infof("Changing LDAP password for %s", userDN)
|
||||
|
||||
if server == nil || server.Connection == nil {
|
||||
return fmt.Errorf("LDAP connection not initialized")
|
||||
}
|
||||
|
||||
// Ensure connection is alive
|
||||
if server.Connection.IsClosing() {
|
||||
if err := reconnectToLDAPServer(server); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Bind as the user (required for FreeIPA self-password change)
|
||||
err := server.Connection.Bind(userDN, oldPassword)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to bind as user: %s", err.Error())
|
||||
return err
|
||||
}
|
||||
|
||||
// Perform password modify extended operation
|
||||
_, err = server.Connection.PasswordModify(&ldap.PasswordModifyRequest{
|
||||
UserIdentity: userDN,
|
||||
OldPassword: oldPassword,
|
||||
NewPassword: newPassword,
|
||||
})
|
||||
if err != nil {
|
||||
logging.Errorf("Password modify failed: %s", err.Error())
|
||||
return err
|
||||
}
|
||||
logging.Infof("Password successfully changed for %s", userDN)
|
||||
return nil
|
||||
}
|
||||
|
||||
func closeLDAPServer(server *LDAPServer) {
|
||||
if server != nil && server.Connection != nil {
|
||||
logging.Debug("Closing connection to LDAP server")
|
||||
|
||||
@@ -309,6 +309,63 @@ func cleanupSessions() {
|
||||
}
|
||||
}
|
||||
|
||||
func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
exist, sessionData := validateSession(r)
|
||||
if !exist {
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
|
||||
return
|
||||
}
|
||||
|
||||
err := r.ParseMultipartForm(10 << 20)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
w.Write([]byte(`{"success": false, "error": "Bad request"}`))
|
||||
return
|
||||
}
|
||||
|
||||
if r.FormValue("csrf_token") != sessionData.CSRFToken {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
w.Write([]byte(`{"success": false, "error": "CSRF Forbidden"}`))
|
||||
return
|
||||
}
|
||||
|
||||
oldPassword := r.FormValue("old_password")
|
||||
newPassword := r.FormValue("new_password")
|
||||
newPasswordRepeat := r.FormValue("new_password_repeat")
|
||||
|
||||
if newPassword != newPasswordRepeat {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
w.Write([]byte(`{"success": false, "error": "Passwords do not match"}`))
|
||||
return
|
||||
}
|
||||
|
||||
userDN := fmt.Sprintf(
|
||||
"uid=%s,cn=users,cn=accounts,%s",
|
||||
sessionData.data.Username,
|
||||
serverConfig.LDAPConfig.BaseDN,
|
||||
)
|
||||
|
||||
err = changeLDAPPassword(ldapServer, userDN, oldPassword, newPassword)
|
||||
if err != nil {
|
||||
w.WriteHeader(http.StatusInternalServerError)
|
||||
|
||||
if strings.Contains(err.Error(), "Invalid Credentials") {
|
||||
w.Write([]byte(`{"success": false, "error": "Current password incorrect"}`))
|
||||
} else if strings.Contains(err.Error(), "Too soon to change password") {
|
||||
w.Write([]byte(`{"success": false, "error": "Too soon to change password"}`))
|
||||
} else {
|
||||
w.Write([]byte(`{"success": false, "error": "Internal error"}`))
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
w.WriteHeader(http.StatusOK)
|
||||
w.Write([]byte(`{"success": true}`))
|
||||
}
|
||||
|
||||
func main() {
|
||||
logging.Info("Starting the server")
|
||||
|
||||
@@ -339,6 +396,7 @@ func main() {
|
||||
|
||||
HandleFunc("/avatar", avatarHandler)
|
||||
HandleFunc("/change-photo", uploadPhotoHandler)
|
||||
HandleFunc("/change-password", changePasswordHandler)
|
||||
|
||||
HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect
|
||||
|
||||
@@ -6,37 +6,31 @@
|
||||
rel="stylesheet"
|
||||
/>
|
||||
<link rel="stylesheet" href="static/style.css" />
|
||||
<link rel="stylesheet" href="static/error/error.css" />
|
||||
<link rel="stylesheet" href="static/card.css" />
|
||||
<link rel="stylesheet" href="static/login_page.css" />
|
||||
|
||||
<img id="logo_image" alt="logo" src="/logo" />
|
||||
<form id="login_card" method="POST">
|
||||
<form id="login_card" class="card" method="POST">
|
||||
<div id="welcome_text">
|
||||
Welcome to Astral Tech, Please Sign in to your account below
|
||||
</div>
|
||||
|
||||
<div id="incorrect_password_text" class="{{.IsHiddenClassList}}">
|
||||
<div class="error {{.IsHiddenClassList}}">
|
||||
⚠️ Invalid username or password.
|
||||
<button id="incorrect_password_close_button">X</button>
|
||||
<button class="close_error_button">X</button>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="login_text">Username</label><br />
|
||||
<label class="input_label">Username</label><br />
|
||||
<input type="text" name="username" placeholder="" required />
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="login_text">Password</label><br />
|
||||
<label class="input_label">Password</label><br />
|
||||
<input type="password" name="password" placeholder="" required />
|
||||
</div>
|
||||
<button type="submit">Login</button>
|
||||
</form>
|
||||
|
||||
<script>
|
||||
document
|
||||
.getElementById("incorrect_password_close_button")
|
||||
.addEventListener("click", function () {
|
||||
document
|
||||
.getElementById("incorrect_password_text")
|
||||
.classList.add("hidden");
|
||||
});
|
||||
</script>
|
||||
<script src="/static/error/error.js" type="text/javascript"></script>
|
||||
|
||||
@@ -7,8 +7,59 @@
|
||||
/>
|
||||
<link rel="stylesheet" href="static/style.css" />
|
||||
<link rel="stylesheet" href="static/card.css" />
|
||||
<link rel="stylesheet" href="static/error/error.css" />
|
||||
<link rel="stylesheet" href="static/profile_page.css" />
|
||||
|
||||
<div id="popup_background" class="blocked hidden"></div>
|
||||
|
||||
<div id="change_password_dialogue" class="hidden card static_center">
|
||||
Change Password
|
||||
|
||||
<button id="close_password_dialogue">X</button>
|
||||
|
||||
<div id="password_error" class="error hidden">
|
||||
<div id="password_text"></div>
|
||||
<button id="password_error_close_button" class="close_error_button">
|
||||
X
|
||||
</button>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">Current password</label><br />
|
||||
<input
|
||||
type="password"
|
||||
id="current_password"
|
||||
name="current_password"
|
||||
placeholder=""
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">New password</label><br />
|
||||
<input
|
||||
type="password"
|
||||
id="new_password"
|
||||
name="new_password"
|
||||
placeholder=""
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">New password (repeat)</label><br />
|
||||
<input
|
||||
type="password"
|
||||
id="new_password_repeat"
|
||||
name="new_password_repeat"
|
||||
placeholder=""
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
|
||||
<button id="final_change_password_button">Change Password</button>
|
||||
</div>
|
||||
|
||||
<img id="logo_image" alt="logo" src="/logo" />
|
||||
<div id="main_content">
|
||||
<div class="cards">
|
||||
@@ -51,28 +102,18 @@
|
||||
<div class="data-value">{{.Email}}</div>
|
||||
</div>
|
||||
|
||||
<form
|
||||
action="/logout"
|
||||
method="POST"
|
||||
style="
|
||||
color: var(--primary-accent);
|
||||
text-decoration: none;
|
||||
font-weight: bold;
|
||||
margin-top: 20px;
|
||||
display: inline-block;
|
||||
"
|
||||
>
|
||||
<button
|
||||
style="
|
||||
background: none;
|
||||
border-style: none;
|
||||
color: var(--primary-accent);
|
||||
text-decoration: none;
|
||||
font-weight: bold;
|
||||
font-size: 20px;
|
||||
"
|
||||
id="signout_button"
|
||||
>
|
||||
<button class="bottom_button" id="change_password_button">
|
||||
<input
|
||||
id="csrf_token_storage"
|
||||
type="hidden"
|
||||
name="csrf_token"
|
||||
value="{{.CSRFToken}}"
|
||||
/>
|
||||
Change Password
|
||||
</button>
|
||||
|
||||
<form action="/logout" method="POST" style="display: inline-block">
|
||||
<button class="bottom_button" id="signout_button">
|
||||
<input
|
||||
id="csrf_token_storage"
|
||||
type="hidden"
|
||||
@@ -95,10 +136,102 @@
|
||||
});
|
||||
</script>
|
||||
|
||||
<script type="text/javascript">
|
||||
const popup_botton = document.getElementById("change_password_button");
|
||||
|
||||
popup_botton.addEventListener("click", () => {
|
||||
document.getElementById("popup_background").classList.remove("hidden");
|
||||
document
|
||||
.getElementById("change_password_dialogue")
|
||||
.classList.remove("hidden");
|
||||
});
|
||||
</script>
|
||||
|
||||
<script type="text/javascript">
|
||||
const changePasswordButton = document.getElementById(
|
||||
"final_change_password_button",
|
||||
);
|
||||
|
||||
function displayError(errorText) {
|
||||
document.getElementById("password_error").classList.remove("hidden");
|
||||
document.getElementById("password_text").innerText =
|
||||
"⚠️ " + errorText + ".";
|
||||
return;
|
||||
}
|
||||
|
||||
changePasswordButton.addEventListener("click", () => {
|
||||
if (document.getElementById("current_password").value === "") {
|
||||
displayError("Please enter current password");
|
||||
return;
|
||||
}
|
||||
|
||||
if (document.getElementById("new_password").value === "") {
|
||||
displayError("No value for new password");
|
||||
return;
|
||||
}
|
||||
|
||||
if (document.getElementById("new_password_repeat").value === "") {
|
||||
displayError("Please repeat new password");
|
||||
return;
|
||||
}
|
||||
|
||||
if (
|
||||
document.getElementById("new_password").value !==
|
||||
document.getElementById("new_password_repeat").value
|
||||
) {
|
||||
displayError("New password and new password repeat do not match");
|
||||
return;
|
||||
}
|
||||
|
||||
const formData = new FormData();
|
||||
formData.append(
|
||||
"csrf_token",
|
||||
document.getElementById("csrf_token_storage").value,
|
||||
);
|
||||
formData.append(
|
||||
"old_password",
|
||||
document.getElementById("current_password").value,
|
||||
);
|
||||
formData.append(
|
||||
"new_password",
|
||||
document.getElementById("new_password").value,
|
||||
);
|
||||
formData.append(
|
||||
"new_password_repeat",
|
||||
document.getElementById("new_password_repeat").value,
|
||||
);
|
||||
|
||||
fetch("/change-password", {
|
||||
method: "POST",
|
||||
body: formData,
|
||||
})
|
||||
.then(async (res) => {
|
||||
const data = await res.json();
|
||||
if (!res.ok) {
|
||||
throw new Error(data.error || "Request failed");
|
||||
}
|
||||
return data;
|
||||
})
|
||||
.then((data) => {
|
||||
document
|
||||
.getElementById("change_password_dialogue")
|
||||
.classList.add("hidden");
|
||||
document
|
||||
.getElementById("popup_background")
|
||||
.classList.add("hidden");
|
||||
})
|
||||
.catch((err) => {
|
||||
displayError(err.message);
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
||||
<script type="text/javascript">
|
||||
var currentPreviewURL = null;
|
||||
|
||||
fileInput.addEventListener("change", async () => {
|
||||
document.getElementById("popup_background").classList.remove("hidden");
|
||||
|
||||
const file = fileInput.files[0];
|
||||
if (!file) return;
|
||||
if (file.type !== "image/jpeg") {
|
||||
@@ -118,7 +251,9 @@
|
||||
credentials: "include",
|
||||
});
|
||||
const text = await res.text();
|
||||
// show the picture (so we don't need to re render the whole page)
|
||||
|
||||
document.getElementById("popup_background").classList.add("hidden");
|
||||
|
||||
const img = document.querySelector(".profile-pic");
|
||||
|
||||
if (currentPreviewURL != null) {
|
||||
@@ -129,3 +264,16 @@
|
||||
currentPreviewURL = img.src;
|
||||
});
|
||||
</script>
|
||||
|
||||
<script type="text/javascript">
|
||||
document
|
||||
.getElementById("close_password_dialogue")
|
||||
.addEventListener("click", () => {
|
||||
document
|
||||
.getElementById("change_password_dialogue")
|
||||
.classList.add("hidden");
|
||||
document.getElementById("popup_background").classList.add("hidden");
|
||||
});
|
||||
</script>
|
||||
|
||||
<script src="/static/error/error.js" type="text/javascript"></script>
|
||||
|
||||
@@ -3,11 +3,22 @@
|
||||
255,
|
||||
255,
|
||||
255,
|
||||
0.8
|
||||
1
|
||||
); /* Semi-transparent white for light theme */
|
||||
border: 1px solid var(--border-subtle);
|
||||
border-radius: 12px;
|
||||
padding: 24px;
|
||||
padding: 2.5rem;
|
||||
box-shadow: 0 4px 15px rgba(0, 0, 0, 0.03);
|
||||
transition: transform 0.2s ease;
|
||||
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
gap: 15px;
|
||||
}
|
||||
|
||||
.static_center {
|
||||
position: fixed;
|
||||
left: 50%;
|
||||
top: 50%;
|
||||
transform: translateX(-50%) translateY(-50%);
|
||||
}
|
||||
|
||||
30
static/error/error.css
Normal file
30
static/error/error.css
Normal file
@@ -0,0 +1,30 @@
|
||||
.error {
|
||||
background-color: var(--error-red) !important;
|
||||
border-radius: 10px;
|
||||
padding: 20px;
|
||||
border-style: solid;
|
||||
border-color: var(--error-border-red);
|
||||
border-width: 1px;
|
||||
box-sizing: border-box;
|
||||
font-size: 12px;
|
||||
position: relative;
|
||||
color: white;
|
||||
box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1);
|
||||
}
|
||||
|
||||
.close_error_button {
|
||||
position: absolute !important;
|
||||
background-color: rgba(0, 0, 0, 0) !important;
|
||||
padding: 0px !important;
|
||||
top: 20px;
|
||||
right: 20px;
|
||||
color: black !important;
|
||||
font-weight: normal !important;
|
||||
border: none;
|
||||
width: fit-content !important;
|
||||
}
|
||||
|
||||
.close_error_button:hover {
|
||||
cursor: default;
|
||||
font-weight: bold !important;
|
||||
}
|
||||
7
static/error/error.js
Normal file
7
static/error/error.js
Normal file
@@ -0,0 +1,7 @@
|
||||
var error_close_buttons = document.getElementsByClassName("close_error_button");
|
||||
|
||||
for (const close_button of error_close_buttons) {
|
||||
close_button.addEventListener("click", function () {
|
||||
this.parentElement.classList.add("hidden");
|
||||
});
|
||||
}
|
||||
@@ -6,51 +6,17 @@
|
||||
}
|
||||
|
||||
#login_card {
|
||||
/* The Magic Three */
|
||||
display: flex;
|
||||
flex-direction: column; /* Stack vertically */
|
||||
gap: 15px; /* Space between inputs */
|
||||
|
||||
position: fixed;
|
||||
top: 50%;
|
||||
left: 50%;
|
||||
transform: translateX(-50%) translateY(-50%);
|
||||
|
||||
background-color: var(--bg-card);
|
||||
border: 1px solid var(--border-subtle);
|
||||
padding: 2.5rem;
|
||||
border-radius: 8px;
|
||||
width: 350px;
|
||||
|
||||
/* Soft shadow for depth in light mode */
|
||||
box-shadow:
|
||||
0 4px 12px rgba(0, 0, 0, 0.05),
|
||||
0 1px 3px rgba(0, 0, 0, 0.1);
|
||||
}
|
||||
|
||||
#login_card input {
|
||||
padding: 12px;
|
||||
background-color: var(--bg-input);
|
||||
border: 1px solid var(--border-subtle);
|
||||
color: var(--text-main);
|
||||
border-radius: 6px;
|
||||
width: 324px;
|
||||
}
|
||||
|
||||
#login_card input::placeholder {
|
||||
color: var(--text-muted);
|
||||
}
|
||||
|
||||
#login_card button {
|
||||
padding: 12px;
|
||||
background-color: var(--primary-accent); /* Our Teal/Blue */
|
||||
color: white;
|
||||
border: none;
|
||||
border-radius: 6px;
|
||||
cursor: pointer;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
#login_card div {
|
||||
width: 100%;
|
||||
}
|
||||
@@ -69,48 +35,8 @@
|
||||
flex: 2;
|
||||
}
|
||||
|
||||
#login_card button:hover {
|
||||
background-color: var(--primary-hover);
|
||||
}
|
||||
|
||||
.login_text {
|
||||
color: var(--text-muted);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
font-size: 15px;
|
||||
}
|
||||
|
||||
#welcome_text {
|
||||
font-weight: 700;
|
||||
font-size: 1.25rem;
|
||||
margin-bottom: 8px;
|
||||
}
|
||||
|
||||
#incorrect_password_text {
|
||||
background-color: var(--error-red) !important;
|
||||
border-radius: 10px;
|
||||
padding: 20px;
|
||||
border-style: solid;
|
||||
border-color: var(--error-border-red);
|
||||
border-width: 1px;
|
||||
box-sizing: border-box;
|
||||
font-size: 12px;
|
||||
position: relative;
|
||||
color: white;
|
||||
box-shadow: 0 2px 6px rgba(0, 0, 0, 0.1);
|
||||
}
|
||||
|
||||
#incorrect_password_close_button {
|
||||
position: absolute !important;
|
||||
background-color: rgba(0, 0, 0, 0) !important;
|
||||
padding: 0px !important;
|
||||
top: 20px;
|
||||
right: 20px;
|
||||
color: black !important;
|
||||
font-weight: normal !important;
|
||||
}
|
||||
|
||||
#incorrect_password_close_button:hover {
|
||||
cursor: default;
|
||||
font-weight: bold !important;
|
||||
}
|
||||
|
||||
@@ -33,6 +33,8 @@
|
||||
max-width: 500px;
|
||||
text-align: center;
|
||||
|
||||
gap: 0px !important;
|
||||
|
||||
position: fixed;
|
||||
left: 50%;
|
||||
top: 50%;
|
||||
@@ -83,6 +85,8 @@
|
||||
border-radius: 50%;
|
||||
border: none;
|
||||
padding: 6px;
|
||||
|
||||
width: fit-content !important;
|
||||
}
|
||||
|
||||
#edit_picture_button:hover {
|
||||
@@ -90,8 +94,8 @@
|
||||
}
|
||||
|
||||
#edit_picture_image {
|
||||
width: 20px;
|
||||
height: 20px;
|
||||
width: 20px !important;
|
||||
height: 20px !important;
|
||||
}
|
||||
|
||||
#picture_holder {
|
||||
@@ -100,6 +104,31 @@
|
||||
line-height: 0;
|
||||
}
|
||||
|
||||
#signout_button:hover {
|
||||
.bottom_button:hover {
|
||||
text-decoration: underline !important;
|
||||
background: none !important;
|
||||
}
|
||||
|
||||
.bottom_button {
|
||||
background: none;
|
||||
border-style: none;
|
||||
color: var(--primary-accent);
|
||||
text-decoration: none;
|
||||
font-weight: bold;
|
||||
font-size: 20px;
|
||||
}
|
||||
|
||||
#change_password_dialogue {
|
||||
z-index: 10000;
|
||||
position: fixed;
|
||||
}
|
||||
|
||||
#change_password_dialogue input {
|
||||
width: 350px;
|
||||
}
|
||||
|
||||
#close_password_dialogue {
|
||||
width: fit-content;
|
||||
position: absolute;
|
||||
right: 2.5rem;
|
||||
}
|
||||
|
||||
@@ -24,6 +24,52 @@ body {
|
||||
background-color: var(--bg-main);
|
||||
}
|
||||
|
||||
.hidden {
|
||||
display: none;
|
||||
button {
|
||||
padding: 12px;
|
||||
background-color: var(--primary-accent); /* Our Teal/Blue */
|
||||
color: white;
|
||||
border: none;
|
||||
border-radius: 6px;
|
||||
cursor: pointer;
|
||||
font-weight: bold;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
button:hover {
|
||||
background-color: var(--primary-hover);
|
||||
}
|
||||
|
||||
input {
|
||||
padding: 12px;
|
||||
background-color: var(--bg-input);
|
||||
border: 1px solid var(--border-subtle);
|
||||
color: var(--text-main);
|
||||
border-radius: 6px;
|
||||
}
|
||||
|
||||
input::placeholder {
|
||||
color: var(--text-muted);
|
||||
}
|
||||
|
||||
.input_label {
|
||||
color: var(--text-muted);
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
font-size: 15px;
|
||||
}
|
||||
|
||||
.hidden {
|
||||
display: none !important;
|
||||
}
|
||||
|
||||
.blocked {
|
||||
position: fixed; /* or absolute */
|
||||
top: 0;
|
||||
left: 0;
|
||||
width: 100%;
|
||||
height: 100%;
|
||||
z-index: 9999; /* higher = on top */
|
||||
|
||||
background-color: black;
|
||||
opacity: 10%;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user