add server side password change information

send request to the server
add close button
2026-03-31 22:05:47 -04:00 · 2026-03-31 21:39:38 -04:00 · 2026-03-31 21:37:10 -04:00 · 2026-03-31 21:19:36 -04:00 · 2026-03-31 21:15:26 -04:00 · 2026-03-31 21:04:54 -04:00
10 changed files with 281 additions and 117 deletions
--- a/src/main/ldap.go
+++ b/src/main/ldap.go
@@ -133,6 +133,41 @@ func modifyLDAPAttribute(server *LDAPServer, userDN string, attribute string, da
 	return nil
 }

+func changeLDAPPassword(server *LDAPServer, userDN, oldPassword, newPassword string) error {
+	logging.Infof("Changing LDAP password for %s", userDN)
+
+	if server == nil || server.Connection == nil {
+		return fmt.Errorf("LDAP connection not initialized")
+	}
+
+	// Ensure connection is alive
+	if server.Connection.IsClosing() {
+		if err := reconnectToLDAPServer(server); err != nil {
+			return err
+		}
+	}
+
+	// Bind as the user (required for FreeIPA self-password change)
+	err := server.Connection.Bind(userDN, oldPassword)
+	if err != nil {
+		logging.Errorf("Failed to bind as user: %s", err.Error())
+		return err
+	}
+
+	// Perform password modify extended operation
+	_, err = server.Connection.PasswordModify(&ldap.PasswordModifyRequest{
+		UserIdentity: userDN,
+		OldPassword:  oldPassword,
+		NewPassword:  newPassword,
+	})
+	if err != nil {
+		logging.Errorf("Password modify failed: %s", err.Error())
+		return err
+	}
+	logging.Infof("Password successfully changed for %s", userDN)
+	return nil
+}
+
 func closeLDAPServer(server *LDAPServer) {
 	if server != nil && server.Connection != nil {
 		logging.Debug("Closing connection to LDAP server")
--- a/src/main/main.go
+++ b/src/main/main.go
@@ -309,46 +309,62 @@ func cleanupSessions() {
 	}
 }

-// func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
-// 	exist, sessionData := validateSession(r)
-// 	if !exist {
-// 		http.Redirect(w, r, "/login", http.StatusSeeOther)
-// 		return
-// 	}
-// 	err := r.ParseMultipartForm(10 << 20) // 10MB limit
-// 	if err != nil {
-// 		http.Error(w, "Bad request", http.StatusBadRequest)
-// 		return
-// 	}
+func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "application/json")

-// 	if r.FormValue("csrf_token") != sessionData.CSRFToken {
-// 		http.Error(w, "CSRF Forbidden", http.StatusForbidden)
-// 		return
-// 	}
+	exist, sessionData := validateSession(r)
+	if !exist {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte(`{"success": false, "error": "Not authenticated"}`))
+		return
+	}

-// 	file, header, err := r.FormFile("photo")
-// 	if err != nil {
-// 		http.Error(w, "File not found", http.StatusBadRequest)
-// 		return
-// 	}
-// 	defer file.Close()
-// 	if header.Size > (10 * 1024 * 1024) {
-// 		http.Error(w, "File is to large (limit is 10 MB)", http.StatusBadRequest)
-// 		return
-// 	}
+	err := r.ParseMultipartForm(10 << 20)
+	if err != nil {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"success": false, "error": "Bad request"}`))
+		return
+	}

-// 	// 3. Read file into memory
-// 	data, err := io.ReadAll(file)
-// 	if err != nil {
-// 		http.Error(w, "Failed to read file", http.StatusInternalServerError)
-// 		return
-// 	}
-// 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", sessionData.data.Username, serverConfig.LDAPConfig.BaseDN)
-// 	ldapServerMutex.Lock()
-// 	defer ldapServerMutex.Unlock()
-// 	modifyLDAPAttribute(ldapServer, userDN, "jpegphoto", []string{string(data)})
-// 	createUserPhoto(sessionData.data.Username, data)
-// }
+	if r.FormValue("csrf_token") != sessionData.CSRFToken {
+		w.WriteHeader(http.StatusForbidden)
+		w.Write([]byte(`{"success": false, "error": "CSRF Forbidden"}`))
+		return
+	}
+
+	oldPassword := r.FormValue("old_password")
+	newPassword := r.FormValue("new_password")
+	newPasswordRepeat := r.FormValue("new_password_repeat")
+
+	if newPassword != newPasswordRepeat {
+		w.WriteHeader(http.StatusBadRequest)
+		w.Write([]byte(`{"success": false, "error": "Passwords do not match"}`))
+		return
+	}
+
+	userDN := fmt.Sprintf(
+		"uid=%s,cn=users,cn=accounts,%s",
+		sessionData.data.Username,
+		serverConfig.LDAPConfig.BaseDN,
+	)
+
+	err = changeLDAPPassword(ldapServer, userDN, oldPassword, newPassword)
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+
+		if strings.Contains(err.Error(), "Invalid Credentials") {
+			w.Write([]byte(`{"success": false, "error": "Current password incorrect"}`))
+		} else if strings.Contains(err.Error(), "Too soon to change password") {
+			w.Write([]byte(`{"success": false, "error": "Too soon to change password"}`))
+		} else {
+			w.Write([]byte(`{"success": false, "error": "Internal error"}`))
+		}
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte(`{"success": true}`))
+}

 func main() {
 	logging.Info("Starting the server")
@@ -380,6 +396,7 @@ func main() {

 	HandleFunc("/avatar", avatarHandler)
 	HandleFunc("/change-photo", uploadPhotoHandler)
+	HandleFunc("/change-password", changePasswordHandler)

 	HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, "/profile", http.StatusFound) // 302 redirect
--- a/src/pages/login_page.html
+++ b/src/pages/login_page.html
@@ -6,7 +6,7 @@
    rel="stylesheet"
 />
 <link rel="stylesheet" href="static/style.css" />
-<link rel="stylesheet" href="static/error.css" />
+<link rel="stylesheet" href="static/error/error.css" />
 <link rel="stylesheet" href="static/card.css" />
 <link rel="stylesheet" href="static/login_page.css" />

@@ -22,15 +22,15 @@
    </div>

    <div>
-        <label class="login_text">Username</label><br />
+        <label class="input_label">Username</label><br />
        <input type="text" name="username" placeholder="" required />
    </div>

    <div>
-        <label class="login_text">Password</label><br />
+        <label class="input_label">Password</label><br />
        <input type="password" name="password" placeholder="" required />
    </div>
    <button type="submit">Login</button>
 </form>

-<script src="/static/error.js" type="text/javascript"></script>
+<script src="/static/error/error.js" type="text/javascript"></script>
--- a/src/pages/profile_page.html
+++ b/src/pages/profile_page.html
@@ -7,30 +7,56 @@
 />
 <link rel="stylesheet" href="static/style.css" />
 <link rel="stylesheet" href="static/card.css" />
-<link rel="stylesheet" href="static/error.css" />
+<link rel="stylesheet" href="static/error/error.css" />
 <link rel="stylesheet" href="static/profile_page.css" />

 <div id="popup_background" class="blocked hidden"></div>

-<div id="change_password_dialouge" class="hidden card">
-    <div id="new_password_error" class="error hidden">
-        ⚠️ New password and new Password repeat do not match.
-        <button id="new_password_error_close_button" class="close_error_button">
+<div id="change_password_dialogue" class="hidden card static_center">
+    Change Password
+
+    <button id="close_password_dialogue">X</button>
+
+    <div id="password_error" class="error hidden">
+        <div id="password_text"></div>
+        <button id="password_error_close_button" class="close_error_button">
            X
        </button>
    </div>

+    <div>
+        <label class="input_label">Current password</label><br />
        <input
            type="password"
            id="current_password"
-        placeholder="Current Password"
+            name="current_password"
+            placeholder=""
+            required
        />
-    <input type="password" id="new_password" placeholder="New Password" />
+    </div>
+
+    <div>
+        <label class="input_label">New password</label><br />
+        <input
+            type="password"
+            id="new_password"
+            name="new_password"
+            placeholder=""
+            required
+        />
+    </div>
+
+    <div>
+        <label class="input_label">New password (repeat)</label><br />
        <input
            type="password"
            id="new_password_repeat"
-        placeholder="New Password(repeat)"
+            name="new_password_repeat"
+            placeholder=""
+            required
        />
+    </div>
+
    <button id="final_change_password_button">Change Password</button>
 </div>

@@ -76,6 +102,16 @@
                <div class="data-value">{{.Email}}</div>
            </div>

+            <button class="bottom_button" id="change_password_button">
+                <input
+                    id="csrf_token_storage"
+                    type="hidden"
+                    name="csrf_token"
+                    value="{{.CSRFToken}}"
+                />
+                Change Password
+            </button>
+
            <form action="/logout" method="POST" style="display: inline-block">
                <button class="bottom_button" id="signout_button">
                    <input
@@ -87,16 +123,6 @@
                    Sign Out
                </button>
            </form>
-
-            <button class="bottom_button" id="change_password_button">
-                <input
-                    id="csrf_token_storage"
-                    type="hidden"
-                    name="csrf_token"
-                    value="{{.CSRFToken}}"
-                />
-                Change Password
-            </button>
        </div>
    </div>
 </div>
@@ -116,7 +142,7 @@
    popup_botton.addEventListener("click", () => {
        document.getElementById("popup_background").classList.remove("hidden");
        document
-            .getElementById("change_password_dialouge")
+            .getElementById("change_password_dialogue")
            .classList.remove("hidden");
    });
 </script>
@@ -126,14 +152,34 @@
        "final_change_password_button",
    );

+    function displayError(errorText) {
+        document.getElementById("password_error").classList.remove("hidden");
+        document.getElementById("password_text").innerText =
+            "⚠️ " + errorText + ".";
+        return;
+    }
+
    changePasswordButton.addEventListener("click", () => {
+        if (document.getElementById("current_password").value === "") {
+            displayError("Please enter current password");
+            return;
+        }
+
+        if (document.getElementById("new_password").value === "") {
+            displayError("No value for new password");
+            return;
+        }
+
+        if (document.getElementById("new_password_repeat").value === "") {
+            displayError("Please repeat new password");
+            return;
+        }
+
        if (
-            document.getElementById("new_password").value !=
+            document.getElementById("new_password").value !==
            document.getElementById("new_password_repeat").value
        ) {
-            document
-                .getElementById("new_password_error")
-                .classList.remove("hidden");
+            displayError("New password and new password repeat do not match");
            return;
        }

@@ -142,12 +188,41 @@
            "csrf_token",
            document.getElementById("csrf_token_storage").value,
        );
-        formData.append("old", file);
+        formData.append(
+            "old_password",
+            document.getElementById("current_password").value,
+        );
+        formData.append(
+            "new_password",
+            document.getElementById("new_password").value,
+        );
+        formData.append(
+            "new_password_repeat",
+            document.getElementById("new_password_repeat").value,
+        );

+        fetch("/change-password", {
+            method: "POST",
+            body: formData,
+        })
+            .then(async (res) => {
+                const data = await res.json();
+                if (!res.ok) {
+                    throw new Error(data.error || "Request failed");
+                }
+                return data;
+            })
+            .then((data) => {
                document
-            .getElementById("change_password_dialouge")
+                    .getElementById("change_password_dialogue")
                    .classList.add("hidden");
-        document.getElementById("popup_background").classList.add("hidden");
+                document
+                    .getElementById("popup_background")
+                    .classList.add("hidden");
+            })
+            .catch((err) => {
+                displayError(err.message);
+            });
    });
 </script>

@@ -190,4 +265,15 @@
    });
 </script>

-<script src="/static/error.js" type="text/javascript"></script>
+<script type="text/javascript">
+    document
+        .getElementById("close_password_dialogue")
+        .addEventListener("click", () => {
+            document
+                .getElementById("change_password_dialogue")
+                .classList.add("hidden");
+            document.getElementById("popup_background").classList.add("hidden");
+        });
+</script>
+
+<script src="/static/error/error.js" type="text/javascript"></script>
--- a/static/card.css
+++ b/static/card.css
@@ -10,4 +10,15 @@
    padding: 2.5rem;
    box-shadow: 0 4px 15px rgba(0, 0, 0, 0.03);
    transition: transform 0.2s ease;
+
+    display: flex;
+    flex-direction: column;
+    gap: 15px;
+}
+
+.static_center {
+    position: fixed;
+    left: 50%;
+    top: 50%;
+    transform: translateX(-50%) translateY(-50%);
 }
--- a/static/error/error.css
+++ b/static/error/error.css
@@ -21,6 +21,7 @@
    color: black !important;
    font-weight: normal !important;
    border: none;
+    width: fit-content !important;
 }

 .close_error_button:hover {
--- a/static/error/error.js
+++ b/static/error/error.js
--- a/static/login_page.css
+++ b/static/login_page.css
@@ -6,11 +6,6 @@
 }

 #login_card {
-    /* The Magic Three */
-    display: flex;
-    flex-direction: column; /* Stack vertically */
-    gap: 15px; /* Space between inputs */
-
    position: fixed;
    top: 50%;
    left: 50%;
@@ -19,28 +14,9 @@
 }

 #login_card input {
-    padding: 12px;
-    background-color: var(--bg-input);
-    border: 1px solid var(--border-subtle);
-    color: var(--text-main);
-    border-radius: 6px;
    width: 324px;
 }

-#login_card input::placeholder {
-    color: var(--text-muted);
-}
-
-#login_card button {
-    padding: 12px;
-    background-color: var(--primary-accent); /* Our Teal/Blue */
-    color: white;
-    border: none;
-    border-radius: 6px;
-    cursor: pointer;
-    font-weight: bold;
-}
-
 #login_card div {
    width: 100%;
 }
@@ -59,17 +35,6 @@
    flex: 2;
 }

-#login_card button:hover {
-    background-color: var(--primary-hover);
-}
-
-.login_text {
-    color: var(--text-muted);
-    margin: 0;
-    padding: 0;
-    font-size: 15px;
-}
-
 #welcome_text {
    font-weight: 700;
    font-size: 1.25rem;
--- a/static/profile_page.css
+++ b/static/profile_page.css
@@ -33,6 +33,8 @@
    max-width: 500px;
    text-align: center;

+    gap: 0px !important;
+
    position: fixed;
    left: 50%;
    top: 50%;
@@ -83,6 +85,8 @@
    border-radius: 50%;
    border: none;
    padding: 6px;
+
+    width: fit-content !important;
 }

 #edit_picture_button:hover {
@@ -90,8 +94,8 @@
 }

 #edit_picture_image {
-    width: 20px;
-    height: 20px;
+    width: 20px !important;
+    height: 20px !important;
 }

 #picture_holder {
@@ -102,6 +106,7 @@

 .bottom_button:hover {
    text-decoration: underline !important;
+    background: none !important;
 }

 .bottom_button {
@@ -113,7 +118,17 @@
    font-size: 20px;
 }

-#change_password_dialouge {
+#change_password_dialogue {
    z-index: 10000;
    position: fixed;
 }
+
+#change_password_dialogue input {
+    width: 350px;
+}
+
+#close_password_dialogue {
+    width: fit-content;
+    position: absolute;
+    right: 2.5rem;
+}
--- a/static/style.css
+++ b/static/style.css
@@ -24,8 +24,42 @@ body {
    background-color: var(--bg-main);
 }

+button {
+    padding: 12px;
+    background-color: var(--primary-accent); /* Our Teal/Blue */
+    color: white;
+    border: none;
+    border-radius: 6px;
+    cursor: pointer;
+    font-weight: bold;
+    width: 100%;
+}
+
+button:hover {
+    background-color: var(--primary-hover);
+}
+
+input {
+    padding: 12px;
+    background-color: var(--bg-input);
+    border: 1px solid var(--border-subtle);
+    color: var(--text-main);
+    border-radius: 6px;
+}
+
+input::placeholder {
+    color: var(--text-muted);
+}
+
+.input_label {
+    color: var(--text-muted);
+    margin: 0;
+    padding: 0;
+    font-size: 15px;
+}
+
 .hidden {
-    display: none;
+    display: none !important;
 }

 .blocked {
Author	SHA1	Message	Date
Gregory Wells	737a1908e0	add server side password change information	2026-03-31 22:05:47 -04:00
Gregory Wells	c628c688f7	send request to the server	2026-03-31 21:39:38 -04:00
Gregory Wells	d283ad0a0a	add close button	2026-03-31 21:37:10 -04:00
Gregory Wells	a8c8feeb3e	redid final styling touches	2026-03-31 21:19:36 -04:00
Gregory Wells	939a55c44b	finish styling for change password page	2026-03-31 21:15:26 -04:00
Gregory Wells	ffcaee7170	change order of change password and sign out	2026-03-31 21:04:54 -04:00
Gregory Wells	3a69c04c25	change some button styling	2026-03-31 21:03:16 -04:00
Gregory Wells	cacddd16e2	change file structure	2026-03-31 20:57:40 -04:00
Gregory Wells	2f6ff081f3	change default style for input	2026-03-31 20:56:39 -04:00
Gregory Wells	59bc23bdc2	third time failing to fix	2026-03-31 20:55:19 -04:00
Gregory Wells	a7c33392ce	actually fix	2026-03-31 20:54:09 -04:00
Gregory Wells	05e01f4b23	fix background color on hovering bottom button	2026-03-31 20:53:54 -04:00
Gregory Wells	e2f4a0692c	change default style for buttons	2026-03-31 20:53:08 -04:00
Gregory Wells	efd7d15722	display errors for simple password mistakes	2026-03-31 20:50:53 -04:00