Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 gawells
|
1ddc4daf02 | ||
|
gawells
|
e2fe714029 | ||
|
gawells
|
3e2541b411 | ||
|
gawells
|
561c33b1a9 | ||
|
gawells
|
33afca200d | ||
|
gawells
|
812a40492f | ||
|
gawells
|
093b33db0d | ||
|
gawells
|
8633309968 | ||
|
gawells
|
093b258b84 | ||
|
gawells
|
5a80d61d9b |
@@ -1,25 +1,112 @@
|
||||
<!doctype html>
|
||||
<html lang="en">
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<title>Hi</title>
|
||||
<style>
|
||||
body {
|
||||
font-family: Arial, sans-serif;
|
||||
text-align: center;
|
||||
margin-top: 50px;
|
||||
}
|
||||
img {
|
||||
margin-top: 20px;
|
||||
width: 150px;
|
||||
height: 150px;
|
||||
border-radius: 50%;
|
||||
}
|
||||
</style>
|
||||
<!-- Tell iOS we support light mode -->
|
||||
<meta name="color-scheme" content="light" />
|
||||
<meta name="supported-color-schemes" content="light" />
|
||||
</head>
|
||||
<body>
|
||||
<h1>Hi {{.Username}}</h1>
|
||||
|
||||
<img src="{{avatar .Username}}" alt="Profile Picture" />
|
||||
<body
|
||||
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
|
||||
>
|
||||
<table
|
||||
width="100%"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="background-color: #f7fff7"
|
||||
>
|
||||
<tr>
|
||||
<td align="center">
|
||||
<!-- Outer container -->
|
||||
<table
|
||||
width="600"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="
|
||||
background-color: #ffffff;
|
||||
border: 1px solid #e2e8f0;
|
||||
border-radius: 12px;
|
||||
margin-top: 25px;
|
||||
"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
style="
|
||||
padding: 30px;
|
||||
font-family: Arial, sans-serif;
|
||||
color: #000000;
|
||||
"
|
||||
>
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Hi <strong>{{.Username}}</strong>,
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Your account password has expired and needs
|
||||
to be updated to continue accessing your
|
||||
account.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
<strong>Expiration Date:</strong><br />
|
||||
{{.ExpiredAt}}
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 20px 0">
|
||||
For security reasons, passwords must be
|
||||
updated periodically. Please reset your
|
||||
password as soon as possible.
|
||||
</p>
|
||||
|
||||
<!-- Button -->
|
||||
<table
|
||||
align="center"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
bgcolor="#1a535c"
|
||||
style="border-radius: 6px"
|
||||
>
|
||||
<a
|
||||
href="{{.ResetURL}}"
|
||||
style="
|
||||
display: inline-block;
|
||||
padding: 12px 20px;
|
||||
font-weight: bold;
|
||||
font-family:
|
||||
Arial, sans-serif;
|
||||
color: #ffffff;
|
||||
text-decoration: none;
|
||||
background-color: #1a535c;
|
||||
border-radius: 6px;
|
||||
-webkit-text-fill-color: #ffffff;
|
||||
"
|
||||
>
|
||||
Reset Password
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p style="margin: 20px 0 15px 0">
|
||||
If you did not expect this, please contact
|
||||
your system administrator.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0">
|
||||
Thanks,<br />
|
||||
<strong>{{.ServiceName}}</strong>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
+2
-2
@@ -33,9 +33,9 @@ func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort
|
||||
}
|
||||
|
||||
func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
|
||||
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ""))
|
||||
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
|
||||
|
||||
ToEmailList := strings.Join(toEmails, "")
|
||||
ToEmailList := strings.Join(toEmails, ", ")
|
||||
|
||||
mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
|
||||
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
)
|
||||
|
||||
type LoginPageData struct {
|
||||
IsHiddenClassList string
|
||||
}
|
||||
|
||||
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
logging.Info("Handing login page")
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
|
||||
if r.Method == http.MethodGet {
|
||||
logging.Info("Rending login page")
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
|
||||
return
|
||||
}
|
||||
|
||||
if r.Method == http.MethodPost {
|
||||
username := r.FormValue("username")
|
||||
if strings.Contains(username, "/") {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
password := r.FormValue("password")
|
||||
|
||||
logging.Infof("New Login request for %s\n", username)
|
||||
newUserData, err := authenticateUser(username, password)
|
||||
userDataMutex.Lock()
|
||||
userData[username] = newUserData
|
||||
userDataMutex.Unlock()
|
||||
if err == ErrPasswordExpired {
|
||||
http.Redirect(w, r, "/reset-password?token=this_is_the_only_token_that_works", http.StatusFound)
|
||||
} else if err != nil {
|
||||
logging.Error(err.Error())
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
} else {
|
||||
if newUserData.isAuth == true {
|
||||
cookie, err := sessionManager.CreateSession(username)
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
http.Error(w, "Session error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
http.SetCookie(w, cookie)
|
||||
http.Redirect(w, r, "/profile", http.StatusFound)
|
||||
} else {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
+9
-65
@@ -1,11 +1,11 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"html/template"
|
||||
"log"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
@@ -35,12 +35,17 @@ var (
|
||||
userDataMutex sync.RWMutex
|
||||
)
|
||||
|
||||
var ErrPasswordExpired = errors.New("Password expired")
|
||||
|
||||
func authenticateUser(username, password string) (*UserData, error) {
|
||||
logging.Event(logging.AuthenticateUser, username)
|
||||
userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
|
||||
|
||||
connected, err := ldapServer.AuthenticateUser(userDN, password)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "Password is expired") {
|
||||
return nil, ErrPasswordExpired
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
if connected == false {
|
||||
@@ -73,54 +78,6 @@ func authenticateUser(username, password string) (*UserData, error) {
|
||||
return &user, nil
|
||||
}
|
||||
|
||||
type LoginPageData struct {
|
||||
IsHiddenClassList string
|
||||
}
|
||||
|
||||
func loginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
logging.Info("Handing login page")
|
||||
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
|
||||
if r.Method == http.MethodGet {
|
||||
logging.Info("Rending login page")
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
|
||||
return
|
||||
}
|
||||
|
||||
// 2. Logic for processing the form
|
||||
if r.Method == http.MethodPost {
|
||||
username := r.FormValue("username")
|
||||
if strings.Contains(username, "/") {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
password := r.FormValue("password")
|
||||
|
||||
logging.Infof("New Login request for %s\n", username)
|
||||
newUserData, err := authenticateUser(username, password)
|
||||
userDataMutex.Lock()
|
||||
userData[username] = newUserData
|
||||
userDataMutex.Unlock()
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
} else {
|
||||
if newUserData.isAuth == true {
|
||||
cookie, err := sessionManager.CreateSession(username)
|
||||
if err != nil {
|
||||
logging.Error(err.Error())
|
||||
http.Error(w, "Session error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
http.SetCookie(w, cookie)
|
||||
http.Redirect(w, r, "/profile", http.StatusFound)
|
||||
} else {
|
||||
tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
type ProfileData struct {
|
||||
Username string
|
||||
Email string
|
||||
@@ -259,22 +216,6 @@ func main() {
|
||||
Email: serverConfig.EmailConfig.Email,
|
||||
}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
|
||||
|
||||
funcs := template.FuncMap{
|
||||
"avatar": func(username string) string {
|
||||
return serverConfig.WebserverConfig.BaseURL + "/avatar?user=" + url.QueryEscape(username)
|
||||
},
|
||||
}
|
||||
|
||||
data := map[string]any{
|
||||
"Username": "gawells",
|
||||
}
|
||||
|
||||
email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, funcs)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to load email template: %s", err.Error())
|
||||
}
|
||||
noReplyEmail.SendEmail([]string{"gawells@astraltech.xyz"}, "Test", email_template)
|
||||
|
||||
ldapServer = ldap.LDAPServer{
|
||||
URL: serverConfig.LDAPConfig.LDAPURL,
|
||||
StartTLS: serverConfig.LDAPConfig.Security == "tls",
|
||||
@@ -294,6 +235,8 @@ func main() {
|
||||
logging.Fatal("Failed to connect to LDAP server")
|
||||
}
|
||||
|
||||
InitPasswordExpiry()
|
||||
|
||||
helpers.HandleFunc("/favicon.ico", faviconHandler)
|
||||
helpers.HandleFunc("/logo", logoHandler)
|
||||
|
||||
@@ -301,6 +244,7 @@ func main() {
|
||||
helpers.HandleFunc("/login", loginHandler)
|
||||
helpers.HandleFunc("/profile", profileHandler)
|
||||
helpers.HandleFunc("/logout", logoutHandler)
|
||||
helpers.HandleFunc("/reset-password", resetPasswordHandler)
|
||||
|
||||
helpers.HandleFunc("/avatar", components.AvatarHandler)
|
||||
helpers.HandleFunc("/change-photo", components.UploadPhotoHandler)
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/email"
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
"astraltech.xyz/accountmanager/src/worker"
|
||||
)
|
||||
|
||||
func InitPasswordExpiry() {
|
||||
go func() {
|
||||
CheckPasswordExpriy()
|
||||
}()
|
||||
worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
|
||||
}
|
||||
|
||||
func CheckPasswordExpriy() {
|
||||
logging.Infof("Starting password expiry check")
|
||||
|
||||
now := time.Now().UTC()
|
||||
formatted := now.Format("20060102150405Z")
|
||||
|
||||
search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
|
||||
if err != nil {
|
||||
logging.Warn(err.Error())
|
||||
}
|
||||
|
||||
logging.Infof("%d users with expired passwords", search.EntryCount())
|
||||
|
||||
for i := range search.EntryCount() {
|
||||
emailAddr := search.GetEntry(i).GetAttributeValue("mail")
|
||||
if len(emailAddr) <= 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
formatted := t.Format("January 2, 2006 at 3:04 PM MST")
|
||||
|
||||
data := map[string]any{
|
||||
"Username": search.GetEntry(i).GetAttributeValue("cn"),
|
||||
"ExpiredAt": formatted,
|
||||
"ResetURL": fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
|
||||
"ServiceName": "Astral Tech",
|
||||
}
|
||||
|
||||
email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to load email template: %s", err.Error())
|
||||
}
|
||||
noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"html/template"
|
||||
"net/http"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
)
|
||||
|
||||
func resetPasswordHandler(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
||||
|
||||
token := r.URL.Query().Get("token")
|
||||
logging.Infof("Token: %s\n", token)
|
||||
|
||||
tmpl := template.Must(template.ParseFiles("src/pages/reset_password.html"))
|
||||
if r.Method == http.MethodGet {
|
||||
tmpl.Execute(w, nil)
|
||||
return
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,44 @@
|
||||
<!doctype html>
|
||||
<title>Astral Tech - Reset Password</title>
|
||||
|
||||
<link
|
||||
href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap"
|
||||
rel="stylesheet"
|
||||
/>
|
||||
<link rel="stylesheet" href="static/style.css" />
|
||||
<link rel="stylesheet" href="static/error/error.css" />
|
||||
<link rel="stylesheet" href="static/card.css" />
|
||||
<link rel="stylesheet" href="static/reset_password.css" />
|
||||
|
||||
<img id="logo_image" alt="logo" src="/logo" />
|
||||
|
||||
<div id="reset_password_card" class="card static_center">
|
||||
<div>
|
||||
<div>
|
||||
Welcome
|
||||
<b>{{.Name}}</b>
|
||||
</div>
|
||||
<div class="subtext">
|
||||
Your password needs to be reset, please enter your new password
|
||||
below
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">New password</label><br />
|
||||
<div class="password_box">
|
||||
<input type="password" name="password" placeholder="" required />
|
||||
<button type="button" class="show_password_toggle closed"></button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<label class="input_label">New password (repeated)</label><br />
|
||||
<div class="password_box">
|
||||
<input type="password" name="password" placeholder="" required />
|
||||
<button type="button" class="show_password_toggle closed"></button>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<button>Reset Password</button>
|
||||
</div>
|
||||
+1
-6
@@ -1,10 +1,5 @@
|
||||
.card {
|
||||
background: rgba(
|
||||
255,
|
||||
255,
|
||||
255,
|
||||
1
|
||||
); /* Semi-transparent white for light theme */
|
||||
background: rgba(255, 255, 255, 1);
|
||||
border: 1px solid var(--border-subtle);
|
||||
border-radius: 12px;
|
||||
padding: 2.5rem;
|
||||
|
||||
@@ -1,10 +1,3 @@
|
||||
#logo_image {
|
||||
position: fixed;
|
||||
width: 300px;
|
||||
left: 50%;
|
||||
transform: translateX(-50%);
|
||||
}
|
||||
|
||||
#login_card {
|
||||
position: fixed;
|
||||
top: 50%;
|
||||
|
||||
@@ -1,10 +1,3 @@
|
||||
#logo_image {
|
||||
position: fixed;
|
||||
width: 300px;
|
||||
left: 50%;
|
||||
transform: translateX(-50%);
|
||||
}
|
||||
|
||||
#main_content {
|
||||
position: fixed;
|
||||
top: 100px;
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
#reset_password_card {
|
||||
width: 350px;
|
||||
}
|
||||
|
||||
#reset_password_card input {
|
||||
width: 324px;
|
||||
}
|
||||
@@ -129,3 +129,14 @@ input::placeholder {
|
||||
.show_password_toggle:focus {
|
||||
outline: none !important;
|
||||
}
|
||||
|
||||
#logo_image {
|
||||
position: fixed;
|
||||
width: 300px;
|
||||
left: 50%;
|
||||
transform: translateX(-50%);
|
||||
}
|
||||
|
||||
.subtext {
|
||||
color: var(--text-muted);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user