password expiry email

data/email-templates/expired-password.html

@@ -1,25 +1,112 @@
 <!doctype html>
-<html lang="en">
+<html>
     <head>
-        <meta charset="UTF-8" />
+        <!-- Tell iOS we support light mode -->
-        <title>Hi</title>
+        <meta name="color-scheme" content="light" />
-        <style>
+        <meta name="supported-color-schemes" content="light" />
-            body {
-                font-family: Arial, sans-serif;
-                text-align: center;
-                margin-top: 50px;
-            }
-            img {
-                margin-top: 20px;
-                width: 150px;
-                height: 150px;
-                border-radius: 50%;
-            }
-        </style>
     </head>
-    <body>
-        <h1>Hi {{.Username}}</h1>
 
-        <img src="{{avatar .Username}}" alt="Profile Picture" />
+    <body
+        style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
+    >
+        <table
+            width="100%"
+            cellpadding="0"
+            cellspacing="0"
+            border="0"
+            style="background-color: #f7fff7"
+        >
+            <tr>
+                <td align="center">
+                    <!-- Outer container -->
+                    <table
+                        width="600"
+                        cellpadding="0"
+                        cellspacing="0"
+                        border="0"
+                        style="
+                            background-color: #ffffff;
+                            border: 1px solid #e2e8f0;
+                            border-radius: 12px;
+                            margin-top: 25px;
+                        "
+                    >
+                        <tr>
+                            <td
+                                style="
+                                    padding: 30px;
+                                    font-family: Arial, sans-serif;
+                                    color: #000000;
+                                "
+                            >
+                                <p style="margin: 0 0 15px 0">
+                                    Hi <strong>{{.Username}}</strong>,
+                                </p>
+
+                                <p style="margin: 0 0 15px 0">
+                                    Your account password has expired and needs
+                                    to be updated to continue accessing your
+                                    account.
+                                </p>
+
+                                <p style="margin: 0 0 15px 0">
+                                    <strong>Expiration Date:</strong><br />
+                                    {{.ExpiredAt}}
+                                </p>
+
+                                <p style="margin: 0 0 20px 0">
+                                    For security reasons, passwords must be
+                                    updated periodically. Please reset your
+                                    password as soon as possible.
+                                </p>
+
+                                <!-- Button -->
+                                <table
+                                    align="center"
+                                    cellpadding="0"
+                                    cellspacing="0"
+                                    border="0"
+                                >
+                                    <tr>
+                                        <td
+                                            bgcolor="#1a535c"
+                                            style="border-radius: 6px"
+                                        >
+                                            <a
+                                                href="{{.ResetURL}}"
+                                                style="
+                                                    display: inline-block;
+                                                    padding: 12px 20px;
+                                                    font-weight: bold;
+                                                    font-family:
+                                                        Arial, sans-serif;
+                                                    color: #ffffff;
+                                                    text-decoration: none;
+                                                    background-color: #1a535c;
+                                                    border-radius: 6px;
+                                                    -webkit-text-fill-color: #ffffff;
+                                                "
+                                            >
+                                                Reset Password
+                                            </a>
+                                        </td>
+                                    </tr>
+                                </table>
+
+                                <p style="margin: 20px 0 15px 0">
+                                    If you did not expect this, please contact
+                                    your system administrator.
+                                </p>
+
+                                <p style="margin: 0">
+                                    Thanks,<br />
+                                    <strong>{{.ServiceName}}</strong>
+                                </p>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr>
+        </table>
     </body>
 </html>

src/email/email.go

@@ -33,9 +33,9 @@ func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort
 }
 
 func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
-	logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ""))
+	logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
 
-	ToEmailList := strings.Join(toEmails, "")
+	ToEmailList := strings.Join(toEmails, ", ")
 
 	mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
 

src/main/main.go

@@ -5,7 +5,6 @@ import (
 	"html/template"
 	"log"
 	"net/http"
-	"net/url"
 	"strings"
 	"sync"
 
@@ -41,6 +40,9 @@ func authenticateUser(username, password string) (*UserData, error) {
 
 	connected, err := ldapServer.AuthenticateUser(userDN, password)
 	if err != nil {
+		if strings.Contains(err.Error(), "Password is expired") {
+			return nil, fmt.Errorf("Password expired for %s\n", username)
+		}
 		return nil, err
 	}
 	if connected == false {
@@ -88,7 +90,6 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// 2. Logic for processing the form
 	if r.Method == http.MethodPost {
 		username := r.FormValue("username")
 		if strings.Contains(username, "/") {
@@ -259,22 +260,6 @@ func main() {
 		Email:    serverConfig.EmailConfig.Email,
 	}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
 
-	funcs := template.FuncMap{
-		"avatar": func(username string) string {
-			return serverConfig.WebserverConfig.BaseURL + "/avatar?user=" + url.QueryEscape(username)
-		},
-	}
-
-	data := map[string]any{
-		"Username": "gawells",
-	}
-
-	email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, funcs)
-	if err != nil {
-		logging.Errorf("Failed to load email template: %s", err.Error())
-	}
-	noReplyEmail.SendEmail([]string{"gawells@astraltech.xyz"}, "Test", email_template)
-
 	ldapServer = ldap.LDAPServer{
 		URL:                serverConfig.LDAPConfig.LDAPURL,
 		StartTLS:           serverConfig.LDAPConfig.Security == "tls",
@@ -294,6 +279,8 @@ func main() {
 		logging.Fatal("Failed to connect to LDAP server")
 	}
 
+	InitPasswordExpiry()
+
 	helpers.HandleFunc("/favicon.ico", faviconHandler)
 	helpers.HandleFunc("/logo", logoHandler)
 

src/main/password_expiry.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+	"fmt"
+	"time"
+
+	"astraltech.xyz/accountmanager/src/email"
+	"astraltech.xyz/accountmanager/src/logging"
+	"astraltech.xyz/accountmanager/src/worker"
+)
+
+func InitPasswordExpiry() {
+	go func() {
+		CheckPasswordExpriy()
+	}()
+	worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
+}
+
+func CheckPasswordExpriy() {
+	logging.Infof("Starting password expiry check")
+
+	now := time.Now().UTC()
+	formatted := now.Format("20060102150405Z")
+
+	search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
+	if err != nil {
+		logging.Warn(err.Error())
+	}
+
+	logging.Infof("%d users with expired passwords", search.EntryCount())
+
+	for i := range search.EntryCount() {
+		emailAddr := search.GetEntry(i).GetAttributeValue("mail")
+		if len(emailAddr) <= 0 {
+			continue
+		}
+
+		t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
+		if err != nil {
+			panic(err)
+		}
+		formatted := t.Format("January 2, 2006 at 3:04 PM MST")
+
+		data := map[string]any{
+			"Username":    search.GetEntry(i).GetAttributeValue("cn"),
+			"ExpiredAt":   formatted,
+			"ResetURL":    fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
+			"ServiceName": "Astral Tech",
+		}
+
+		email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
+		if err != nil {
+			logging.Errorf("Failed to load email template: %s", err.Error())
+		}
+		noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
+	}
+}

static/card.css

@@ -1,10 +1,5 @@
 .card {
-    background: rgba(
+    background: rgba(255, 255, 255, 1);
-        255,
-        255,
-        255,
-        1
-    ); /* Semi-transparent white for light theme */
     border: 1px solid var(--border-subtle);
     border-radius: 12px;
     padding: 2.5rem;