Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 812a40492f | |||
| 093b33db0d | |||
| 8633309968 | |||
| 093b258b84 | |||
| 5a80d61d9b | |||
| 6a985c1a84 | |||
| 590ea73a92 | |||
| 8de145adbc | |||
| 8f0291bb8a | |||
| cde41b82b2 |
@@ -12,6 +12,14 @@
|
||||
"logo_path": "./data/astraltech_logo_large.png"
|
||||
},
|
||||
"server_config": {
|
||||
"port": 8080
|
||||
"port": 8080,
|
||||
"base_url": "https://profile.example.com"
|
||||
},
|
||||
"email_config": {
|
||||
"username": "noreply",
|
||||
"email": "noreply@example.com",
|
||||
"password": "",
|
||||
"smtp_url": "mx.example.com",
|
||||
"smtp_port": 587
|
||||
}
|
||||
}
|
||||
|
||||
112
data/email-templates/expired-password.html
Normal file
112
data/email-templates/expired-password.html
Normal file
@@ -0,0 +1,112 @@
|
||||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<!-- Tell iOS we support light mode -->
|
||||
<meta name="color-scheme" content="light" />
|
||||
<meta name="supported-color-schemes" content="light" />
|
||||
</head>
|
||||
|
||||
<body
|
||||
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
|
||||
>
|
||||
<table
|
||||
width="100%"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="background-color: #f7fff7"
|
||||
>
|
||||
<tr>
|
||||
<td align="center">
|
||||
<!-- Outer container -->
|
||||
<table
|
||||
width="600"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
style="
|
||||
background-color: #ffffff;
|
||||
border: 1px solid #e2e8f0;
|
||||
border-radius: 12px;
|
||||
margin-top: 25px;
|
||||
"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
style="
|
||||
padding: 30px;
|
||||
font-family: Arial, sans-serif;
|
||||
color: #000000;
|
||||
"
|
||||
>
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Hi <strong>{{.Username}}</strong>,
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
Your account password has expired and needs
|
||||
to be updated to continue accessing your
|
||||
account.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 15px 0">
|
||||
<strong>Expiration Date:</strong><br />
|
||||
{{.ExpiredAt}}
|
||||
</p>
|
||||
|
||||
<p style="margin: 0 0 20px 0">
|
||||
For security reasons, passwords must be
|
||||
updated periodically. Please reset your
|
||||
password as soon as possible.
|
||||
</p>
|
||||
|
||||
<!-- Button -->
|
||||
<table
|
||||
align="center"
|
||||
cellpadding="0"
|
||||
cellspacing="0"
|
||||
border="0"
|
||||
>
|
||||
<tr>
|
||||
<td
|
||||
bgcolor="#1a535c"
|
||||
style="border-radius: 6px"
|
||||
>
|
||||
<a
|
||||
href="{{.ResetURL}}"
|
||||
style="
|
||||
display: inline-block;
|
||||
padding: 12px 20px;
|
||||
font-weight: bold;
|
||||
font-family:
|
||||
Arial, sans-serif;
|
||||
color: #ffffff;
|
||||
text-decoration: none;
|
||||
background-color: #1a535c;
|
||||
border-radius: 6px;
|
||||
-webkit-text-fill-color: #ffffff;
|
||||
"
|
||||
>
|
||||
Reset Password
|
||||
</a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<p style="margin: 20px 0 15px 0">
|
||||
If you did not expect this, please contact
|
||||
your system administrator.
|
||||
</p>
|
||||
|
||||
<p style="margin: 0">
|
||||
Thanks,<br />
|
||||
<strong>{{.ServiceName}}</strong>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</body>
|
||||
</html>
|
||||
@@ -16,35 +16,38 @@ type EmailAccount struct {
|
||||
}
|
||||
|
||||
type EmailAccountData struct {
|
||||
username string
|
||||
password string
|
||||
email string
|
||||
Username string
|
||||
Password string
|
||||
Email string
|
||||
}
|
||||
|
||||
func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
|
||||
logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.username, accountData.email, smtpHost, smtpPort)
|
||||
func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
|
||||
logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.Username, accountData.Email, smtpHost, smtpPort)
|
||||
account := EmailAccount{
|
||||
email: accountData.email,
|
||||
email: accountData.Email,
|
||||
smtpHost: smtpHost,
|
||||
smtpPort: strconv.Itoa(smtpPort),
|
||||
}
|
||||
account.auth = smtp.PlainAuth("", accountData.username, accountData.password, smtpHost)
|
||||
account.auth = smtp.PlainAuth("", accountData.Username, accountData.Password, smtpHost)
|
||||
return account
|
||||
}
|
||||
|
||||
func sendEmail(account EmailAccount, toEmail []string, subject string, message string) {
|
||||
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmail, ""))
|
||||
func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
|
||||
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
|
||||
|
||||
ToEmailList := strings.Join(toEmail, "")
|
||||
ToEmailList := strings.Join(toEmails, ", ")
|
||||
|
||||
mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
|
||||
|
||||
messageData := []byte(
|
||||
"From: " + account.email + "\r\n" +
|
||||
"To: " + ToEmailList + "\r\n" +
|
||||
"Subject: " + subject + "\r\n" +
|
||||
mime +
|
||||
"\r\n" +
|
||||
message,
|
||||
)
|
||||
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData)
|
||||
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmails, messageData)
|
||||
if err != nil {
|
||||
logging.Error("Failed to send email")
|
||||
logging.Error(err.Error())
|
||||
|
||||
28
src/email/render_template.go
Normal file
28
src/email/render_template.go
Normal file
@@ -0,0 +1,28 @@
|
||||
package email
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"path/filepath"
|
||||
"text/template"
|
||||
)
|
||||
|
||||
func RenderTemplate(path string, data any, funcMap template.FuncMap) (string, error) {
|
||||
tmpl := template.New("")
|
||||
|
||||
if funcMap != nil {
|
||||
tmpl = tmpl.Funcs(funcMap)
|
||||
}
|
||||
|
||||
tmpl, err := tmpl.ParseFiles(path)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
err = tmpl.ExecuteTemplate(&buf, filepath.Base(path), data)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return buf.String(), nil
|
||||
}
|
||||
@@ -22,13 +22,23 @@ type StyleConfig struct {
|
||||
}
|
||||
|
||||
type WebserverConfig struct {
|
||||
Port int `json:"port"`
|
||||
Port int `json:"port"`
|
||||
BaseURL string `json:"base_url"`
|
||||
}
|
||||
|
||||
type EmailConfig struct {
|
||||
Username string `json:"username"`
|
||||
Email string `json:"email"`
|
||||
Password string `json:"password"`
|
||||
SMTPURL string `json:"smtp_url"`
|
||||
SMTPPort int `json:"smtp_port"`
|
||||
}
|
||||
|
||||
type ServerConfig struct {
|
||||
LDAPConfig LDAPConfig `json:"ldap_config"`
|
||||
StyleConfig StyleConfig `json:"style_config"`
|
||||
WebserverConfig WebserverConfig `json:"server_config"`
|
||||
EmailConfig EmailConfig `json:"email_config"`
|
||||
}
|
||||
|
||||
func loadServerConfig(path string) (*ServerConfig, error) {
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"sync"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/components"
|
||||
"astraltech.xyz/accountmanager/src/email"
|
||||
"astraltech.xyz/accountmanager/src/helpers"
|
||||
"astraltech.xyz/accountmanager/src/ldap"
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
@@ -19,6 +20,7 @@ var (
|
||||
ldapServer ldap.LDAPServer
|
||||
serverConfig *ServerConfig
|
||||
sessionManager *session.SessionManager
|
||||
noReplyEmail email.EmailAccount
|
||||
)
|
||||
|
||||
type UserData struct {
|
||||
@@ -38,6 +40,9 @@ func authenticateUser(username, password string) (*UserData, error) {
|
||||
|
||||
connected, err := ldapServer.AuthenticateUser(userDN, password)
|
||||
if err != nil {
|
||||
if strings.Contains(err.Error(), "Password is expired") {
|
||||
return nil, fmt.Errorf("Password expired for %s\n", username)
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
if connected == false {
|
||||
@@ -85,7 +90,6 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// 2. Logic for processing the form
|
||||
if r.Method == http.MethodPost {
|
||||
username := r.FormValue("username")
|
||||
if strings.Contains(username, "/") {
|
||||
@@ -250,6 +254,12 @@ func main() {
|
||||
log.Fatal("Could not load server config")
|
||||
}
|
||||
|
||||
noReplyEmail = email.CreateEmailAccount(email.EmailAccountData{
|
||||
Username: serverConfig.EmailConfig.Username,
|
||||
Password: serverConfig.EmailConfig.Password,
|
||||
Email: serverConfig.EmailConfig.Email,
|
||||
}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
|
||||
|
||||
ldapServer = ldap.LDAPServer{
|
||||
URL: serverConfig.LDAPConfig.LDAPURL,
|
||||
StartTLS: serverConfig.LDAPConfig.Security == "tls",
|
||||
@@ -269,6 +279,8 @@ func main() {
|
||||
logging.Fatal("Failed to connect to LDAP server")
|
||||
}
|
||||
|
||||
InitPasswordExpiry()
|
||||
|
||||
helpers.HandleFunc("/favicon.ico", faviconHandler)
|
||||
helpers.HandleFunc("/logo", logoHandler)
|
||||
|
||||
|
||||
57
src/main/password_expiry.go
Normal file
57
src/main/password_expiry.go
Normal file
@@ -0,0 +1,57 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"astraltech.xyz/accountmanager/src/email"
|
||||
"astraltech.xyz/accountmanager/src/logging"
|
||||
"astraltech.xyz/accountmanager/src/worker"
|
||||
)
|
||||
|
||||
func InitPasswordExpiry() {
|
||||
go func() {
|
||||
CheckPasswordExpriy()
|
||||
}()
|
||||
worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
|
||||
}
|
||||
|
||||
func CheckPasswordExpriy() {
|
||||
logging.Infof("Starting password expiry check")
|
||||
|
||||
now := time.Now().UTC()
|
||||
formatted := now.Format("20060102150405Z")
|
||||
|
||||
search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
|
||||
if err != nil {
|
||||
logging.Warn(err.Error())
|
||||
}
|
||||
|
||||
logging.Infof("%d users with expired passwords", search.EntryCount())
|
||||
|
||||
for i := range search.EntryCount() {
|
||||
emailAddr := search.GetEntry(i).GetAttributeValue("mail")
|
||||
if len(emailAddr) <= 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
formatted := t.Format("January 2, 2006 at 3:04 PM MST")
|
||||
|
||||
data := map[string]any{
|
||||
"Username": search.GetEntry(i).GetAttributeValue("cn"),
|
||||
"ExpiredAt": formatted,
|
||||
"ResetURL": fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
|
||||
"ServiceName": "Astral Tech",
|
||||
}
|
||||
|
||||
email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
|
||||
if err != nil {
|
||||
logging.Errorf("Failed to load email template: %s", err.Error())
|
||||
}
|
||||
noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
|
||||
}
|
||||
}
|
||||
@@ -1,10 +1,5 @@
|
||||
.card {
|
||||
background: rgba(
|
||||
255,
|
||||
255,
|
||||
255,
|
||||
1
|
||||
); /* Semi-transparent white for light theme */
|
||||
background: rgba(255, 255, 255, 1);
|
||||
border: 1px solid var(--border-subtle);
|
||||
border-radius: 12px;
|
||||
padding: 2.5rem;
|
||||
|
||||
Reference in New Issue
Block a user