log that email has sent successfully

data/config.example.json

@@ -12,6 +12,14 @@
     "logo_path": "./data/astraltech_logo_large.png"
   },
   "server_config": {
-    "port": 8080
+    "port": 8080,
+    "base_url": "https://profile.example.com"
+  },
+  "email_config": {
+    "username": "noreply",
+    "email": "noreply@example.com",
+    "password": "",
+    "smtp_url": "mx.example.com",
+    "smtp_port": 587
   }
 }

data/email-templates/changed-password.html

@@ -0,0 +1,69 @@
+<!doctype html>
+<html>
+    <head>
+        <!-- Tell iOS we support light mode -->
+        <meta name="color-scheme" content="light" />
+        <meta name="supported-color-schemes" content="light" />
+    </head>
+
+    <body
+        style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
+    >
+        <table
+            width="100%"
+            cellpadding="0"
+            cellspacing="0"
+            border="0"
+            style="background-color: #f7fff7"
+        >
+            <tr>
+                <td align="center">
+                    <!-- Outer container -->
+                    <table
+                        width="600"
+                        cellpadding="0"
+                        cellspacing="0"
+                        border="0"
+                        style="
+                            background-color: #ffffff;
+                            border: 1px solid #e2e8f0;
+                            border-radius: 12px;
+                            margin-top: 25px;
+                        "
+                    >
+                        <tr>
+                            <td
+                                style="
+                                    padding: 30px;
+                                    font-family: Arial, sans-serif;
+                                    color: #000000;
+                                "
+                            >
+                                <p style="margin: 0 0 15px 0">
+                                    Hi <strong>{{.Username}}</strong>,
+                                </p>
+
+                                <p style="margin: 0 0 15px 0">
+                                    Your account password has been successfully
+                                    changed. If you made this change, you can
+                                    safely disregard this email.
+                                </p>
+
+                                <p style="margin: 20px 0 15px 0">
+                                    If you did not change your password, please
+                                    contact your system administrator
+                                    immediately to secure your account.
+                                </p>
+
+                                <p style="margin: 0">
+                                    Thanks,<br />
+                                    <strong>{{.ServiceName}}</strong>
+                                </p>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr>
+        </table>
+    </body>
+</html>

data/email-templates/expired-password.html

@@ -0,0 +1,112 @@
+<!doctype html>
+<html>
+    <head>
+        <!-- Tell iOS we support light mode -->
+        <meta name="color-scheme" content="light" />
+        <meta name="supported-color-schemes" content="light" />
+    </head>
+
+    <body
+        style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
+    >
+        <table
+            width="100%"
+            cellpadding="0"
+            cellspacing="0"
+            border="0"
+            style="background-color: #f7fff7"
+        >
+            <tr>
+                <td align="center">
+                    <!-- Outer container -->
+                    <table
+                        width="600"
+                        cellpadding="0"
+                        cellspacing="0"
+                        border="0"
+                        style="
+                            background-color: #ffffff;
+                            border: 1px solid #e2e8f0;
+                            border-radius: 12px;
+                            margin-top: 25px;
+                        "
+                    >
+                        <tr>
+                            <td
+                                style="
+                                    padding: 30px;
+                                    font-family: Arial, sans-serif;
+                                    color: #000000;
+                                "
+                            >
+                                <p style="margin: 0 0 15px 0">
+                                    Hi <strong>{{.Username}}</strong>,
+                                </p>
+
+                                <p style="margin: 0 0 15px 0">
+                                    Your account password has expired and needs
+                                    to be updated to continue accessing your
+                                    account.
+                                </p>
+
+                                <p style="margin: 0 0 15px 0">
+                                    <strong>Expiration Date:</strong><br />
+                                    {{.ExpiredAt}}
+                                </p>
+
+                                <p style="margin: 0 0 20px 0">
+                                    For security reasons, passwords must be
+                                    updated periodically. Please reset your
+                                    password as soon as possible.
+                                </p>
+
+                                <!-- Button -->
+                                <table
+                                    align="center"
+                                    cellpadding="0"
+                                    cellspacing="0"
+                                    border="0"
+                                >
+                                    <tr>
+                                        <td
+                                            bgcolor="#1a535c"
+                                            style="border-radius: 6px"
+                                        >
+                                            <a
+                                                href="{{.ResetURL}}"
+                                                style="
+                                                    display: inline-block;
+                                                    padding: 12px 20px;
+                                                    font-weight: bold;
+                                                    font-family:
+                                                        Arial, sans-serif;
+                                                    color: #ffffff;
+                                                    text-decoration: none;
+                                                    background-color: #1a535c;
+                                                    border-radius: 6px;
+                                                    -webkit-text-fill-color: #ffffff;
+                                                "
+                                            >
+                                                Reset Password
+                                            </a>
+                                        </td>
+                                    </tr>
+                                </table>
+
+                                <p style="margin: 20px 0 15px 0">
+                                    If you did not expect this, please contact
+                                    your system administrator.
+                                </p>
+
+                                <p style="margin: 0">
+                                    Thanks,<br />
+                                    <strong>{{.ServiceName}}</strong>
+                                </p>
+                            </td>
+                        </tr>
+                    </table>
+                </td>
+            </tr>
+        </table>
+    </body>
+</html>

src/email/email.go

@@ -16,37 +16,42 @@ type EmailAccount struct {
 }
 
 type EmailAccountData struct {
-	username string
+	Username string
-	password string
+	Password string
-	email    string
+	Email    string
 }
 
-func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
+func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
-	logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.username, accountData.email, smtpHost, smtpPort)
+	logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.Username, accountData.Email, smtpHost, smtpPort)
 	account := EmailAccount{
-		email:    accountData.email,
+		email:    accountData.Email,
 		smtpHost: smtpHost,
 		smtpPort: strconv.Itoa(smtpPort),
 	}
-	account.auth = smtp.PlainAuth("", accountData.username, accountData.password, smtpHost)
+	account.auth = smtp.PlainAuth("", accountData.Username, accountData.Password, smtpHost)
 	return account
 }
 
-func sendEmail(account EmailAccount, toEmail []string, subject string, message string) {
+func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
-	logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmail, ""))
+	logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
 
-	ToEmailList := strings.Join(toEmail, "")
+	ToEmailList := strings.Join(toEmails, ", ")
+
+	mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
 
 	messageData := []byte(
 		"From: " + account.email + "\r\n" +
 			"To: " + ToEmailList + "\r\n" +
 			"Subject: " + subject + "\r\n" +
+			mime +
 			"\r\n" +
 			message,
 	)
-	err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData)
+	err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmails, messageData)
 	if err != nil {
 		logging.Error("Failed to send email")
 		logging.Error(err.Error())
+		return
 	}
+	logging.Info("Successfully sent email")
 }

src/email/render_template.go

@@ -0,0 +1,28 @@
+package email
+
+import (
+	"bytes"
+	"path/filepath"
+	"text/template"
+)
+
+func RenderTemplate(path string, data any, funcMap template.FuncMap) (string, error) {
+	tmpl := template.New("")
+
+	if funcMap != nil {
+		tmpl = tmpl.Funcs(funcMap)
+	}
+
+	tmpl, err := tmpl.ParseFiles(path)
+	if err != nil {
+		return "", err
+	}
+
+	var buf bytes.Buffer
+	err = tmpl.ExecuteTemplate(&buf, filepath.Base(path), data)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}

src/main/config.go

@@ -22,13 +22,23 @@ type StyleConfig struct {
 }
 
 type WebserverConfig struct {
-	Port int `json:"port"`
+	Port    int    `json:"port"`
+	BaseURL string `json:"base_url"`
+}
+
+type EmailConfig struct {
+	Username string `json:"username"`
+	Email    string `json:"email"`
+	Password string `json:"password"`
+	SMTPURL  string `json:"smtp_url"`
+	SMTPPort int    `json:"smtp_port"`
 }
 
 type ServerConfig struct {
 	LDAPConfig      LDAPConfig      `json:"ldap_config"`
 	StyleConfig     StyleConfig     `json:"style_config"`
 	WebserverConfig WebserverConfig `json:"server_config"`
+	EmailConfig     EmailConfig     `json:"email_config"`
 }
 
 func loadServerConfig(path string) (*ServerConfig, error) {

src/main/login.go

@@ -0,0 +1,58 @@
+package main
+
+import (
+	"html/template"
+	"net/http"
+	"strings"
+
+	"astraltech.xyz/accountmanager/src/logging"
+)
+
+type LoginPageData struct {
+	IsHiddenClassList string
+}
+
+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	logging.Info("Handing login page")
+
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
+	if r.Method == http.MethodGet {
+		logging.Info("Rending login page")
+		tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
+		return
+	}
+
+	if r.Method == http.MethodPost {
+		username := r.FormValue("username")
+		if strings.Contains(username, "/") {
+			tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
+		}
+		password := r.FormValue("password")
+
+		logging.Infof("New Login request for %s\n", username)
+		newUserData, err := authenticateUser(username, password)
+		userDataMutex.Lock()
+		userData[username] = newUserData
+		userDataMutex.Unlock()
+		if err == ErrPasswordExpired {
+			http.Redirect(w, r, "/reset-password?token=this_is_the_only_token_that_works", http.StatusFound)
+		} else if err != nil {
+			logging.Error(err.Error())
+			tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
+		} else {
+			if newUserData.isAuth == true {
+				cookie, err := sessionManager.CreateSession(username)
+				if err != nil {
+					logging.Error(err.Error())
+					http.Error(w, "Session error", http.StatusInternalServerError)
+					return
+				}
+				http.SetCookie(w, cookie)
+				http.Redirect(w, r, "/profile", http.StatusFound)
+			} else {
+				tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
+			}
+		}
+	}
+}

src/main/main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"errors"
 	"fmt"
 	"html/template"
 	"log"
@@ -9,6 +10,7 @@ import (
 	"sync"
 
 	"astraltech.xyz/accountmanager/src/components"
+	"astraltech.xyz/accountmanager/src/email"
 	"astraltech.xyz/accountmanager/src/helpers"
 	"astraltech.xyz/accountmanager/src/ldap"
 	"astraltech.xyz/accountmanager/src/logging"
@@ -19,6 +21,7 @@ var (
 	ldapServer     ldap.LDAPServer
 	serverConfig   *ServerConfig
 	sessionManager *session.SessionManager
+	noReplyEmail   email.EmailAccount
 )
 
 type UserData struct {
@@ -32,12 +35,17 @@ var (
 	userDataMutex sync.RWMutex
 )
 
+var ErrPasswordExpired = errors.New("Password expired")
+
 func authenticateUser(username, password string) (*UserData, error) {
 	logging.Event(logging.AuthenticateUser, username)
 	userDN := fmt.Sprintf("uid=%s,cn=users,cn=accounts,%s", username, serverConfig.LDAPConfig.BaseDN)
 
 	connected, err := ldapServer.AuthenticateUser(userDN, password)
 	if err != nil {
+		if strings.Contains(err.Error(), "Password is expired") {
+			return nil, ErrPasswordExpired
+		}
 		return nil, err
 	}
 	if connected == false {
@@ -70,54 +78,6 @@ func authenticateUser(username, password string) (*UserData, error) {
 	return &user, nil
 }
 
-type LoginPageData struct {
-	IsHiddenClassList string
-}
-
-func loginHandler(w http.ResponseWriter, r *http.Request) {
-	logging.Info("Handing login page")
-
-	w.Header().Set("Content-Type", "text/html; charset=utf-8")
-	tmpl := template.Must(template.ParseFiles("src/pages/login_page.html"))
-	if r.Method == http.MethodGet {
-		logging.Info("Rending login page")
-		tmpl.Execute(w, LoginPageData{IsHiddenClassList: "hidden"})
-		return
-	}
-
-	// 2. Logic for processing the form
-	if r.Method == http.MethodPost {
-		username := r.FormValue("username")
-		if strings.Contains(username, "/") {
-			tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
-		}
-		password := r.FormValue("password")
-
-		logging.Infof("New Login request for %s\n", username)
-		newUserData, err := authenticateUser(username, password)
-		userDataMutex.Lock()
-		userData[username] = newUserData
-		userDataMutex.Unlock()
-		if err != nil {
-			logging.Error(err.Error())
-			tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
-		} else {
-			if newUserData.isAuth == true {
-				cookie, err := sessionManager.CreateSession(username)
-				if err != nil {
-					logging.Error(err.Error())
-					http.Error(w, "Session error", http.StatusInternalServerError)
-					return
-				}
-				http.SetCookie(w, cookie)
-				http.Redirect(w, r, "/profile", http.StatusFound)
-			} else {
-				tmpl.Execute(w, LoginPageData{IsHiddenClassList: ""})
-			}
-		}
-	}
-}
-
 type ProfileData struct {
 	Username    string
 	Email       string
@@ -237,6 +197,17 @@ func changePasswordHandler(w http.ResponseWriter, r *http.Request) {
 
 	w.WriteHeader(http.StatusOK)
 	w.Write([]byte(`{"success": true}`))
+
+	data := map[string]any{
+		"Username":    userData[sessionData.UserID].DisplayName,
+		"ServiceName": "Astral Tech",
+	}
+
+	email_template, err := email.RenderTemplate("./data/email-templates/changed-password.html", data, nil)
+	if err != nil {
+		logging.Errorf("Failed to load email template: %s", err.Error())
+	}
+	noReplyEmail.SendEmail([]string{userData[sessionData.UserID].Email}, "Password expired", email_template)
 }
 
 func main() {
@@ -250,6 +221,12 @@ func main() {
 		log.Fatal("Could not load server config")
 	}
 
+	noReplyEmail = email.CreateEmailAccount(email.EmailAccountData{
+		Username: serverConfig.EmailConfig.Username,
+		Password: serverConfig.EmailConfig.Password,
+		Email:    serverConfig.EmailConfig.Email,
+	}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
+
 	ldapServer = ldap.LDAPServer{
 		URL:                serverConfig.LDAPConfig.LDAPURL,
 		StartTLS:           serverConfig.LDAPConfig.Security == "tls",
@@ -269,6 +246,8 @@ func main() {
 		logging.Fatal("Failed to connect to LDAP server")
 	}
 
+	InitPasswordExpiry()
+
 	helpers.HandleFunc("/favicon.ico", faviconHandler)
 	helpers.HandleFunc("/logo", logoHandler)
 
@@ -276,6 +255,7 @@ func main() {
 	helpers.HandleFunc("/login", loginHandler)
 	helpers.HandleFunc("/profile", profileHandler)
 	helpers.HandleFunc("/logout", logoutHandler)
+	helpers.HandleFunc("/reset-password", resetPasswordHandler)
 
 	helpers.HandleFunc("/avatar", components.AvatarHandler)
 	helpers.HandleFunc("/change-photo", components.UploadPhotoHandler)

src/main/password_expiry.go

@@ -0,0 +1,57 @@
+package main
+
+import (
+	"fmt"
+	"time"
+
+	"astraltech.xyz/accountmanager/src/email"
+	"astraltech.xyz/accountmanager/src/logging"
+	"astraltech.xyz/accountmanager/src/worker"
+)
+
+func InitPasswordExpiry() {
+	go func() {
+		CheckPasswordExpriy()
+	}()
+	worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
+}
+
+func CheckPasswordExpriy() {
+	logging.Infof("Starting password expiry check")
+
+	now := time.Now().UTC()
+	formatted := now.Format("20060102150405Z")
+
+	search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
+	if err != nil {
+		logging.Warn(err.Error())
+	}
+
+	logging.Infof("%d users with expired passwords", search.EntryCount())
+
+	for i := range search.EntryCount() {
+		emailAddr := search.GetEntry(i).GetAttributeValue("mail")
+		if len(emailAddr) <= 0 {
+			continue
+		}
+
+		t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
+		if err != nil {
+			panic(err)
+		}
+		formatted := t.Format("January 2, 2006 at 3:04 PM MST")
+
+		data := map[string]any{
+			"Username":    search.GetEntry(i).GetAttributeValue("cn"),
+			"ExpiredAt":   formatted,
+			"ResetURL":    fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
+			"ServiceName": "Astral Tech",
+		}
+
+		email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
+		if err != nil {
+			logging.Errorf("Failed to load email template: %s", err.Error())
+		}
+		noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
+	}
+}

src/main/reset_password.go

@@ -0,0 +1,21 @@
+package main
+
+import (
+	"html/template"
+	"net/http"
+
+	"astraltech.xyz/accountmanager/src/logging"
+)
+
+func resetPasswordHandler(w http.ResponseWriter, r *http.Request) {
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+
+	token := r.URL.Query().Get("token")
+	logging.Infof("Token: %s\n", token)
+
+	tmpl := template.Must(template.ParseFiles("src/pages/reset_password.html"))
+	if r.Method == http.MethodGet {
+		tmpl.Execute(w, nil)
+		return
+	}
+}

src/pages/reset_password.html

@@ -0,0 +1,44 @@
+<!doctype html>
+<title>Astral Tech - Reset Password</title>
+
+<link
+    href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap"
+    rel="stylesheet"
+/>
+<link rel="stylesheet" href="static/style.css" />
+<link rel="stylesheet" href="static/error/error.css" />
+<link rel="stylesheet" href="static/card.css" />
+<link rel="stylesheet" href="static/reset_password.css" />
+
+<img id="logo_image" alt="logo" src="/logo" />
+
+<div id="reset_password_card" class="card static_center">
+    <div>
+        <div>
+            Welcome
+            <b>{{.Name}}</b>
+        </div>
+        <div class="subtext">
+            Your password needs to be reset, please enter your new password
+            below
+        </div>
+    </div>
+
+    <div>
+        <label class="input_label">New password</label><br />
+        <div class="password_box">
+            <input type="password" name="password" placeholder="" required />
+            <button type="button" class="show_password_toggle closed"></button>
+        </div>
+    </div>
+
+    <div>
+        <label class="input_label">New password (repeated)</label><br />
+        <div class="password_box">
+            <input type="password" name="password" placeholder="" required />
+            <button type="button" class="show_password_toggle closed"></button>
+        </div>
+    </div>
+
+    <button>Reset Password</button>
+</div>

static/card.css

@@ -1,10 +1,5 @@
 .card {
-    background: rgba(
+    background: rgba(255, 255, 255, 1);
-        255,
-        255,
-        255,
-        1
-    ); /* Semi-transparent white for light theme */
     border: 1px solid var(--border-subtle);
     border-radius: 12px;
     padding: 2.5rem;

static/login_page.css

@@ -1,10 +1,3 @@
-#logo_image {
-    position: fixed;
-    width: 300px;
-    left: 50%;
-    transform: translateX(-50%);
-}
-
 #login_card {
     position: fixed;
     top: 50%;

static/profile_page.css

@@ -1,10 +1,3 @@
-#logo_image {
-    position: fixed;
-    width: 300px;
-    left: 50%;
-    transform: translateX(-50%);
-}
-
 #main_content {
     position: fixed;
     top: 100px;

static/reset_password.css

@@ -0,0 +1,7 @@
+#reset_password_card {
+    width: 350px;
+}
+
+#reset_password_card input {
+    width: 324px;
+}

static/style.css

@@ -129,3 +129,14 @@ input::placeholder {
 .show_password_toggle:focus {
     outline: none !important;
 }
+
+#logo_image {
+    position: fixed;
+    width: 300px;
+    left: 50%;
+    transform: translateX(-50%);
+}
+
+.subtext {
+    color: var(--text-muted);
+}