gawells/Self-Service-Dashboard
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Compare commits

base: gawells:v0.0.5
Branches Tags
gawells:master
gawells:v0.0.6 gawells:v0.0.5 gawells:v0.0.4 gawells:737a1908e0 gawells:074b3f8f31 gawells:c5358e6c50
..
compare: gawells:v0.0.6
Branches Tags
gawells:master
gawells:v0.0.6 gawells:v0.0.5 gawells:v0.0.4 gawells:737a1908e0 gawells:074b3f8f31 gawells:c5358e6c50

10 Commits
v0.0.5 ... v0.0.6

Author SHA1 Message Date
Gregory Wells
812a40492f password expiry email 2026-04-16 14:23:07 -04:00
Gregory Wells
093b33db0d add more logging into the password expiry checks 2026-04-16 09:12:46 -04:00
Gregory Wells
8633309968 send password expired emails every 12 hours from the program start 2026-04-15 09:43:38 -04:00
Gregory Wells
093b258b84 expried password email template 2026-04-13 10:24:12 -04:00
Gregory Wells
5a80d61d9b remove old comment 2026-04-13 09:40:24 -04:00
Gregory Wells
6a985c1a84 send simple test email to my email on server startup 2026-04-13 09:32:22 -04:00
Gregory Wells
590ea73a92 send all emails as HTML 2026-04-13 09:22:57 -04:00
Gregory Wells
8de145adbc add email config to config file 2026-04-13 09:19:35 -04:00
Gregory Wells
8f0291bb8a make small changes to the email package 2026-04-13 09:13:49 -04:00
Gregory Wells
cde41b82b2 base URL param for config 2026-04-09 16:45:02 -04:00
8 changed files with 245 additions and 20 deletions
Expand all files Collapse all files

10
data/config.example.json
View File

@@ -12,6 +12,14 @@
"logo_path": "./data/astraltech_logo_large.png" "logo_path": "./data/astraltech_logo_large.png"
}, },
"server_config": { "server_config": {
"port": 8080 "port": 8080,
"base_url": "https://profile.example.com"
},
"email_config": {
"username": "noreply",
"email": "noreply@example.com",
"password": "",
"smtp_url": "mx.example.com",
"smtp_port": 587
} }
} }

112
data/email-templates/expired-password.html Normal file
View File

@@ -0,0 +1,112 @@
<!doctype html>
<html>
<head>
<!-- Tell iOS we support light mode -->
<meta name="color-scheme" content="light" />
<meta name="supported-color-schemes" content="light" />
</head>
<body
style="margin: 0; padding: 0; background-color: #f7fff7; color: #000000"
>
<table
width="100%"
cellpadding="0"
cellspacing="0"
border="0"
style="background-color: #f7fff7"
>
<tr>
<td align="center">
<!-- Outer container -->
<table
width="600"
cellpadding="0"
cellspacing="0"
border="0"
style="
background-color: #ffffff;
border: 1px solid #e2e8f0;
border-radius: 12px;
margin-top: 25px;
"
>
<tr>
<td
style="
padding: 30px;
font-family: Arial, sans-serif;
color: #000000;
"
>
<p style="margin: 0 0 15px 0">
Hi <strong>{{.Username}}</strong>,
</p>
<p style="margin: 0 0 15px 0">
Your account password has expired and needs
to be updated to continue accessing your
account.
</p>
<p style="margin: 0 0 15px 0">
<strong>Expiration Date:</strong><br />
{{.ExpiredAt}}
</p>
<p style="margin: 0 0 20px 0">
For security reasons, passwords must be
updated periodically. Please reset your
password as soon as possible.
</p>
<!-- Button -->
<table
align="center"
cellpadding="0"
cellspacing="0"
border="0"
>
<tr>
<td
bgcolor="#1a535c"
style="border-radius: 6px"
>
<a
href="{{.ResetURL}}"
style="
display: inline-block;
padding: 12px 20px;
font-weight: bold;
font-family:
Arial, sans-serif;
color: #ffffff;
text-decoration: none;
background-color: #1a535c;
border-radius: 6px;
-webkit-text-fill-color: #ffffff;
"
>
Reset Password
</a>
</td>
</tr>
</table>
<p style="margin: 20px 0 15px 0">
If you did not expect this, please contact
your system administrator.
</p>
<p style="margin: 0">
Thanks,<br />
<strong>{{.ServiceName}}</strong>
</p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>

25
src/email/email.go
View File

@@ -16,35 +16,38 @@ type EmailAccount struct {
} }
type EmailAccountData struct { type EmailAccountData struct {
username string Username string
password string Password string
email string Email string
} }
func createEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount { func CreateEmailAccount(accountData EmailAccountData, smtpHost string, smtpPort int) EmailAccount {
logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.username, accountData.email, smtpHost, smtpPort) logging.Debugf("Creating Email Account: \n\tUsername: %s\n\tEmail: %s\n\tSMTP Host: %s:%d", accountData.Username, accountData.Email, smtpHost, smtpPort)
account := EmailAccount{ account := EmailAccount{
email: accountData.email, email: accountData.Email,
smtpHost: smtpHost, smtpHost: smtpHost,
smtpPort: strconv.Itoa(smtpPort), smtpPort: strconv.Itoa(smtpPort),
} }
account.auth = smtp.PlainAuth("", accountData.username, accountData.password, smtpHost) account.auth = smtp.PlainAuth("", accountData.Username, accountData.Password, smtpHost)
return account return account
} }
func sendEmail(account EmailAccount, toEmail []string, subject string, message string) { func (account *EmailAccount) SendEmail(toEmails []string, subject string, message string) {
logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmail, "")) logging.Debugf("Sending an email from %s to %s", account.email, strings.Join(toEmails, ", "))
ToEmailList := strings.Join(toEmail, "") ToEmailList := strings.Join(toEmails, ", ")
mime := "MIME-version: 1.0;\r\nContent-Type: text/html; charset=\"UTF-8\";\r\n\r\n"
messageData := []byte( messageData := []byte(
"From: " + account.email + "\r\n" + "From: " + account.email + "\r\n" +
"To: " + ToEmailList + "\r\n" + "To: " + ToEmailList + "\r\n" +
"Subject: " + subject + "\r\n" + "Subject: " + subject + "\r\n" +
mime +
"\r\n" + "\r\n" +
message, message,
) )
err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmail, messageData) err := smtp.SendMail(account.smtpHost+":"+account.smtpPort, account.auth, account.email, toEmails, messageData)
if err != nil { if err != nil {
logging.Error("Failed to send email") logging.Error("Failed to send email")
logging.Error(err.Error()) logging.Error(err.Error())

28
src/email/render_template.go Normal file
View File

@@ -0,0 +1,28 @@
package email
import (
"bytes"
"path/filepath"
"text/template"
)
func RenderTemplate(path string, data any, funcMap template.FuncMap) (string, error) {
tmpl := template.New("")
if funcMap != nil {
tmpl = tmpl.Funcs(funcMap)
}
tmpl, err := tmpl.ParseFiles(path)
if err != nil {
return "", err
}
var buf bytes.Buffer
err = tmpl.ExecuteTemplate(&buf, filepath.Base(path), data)
if err != nil {
return "", err
}
return buf.String(), nil
}

12
src/main/config.go
View File

@@ -22,13 +22,23 @@ type StyleConfig struct {
} }
type WebserverConfig struct { type WebserverConfig struct {
Port int `json:"port"` Port int `json:"port"`
BaseURL string `json:"base_url"`
}
type EmailConfig struct {
Username string `json:"username"`
Email string `json:"email"`
Password string `json:"password"`
SMTPURL string `json:"smtp_url"`
SMTPPort int `json:"smtp_port"`
} }
type ServerConfig struct { type ServerConfig struct {
LDAPConfig LDAPConfig `json:"ldap_config"` LDAPConfig LDAPConfig `json:"ldap_config"`
StyleConfig StyleConfig `json:"style_config"` StyleConfig StyleConfig `json:"style_config"`
WebserverConfig WebserverConfig `json:"server_config"` WebserverConfig WebserverConfig `json:"server_config"`
EmailConfig EmailConfig `json:"email_config"`
} }
func loadServerConfig(path string) (*ServerConfig, error) { func loadServerConfig(path string) (*ServerConfig, error) {

14
src/main/main.go
View File

@@ -9,6 +9,7 @@ import (
"sync" "sync"
"astraltech.xyz/accountmanager/src/components" "astraltech.xyz/accountmanager/src/components"
"astraltech.xyz/accountmanager/src/email"
"astraltech.xyz/accountmanager/src/helpers" "astraltech.xyz/accountmanager/src/helpers"
"astraltech.xyz/accountmanager/src/ldap" "astraltech.xyz/accountmanager/src/ldap"
"astraltech.xyz/accountmanager/src/logging" "astraltech.xyz/accountmanager/src/logging"
@@ -19,6 +20,7 @@ var (
ldapServer ldap.LDAPServer ldapServer ldap.LDAPServer
serverConfig *ServerConfig serverConfig *ServerConfig
sessionManager *session.SessionManager sessionManager *session.SessionManager
noReplyEmail email.EmailAccount
) )
type UserData struct { type UserData struct {
@@ -38,6 +40,9 @@ func authenticateUser(username, password string) (*UserData, error) {
connected, err := ldapServer.AuthenticateUser(userDN, password) connected, err := ldapServer.AuthenticateUser(userDN, password)
if err != nil { if err != nil {
if strings.Contains(err.Error(), "Password is expired") {
return nil, fmt.Errorf("Password expired for %s\n", username)
}
return nil, err return nil, err
} }
if connected == false { if connected == false {
@@ -85,7 +90,6 @@ func loginHandler(w http.ResponseWriter, r *http.Request) {
return return
} }
// 2. Logic for processing the form
if r.Method == http.MethodPost { if r.Method == http.MethodPost {
username := r.FormValue("username") username := r.FormValue("username")
if strings.Contains(username, "/") { if strings.Contains(username, "/") {
@@ -250,6 +254,12 @@ func main() {
log.Fatal("Could not load server config") log.Fatal("Could not load server config")
} }
noReplyEmail = email.CreateEmailAccount(email.EmailAccountData{
Username: serverConfig.EmailConfig.Username,
Password: serverConfig.EmailConfig.Password,
Email: serverConfig.EmailConfig.Email,
}, serverConfig.EmailConfig.SMTPURL, serverConfig.EmailConfig.SMTPPort)
ldapServer = ldap.LDAPServer{ ldapServer = ldap.LDAPServer{
URL: serverConfig.LDAPConfig.LDAPURL, URL: serverConfig.LDAPConfig.LDAPURL,
StartTLS: serverConfig.LDAPConfig.Security == "tls", StartTLS: serverConfig.LDAPConfig.Security == "tls",
@@ -269,6 +279,8 @@ func main() {
logging.Fatal("Failed to connect to LDAP server") logging.Fatal("Failed to connect to LDAP server")
} }
InitPasswordExpiry()
helpers.HandleFunc("/favicon.ico", faviconHandler) helpers.HandleFunc("/favicon.ico", faviconHandler)
helpers.HandleFunc("/logo", logoHandler) helpers.HandleFunc("/logo", logoHandler)

57
src/main/password_expiry.go Normal file
View File

@@ -0,0 +1,57 @@
package main
import (
"fmt"
"time"
"astraltech.xyz/accountmanager/src/email"
"astraltech.xyz/accountmanager/src/logging"
"astraltech.xyz/accountmanager/src/worker"
)
func InitPasswordExpiry() {
go func() {
CheckPasswordExpriy()
}()
worker.CreateWorker(time.Hour*12, CheckPasswordExpriy)
}
func CheckPasswordExpriy() {
logging.Infof("Starting password expiry check")
now := time.Now().UTC()
formatted := now.Format("20060102150405Z")
search, err := ldapServer.SerchServer(serverConfig.LDAPConfig.BindDN, serverConfig.LDAPConfig.BindPassword, serverConfig.LDAPConfig.BaseDN, fmt.Sprintf("(&(objectclass=person)(krbPasswordExpiration<=%s))", formatted), []string{"cn", "mail", "krbPasswordExpiration"})
if err != nil {
logging.Warn(err.Error())
}
logging.Infof("%d users with expired passwords", search.EntryCount())
for i := range search.EntryCount() {
emailAddr := search.GetEntry(i).GetAttributeValue("mail")
if len(emailAddr) <= 0 {
continue
}
t, err := time.Parse("20060102150405Z", search.GetEntry(i).GetAttributeValue("krbPasswordExpiration"))
if err != nil {
panic(err)
}
formatted := t.Format("January 2, 2006 at 3:04 PM MST")
data := map[string]any{
"Username": search.GetEntry(i).GetAttributeValue("cn"),
"ExpiredAt": formatted,
"ResetURL": fmt.Sprintf("%s", serverConfig.WebserverConfig.BaseURL),
"ServiceName": "Astral Tech",
}
email_template, err := email.RenderTemplate("./data/email-templates/expired-password.html", data, nil)
if err != nil {
logging.Errorf("Failed to load email template: %s", err.Error())
}
noReplyEmail.SendEmail([]string{emailAddr}, "Password expired", email_template)
}
}

7
static/card.css
View File

@@ -1,10 +1,5 @@
.card { .card {
background: rgba( background: rgba(255, 255, 255, 1);
255,
255,
255,
1
); /* Semi-transparent white for light theme */
border: 1px solid var(--border-subtle); border: 1px solid var(--border-subtle);
border-radius: 12px; border-radius: 12px;
padding: 2.5rem; padding: 2.5rem;