91 lines
2.6 KiB
Go
91 lines
2.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
_ "embed"
|
|
"errors"
|
|
"net/http"
|
|
|
|
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/control/static"
|
|
"github.com/FAU-CDI/wisski-distillery/pkg/httpx"
|
|
)
|
|
|
|
//go:embed "templates/home.html"
|
|
var homeHTMLStr string
|
|
var homeTemplate = static.AssetsHome.MustParseShared(
|
|
"home.html",
|
|
homeHTMLStr,
|
|
)
|
|
|
|
func (auth *Auth) authHome(ctx context.Context) http.Handler {
|
|
return auth.Protect(&httpx.HTMLHandler[*AuthUser]{
|
|
Handler: auth.UserOf,
|
|
Template: homeTemplate,
|
|
}, nil)
|
|
}
|
|
|
|
//go:embed "templates/password.html"
|
|
var passwordHTMLString string
|
|
var passwordTemplate = static.AssetsUser.MustParseShared("password.html", passwordHTMLString)
|
|
|
|
var (
|
|
errPasswordsNotIdentical = errors.New("passwords are not identical")
|
|
errPasswordIsEmpty = errors.New("password is empty")
|
|
errCredentialsIncorrect = errors.New("credentials are not correct")
|
|
errPasswordSetFailure = errors.New("error saving new password")
|
|
errTOTPSetFailure = errors.New("unable to disable totp")
|
|
errPasswordSet = errors.New("password was updated")
|
|
)
|
|
|
|
func (auth *Auth) authPassword(ctx context.Context) http.Handler {
|
|
return &httpx.Form[struct{}]{
|
|
Fields: []httpx.Field{
|
|
{Name: "old", Type: httpx.PasswordField, EmptyOnError: true, Label: "Current Password"},
|
|
{Name: "passcode", Type: httpx.TextField, EmptyOnError: true, Label: "Current Passcode (optional)"},
|
|
{Name: "new", Type: httpx.PasswordField, EmptyOnError: true, Label: "New Password"},
|
|
{Name: "new2", Type: httpx.PasswordField, EmptyOnError: true, Label: "New Password (again)"},
|
|
},
|
|
FieldTemplate: httpx.PureCSSFieldTemplate,
|
|
|
|
CSRF: auth.csrf.Get(nil),
|
|
|
|
RenderTemplate: passwordTemplate,
|
|
RenderTemplateContext: auth.UserFormContext,
|
|
|
|
Validate: func(r *http.Request, values map[string]string) (struct{}, error) {
|
|
old, passcode, new, new2 := values["old"], values["passcode"], values["new"], values["new2"]
|
|
|
|
if new != new2 {
|
|
return struct{}{}, errPasswordsNotIdentical
|
|
}
|
|
|
|
if new == "" {
|
|
return struct{}{}, errPasswordIsEmpty
|
|
}
|
|
|
|
user, err := auth.UserOf(r)
|
|
if err != nil {
|
|
return struct{}{}, err
|
|
}
|
|
|
|
{
|
|
err := user.CheckCredentials(r.Context(), []byte(old), passcode)
|
|
if err != nil {
|
|
return struct{}{}, errCredentialsIncorrect
|
|
}
|
|
}
|
|
{
|
|
err := user.SetPassword(r.Context(), []byte(new))
|
|
if err != nil {
|
|
return struct{}{}, errPasswordSetFailure
|
|
}
|
|
}
|
|
|
|
return struct{}{}, nil
|
|
},
|
|
|
|
RenderSuccess: func(_ struct{}, values map[string]string, w http.ResponseWriter, r *http.Request) error {
|
|
return errPasswordSet
|
|
},
|
|
}
|
|
}
|