1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
package admin
import (
"glsamaker/pkg/app/handler/authentication"
"glsamaker/pkg/app/handler/authentication/utils"
"glsamaker/pkg/database/connection"
"glsamaker/pkg/models/users"
"net/http"
"strconv"
)
// Show renders a template to show the landing page of the application
func ResetPassword(w http.ResponseWriter, r *http.Request) {
user := utils.GetAuthenticatedUser(r)
if !user.Permissions.Admin.ManageUsers {
authentication.AccessDenied(w, r)
return
}
userPasswordResetId := r.URL.Path[len("/admin/edit/password/reset/"):]
parsedUserPasswordResetId, err := strconv.ParseInt(userPasswordResetId, 10, 64)
if err != nil {
http.NotFound(w, r)
return
}
selectedUser := &users.User{Id: parsedUserPasswordResetId}
err = connection.DB.Model(selectedUser).WherePK().Select()
if err != nil || selectedUser == nil {
http.NotFound(w, r)
return
}
if r.Method == "POST" {
newPassword := generateNewPassword(14)
passwordParameters := users.Argon2Parameters{
Type: "argon2id",
Time: 1,
Memory: 64 * 1024,
Threads: 4,
KeyLen: 32,
}
passwordParameters.GenerateSalt(32)
passwordParameters.GeneratePassword(newPassword)
updatedUser := &users.User{
Id: parsedUserPasswordResetId,
Password: passwordParameters,
ForcePasswordRotation: true,
}
_, err = connection.DB.Model(updatedUser).Column("password").WherePK().Update()
_, err = connection.DB.Model(updatedUser).Column("force_password_rotation").WherePK().Update()
if err != nil {
http.NotFound(w, r)
return
}
var updatedUsers []*users.User
connection.DB.Model(&updatedUsers).Order("email ASC").Select()
renderAdminNewUserTemplate(w, user, updatedUsers, selectedUser.Nick, newPassword)
return
}
renderPasswordResetTemplate(w, user, selectedUser.Id, selectedUser.Nick)
}
|
GitWeb
