2019-04-24 21:52:08 +00:00
|
|
|
package handlers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
2022-04-03 12:24:51 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/templates"
|
2021-08-11 01:04:35 +00:00
|
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
2019-04-24 21:52:08 +00:00
|
|
|
)
|
|
|
|
|
2022-04-08 04:13:47 +00:00
|
|
|
// ResetPasswordPOST handler for resetting passwords.
|
|
|
|
func ResetPasswordPOST(ctx *middlewares.AutheliaCtx) {
|
2019-04-24 21:52:08 +00:00
|
|
|
userSession := ctx.GetSession()
|
|
|
|
|
|
|
|
// Those checks unsure that the identity verification process has been initiated and completed successfully
|
|
|
|
// otherwise PasswordReset would not be set to true. We can improve the security of this check by making the
|
2020-05-02 05:06:39 +00:00
|
|
|
// request expire at some point because here it only expires when the cookie expires.
|
2019-04-24 21:52:08 +00:00
|
|
|
if userSession.PasswordResetUsername == nil {
|
2021-09-17 05:53:40 +00:00
|
|
|
ctx.Error(fmt.Errorf("no identity verification process has been initiated"), messageUnableToResetPassword)
|
2019-04-24 21:52:08 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-04-03 12:24:51 +00:00
|
|
|
username := *userSession.PasswordResetUsername
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
var requestBody resetPasswordStep2RequestBody
|
|
|
|
err := ctx.ParseBody(&requestBody)
|
|
|
|
|
|
|
|
if err != nil {
|
2021-07-22 03:52:37 +00:00
|
|
|
ctx.Error(err, messageUnableToResetPassword)
|
2019-04-24 21:52:08 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-04-03 00:48:26 +00:00
|
|
|
if err = ctx.Providers.PasswordPolicy.Check(requestBody.Password); err != nil {
|
2022-04-02 22:32:57 +00:00
|
|
|
ctx.Error(err, messagePasswordWeak)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-05-08 22:43:12 +00:00
|
|
|
if err = ctx.Providers.UserProvider.UpdatePassword(username, requestBody.Password); err != nil {
|
2020-11-27 09:59:22 +00:00
|
|
|
switch {
|
2021-06-16 02:50:14 +00:00
|
|
|
case utils.IsStringInSliceContains(err.Error(), ldapPasswordComplexityCodes),
|
|
|
|
utils.IsStringInSliceContains(err.Error(), ldapPasswordComplexityErrors):
|
2021-09-17 05:53:40 +00:00
|
|
|
ctx.Error(err, ldapPasswordComplexityCode)
|
2020-11-27 09:59:22 +00:00
|
|
|
default:
|
2021-09-17 05:53:40 +00:00
|
|
|
ctx.Error(err, messageUnableToResetPassword)
|
2020-11-27 09:59:22 +00:00
|
|
|
}
|
|
|
|
|
2019-04-24 21:52:08 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-04-03 12:24:51 +00:00
|
|
|
ctx.Logger.Debugf("Password of user %s has been reset", username)
|
2019-04-24 21:52:08 +00:00
|
|
|
|
|
|
|
// Reset the request.
|
|
|
|
userSession.PasswordResetUsername = nil
|
|
|
|
|
2022-05-08 22:43:12 +00:00
|
|
|
if err = ctx.SaveSession(userSession); err != nil {
|
2021-09-17 05:53:40 +00:00
|
|
|
ctx.Error(fmt.Errorf("unable to update password reset state: %s", err), messageOperationFailed)
|
2019-04-24 21:52:08 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-04-03 12:24:51 +00:00
|
|
|
// Send Notification.
|
|
|
|
userInfo, err := ctx.Providers.UserProvider.GetDetails(username)
|
|
|
|
if err != nil {
|
|
|
|
ctx.Logger.Error(err)
|
|
|
|
ctx.ReplyOK()
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(userInfo.Emails) == 0 {
|
|
|
|
ctx.Logger.Error(fmt.Errorf("user %s has no email address configured", username))
|
|
|
|
ctx.ReplyOK()
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-12-23 05:06:49 +00:00
|
|
|
data := templates.EmailPasswordResetValues{
|
2022-07-18 00:56:09 +00:00
|
|
|
Title: "Password changed successfully",
|
|
|
|
DisplayName: userInfo.DisplayName,
|
|
|
|
RemoteIP: ctx.RemoteIP().String(),
|
2022-05-08 22:43:12 +00:00
|
|
|
}
|
2022-04-03 12:24:51 +00:00
|
|
|
|
2022-07-18 00:56:09 +00:00
|
|
|
addresses := userInfo.Addresses()
|
|
|
|
|
2022-04-03 12:24:51 +00:00
|
|
|
ctx.Logger.Debugf("Sending an email to user %s (%s) to inform that the password has changed.",
|
2022-07-18 00:56:09 +00:00
|
|
|
username, addresses[0])
|
2022-04-03 12:24:51 +00:00
|
|
|
|
2022-12-23 05:06:49 +00:00
|
|
|
if err = ctx.Providers.Notifier.Send(ctx, addresses[0], "Password changed successfully", ctx.Providers.Templates.GetPasswordResetEmailTemplate(), data); err != nil {
|
2022-04-03 12:24:51 +00:00
|
|
|
ctx.Logger.Error(err)
|
|
|
|
ctx.ReplyOK()
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
2019-04-24 21:52:08 +00:00
|
|
|
}
|