mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
92d328926d
* refactor(handlers): lower case error messages also refactor verifyAuth function to detect malicious activity both with session cookie and authorization header. * refacto(handlers): simplify error construction * fix(handlers): check prefix in authorization header to determine auth method * fix(handlers): determining the method should be done with headers instead of query arg * refacto(handlers): rollback changes of verifyAuth * don't lowercase log messages * Apply suggestions from code review Make sure logger errors are not lowercased. * fix: uppercase logger errors and remove unused param * Do not lowercase logger errors * Remove unused param targetURL * Rename url variable to not conflict with imported package Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
57 lines
1.6 KiB
Go
57 lines
1.6 KiB
Go
package handlers
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/authelia/authelia/v4/internal/middlewares"
|
|
"github.com/authelia/authelia/v4/internal/utils"
|
|
)
|
|
|
|
// ResetPasswordPost handler for resetting passwords.
|
|
func ResetPasswordPost(ctx *middlewares.AutheliaCtx) {
|
|
userSession := ctx.GetSession()
|
|
|
|
// Those checks unsure that the identity verification process has been initiated and completed successfully
|
|
// otherwise PasswordReset would not be set to true. We can improve the security of this check by making the
|
|
// request expire at some point because here it only expires when the cookie expires.
|
|
if userSession.PasswordResetUsername == nil {
|
|
ctx.Error(fmt.Errorf("no identity verification process has been initiated"), messageUnableToResetPassword)
|
|
return
|
|
}
|
|
|
|
var requestBody resetPasswordStep2RequestBody
|
|
err := ctx.ParseBody(&requestBody)
|
|
|
|
if err != nil {
|
|
ctx.Error(err, messageUnableToResetPassword)
|
|
return
|
|
}
|
|
|
|
err = ctx.Providers.UserProvider.UpdatePassword(*userSession.PasswordResetUsername, requestBody.Password)
|
|
|
|
if err != nil {
|
|
switch {
|
|
case utils.IsStringInSliceContains(err.Error(), ldapPasswordComplexityCodes),
|
|
utils.IsStringInSliceContains(err.Error(), ldapPasswordComplexityErrors):
|
|
ctx.Error(err, ldapPasswordComplexityCode)
|
|
default:
|
|
ctx.Error(err, messageUnableToResetPassword)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
ctx.Logger.Debugf("Password of user %s has been reset", *userSession.PasswordResetUsername)
|
|
|
|
// Reset the request.
|
|
userSession.PasswordResetUsername = nil
|
|
err = ctx.SaveSession(userSession)
|
|
|
|
if err != nil {
|
|
ctx.Error(fmt.Errorf("unable to update password reset state: %s", err), messageOperationFailed)
|
|
return
|
|
}
|
|
|
|
ctx.ReplyOK()
|
|
}
|