mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
aa64d0c4e5
* Added `ActiveDirectory` suite for integration tests with Samba AD * Updated documentation * Minor styling refactor to suites * Clean up LDAP user provisioning * Fix Authelia home splash to reference correct link for webmail * Add notification message for password complexity errors * Add password complexity integration test * Rename implementation default from rfc to custom * add specific defaults for LDAP (activedirectory implementation) * add docs to show the new defaults * add docs explaining the importance of users filter * add tests * update instances of LDAP implementation names to use the new consts where applicable * made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead * update config examples due to the new defaults * apply changes from code review * replace schema default name from MSAD to ActiveDirectory for consistency * fix missing default for username_attribute * replace test raising on empty username attribute with not raising on empty Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
56 lines
1.5 KiB
Go
56 lines
1.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/authelia/authelia/internal/middlewares"
|
|
)
|
|
|
|
// ResetPasswordPost handler for resetting passwords.
|
|
func ResetPasswordPost(ctx *middlewares.AutheliaCtx) {
|
|
userSession := ctx.GetSession()
|
|
|
|
// Those checks unsure that the identity verification process has been initiated and completed successfully
|
|
// otherwise PasswordReset would not be set to true. We can improve the security of this check by making the
|
|
// request expire at some point because here it only expires when the cookie expires.
|
|
if userSession.PasswordResetUsername == nil {
|
|
ctx.Error(fmt.Errorf("No identity verification process has been initiated"), unableToResetPasswordMessage)
|
|
return
|
|
}
|
|
|
|
var requestBody resetPasswordStep2RequestBody
|
|
err := ctx.ParseBody(&requestBody)
|
|
|
|
if err != nil {
|
|
ctx.Error(err, unableToResetPasswordMessage)
|
|
return
|
|
}
|
|
|
|
err = ctx.Providers.UserProvider.UpdatePassword(*userSession.PasswordResetUsername, requestBody.Password)
|
|
|
|
if err != nil {
|
|
switch {
|
|
case strings.Contains(err.Error(), ldapPasswordComplexityCode):
|
|
ctx.Error(fmt.Errorf("%s", err), ldapPasswordComplexityCode)
|
|
default:
|
|
ctx.Error(fmt.Errorf("%s", err), unableToResetPasswordMessage)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
ctx.Logger.Debugf("Password of user %s has been reset", *userSession.PasswordResetUsername)
|
|
|
|
// Reset the request.
|
|
userSession.PasswordResetUsername = nil
|
|
err = ctx.SaveSession(userSession)
|
|
|
|
if err != nil {
|
|
ctx.Error(fmt.Errorf("Unable to update password reset state: %s", err), operationFailedMessage)
|
|
return
|
|
}
|
|
|
|
ctx.ReplyOK()
|
|
}
|