diff options
| author | Steve Manuel <nilslice@gmail.com> | 2016-12-02 11:32:27 -0800 |
|---|---|---|
| committer | Steve Manuel <nilslice@gmail.com> | 2016-12-02 11:32:27 -0800 |
| commit | 6dd68233865e98fe8db60f8f29e0fb82f4e011a6 (patch) | |
| tree | e9a7245586b318e7f16bfe90e294580e7966b813 /system/admin/handlers.go | |
| parent | 6dfd02c84f125a6defe082d31a6f20672979f4d3 (diff) | |
updating print errors to log, more implementation of account recovery
Diffstat (limited to 'system/admin/handlers.go')
| -rw-r--r-- | system/admin/handlers.go | 69 |
1 files changed, 57 insertions, 12 deletions
diff --git a/system/admin/handlers.go b/system/admin/handlers.go index 82f8ae0..c42b76b 100644 --- a/system/admin/handlers.go +++ b/system/admin/handlers.go @@ -607,7 +607,7 @@ func forgotPasswordHandler(res http.ResponseWriter, req *http.Request) { `, email, domain, key, domain) msg := emailer.Message{ To: email, - From: fmt.Sprintf("Ponzu CMS <ponzu-cms@%s", domain), + From: fmt.Sprintf("Ponzu CMS <ponzu-cms@%s>", domain), Subject: fmt.Sprintf("Account Recovery [%s]", domain), Body: body, } @@ -648,33 +648,78 @@ func recoveryKeyHandler(res http.ResponseWriter, req *http.Request) { view, err := RecoveryKey() if err != nil { res.WriteHeader(http.StatusInternalServerError) - errView, err := Error500() - if err != nil { - return - } - - res.Write(errView) return } res.Write(view) case http.MethodPost: + err := req.ParseMultipartForm(1024 * 1024 * 4) // maxMemory 4MB + if err != nil { + res.WriteHeader(http.StatusInternalServerError) + log.Println("Error parsing recovery key form:", err) + return + } // check for email & key match + email := strings.ToLower(req.FormValue("email")) + key := req.FormValue("key") + + var actual string + if actual, err = db.RecoveryKey(email); err != nil { + res.WriteHeader(http.StatusInternalServerError) + log.Println("Error getting recovery key from database:", err) + return + } + + if key != actual { + res.WriteHeader(http.StatusBadRequest) + log.Println("Bad recovery key submitted:", key) + return + } // set user with new password + usr := &user.User{} + u, err := db.User(email) + if err != nil { + res.WriteHeader(http.StatusInternalServerError) + log.Println("Error finding user by email:", email, err) + return + } - // redirect to /admin/login + if u == nil { + res.WriteHeader(http.StatusBadRequest) + log.Println("No user found with email:", email) + return + } - default: - res.WriteHeader(http.StatusMethodNotAllowed) - errView, err := Error405() + err = json.Unmarshal(u, usr) if err != nil { + res.WriteHeader(http.StatusInternalServerError) + log.Println("Error decoding user from database:", err) return } - res.Write(errView) + update := &user.User{ + ID: usr.ID, + Email: usr.Email, + Hash: usr.Hash, + Salt: usr.Salt, + } + + err = db.UpdateUser(usr, update) + if err != nil { + res.WriteHeader(http.StatusInternalServerError) + log.Println("Error updating user:", err) + return + } + + // redirect to /admin/login + redir := req.URL.Scheme + req.URL.Host + "/admin/login" + http.Redirect(res, req, redir, http.StatusFound) + + default: + res.WriteHeader(http.StatusMethodNotAllowed) return } } |