feat(web): change password (#7676)

Add the ability for users to change their password from their user settings, without requiring them to use the reset password workflow. User's are required to create a elevated session in order to change their password. Users may not change their password to their current password. The user's current password is required for the password change. Users must follow any established password policies. Administrators are able to turn this feature off.

Closes #3548

1 files changed, 12 insertions, 2 deletions

diff --git a/internal/handlers/handler_configuration.go b/internal/handlers/handler_configuration.go
index fec29c4ad..87b9ce2a7 100644
--- a/internal/handlers/handler_configuration.go
+++ b/internal/handlers/handler_configuration.go
@@ -7,14 +7,24 @@ import (
 // ConfigurationGET get the configuration accessible to authenticated users.
 func ConfigurationGET(ctx *middlewares.AutheliaCtx) {
 	body := configurationBody{
-		AvailableMethods: make(MethodList, 0, 3),
+		AvailableMethods:       make(MethodList, 0, 3),
+		PasswordChangeDisabled: false,
+		PasswordResetDisabled:  false,
 	}
 
 	if ctx.Providers.Authorizer.IsSecondFactorEnabled() {
 		body.AvailableMethods = ctx.AvailableSecondFactorMethods()
 	}
 
-	ctx.Logger.Tracef("Available methods are %s", body.AvailableMethods)
+	body.PasswordChangeDisabled = ctx.Configuration.AuthenticationBackend.PasswordChange.Disable
+	body.PasswordResetDisabled = ctx.Configuration.AuthenticationBackend.PasswordReset.Disable
+
+	ctx.Logger.WithFields(
+		map[string]any{
+			"available_methods":        body.AvailableMethods,
+			"password_change_disabled": body.PasswordChangeDisabled,
+			"password_reset_disabled":  body.PasswordResetDisabled,
+		}).Trace("Authelia configuration requested")
 
 	if err := ctx.SetJSONBody(body); err != nil {
 		ctx.Logger.Errorf("Unable to set configuration response in body: %s", err)