1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
package handlers
import (
"errors"
"fmt"
"net/http"
"github.com/authelia/authelia/v4/internal/authentication"
"github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/session"
"github.com/authelia/authelia/v4/internal/templates"
)
func ChangePasswordPOST(ctx *middlewares.AutheliaCtx) {
var (
userSession session.UserSession
err error
)
if userSession, err = ctx.GetSession(); err != nil {
ctx.Error(fmt.Errorf("error occurred retrieving session for user: %w", err), messageUnableToChangePassword)
return
}
username := userSession.Username
var requestBody changePasswordRequestBody
if err = ctx.ParseBody(&requestBody); err != nil {
ctx.Error(err, messageUnableToChangePassword)
return
}
if err = ctx.Providers.PasswordPolicy.Check(requestBody.NewPassword); err != nil {
ctx.Error(err, messagePasswordWeak)
return
}
if err = ctx.Providers.UserProvider.ChangePassword(username, requestBody.OldPassword, requestBody.NewPassword); err != nil {
ctx.Logger.WithError(err).Debugf("Unable to change password for user '%s'", username)
switch {
case errors.Is(err, authentication.ErrIncorrectPassword):
ctx.SetJSONError(messageIncorrectPassword)
ctx.SetStatusCode(http.StatusUnauthorized)
case errors.Is(err, authentication.ErrPasswordWeak):
ctx.SetJSONError(messagePasswordWeak)
ctx.SetStatusCode(http.StatusBadRequest)
case errors.Is(err, authentication.ErrAuthenticationFailed):
ctx.SetJSONError(messageOperationFailed)
ctx.SetStatusCode(http.StatusUnauthorized)
default:
ctx.SetJSONError(messageOperationFailed)
ctx.SetStatusCode(http.StatusInternalServerError)
}
return
}
ctx.Logger.Debugf("User %s has changed their password", username)
if err = ctx.SaveSession(userSession); err != nil {
ctx.Error(fmt.Errorf("unable to update password reset state: %w", err), messageOperationFailed)
return
}
userInfo, err := ctx.Providers.UserProvider.GetDetails(username)
if err != nil {
ctx.Logger.Error(err)
ctx.ReplyOK()
return
}
if len(userInfo.Emails) == 0 {
ctx.Logger.Error(fmt.Errorf("user %s has no email address configured", username))
ctx.ReplyOK()
return
}
data := templates.EmailEventValues{
Title: "Password changed successfully",
DisplayName: userInfo.DisplayName,
RemoteIP: ctx.RemoteIP().String(),
Details: map[string]any{
"Action": "Password Change",
},
BodyPrefix: eventEmailActionPasswordModifyPrefix,
BodyEvent: eventEmailActionPasswordChange,
BodySuffix: eventEmailActionPasswordModifySuffix,
}
addresses := userInfo.Addresses()
ctx.Logger.Debugf("Sending an email to user %s (%s) to inform that the password has changed.",
username, addresses[0].String())
if err = ctx.Providers.Notifier.Send(ctx, addresses[0], "Password changed successfully", ctx.Providers.Templates.GetEventEmailTemplate(), data); err != nil {
ctx.Logger.Error(err)
ctx.ReplyOK()
return
}
}
|
