From 4c7727c3ed3915c9d2e51385b223b6f82bc0184a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sun, 7 Oct 2018 05:36:05 +0000 Subject: [PATCH] allow current user to reset their own password --- routers/routes/routes.go | 6 ++++-- routers/user/auth.go | 17 +++++++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 48813dc2a..f5be1be19 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -184,6 +184,10 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues) // ***** START: User ***** + m.Group("/user", func() { + m.Get("/reset_password", user.ResetPasswd) + m.Post("/reset_password", user.ResetPasswdPost) + }) m.Group("/user", func() { m.Get("/login", user.SignIn) m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost) @@ -204,8 +208,6 @@ func RegisterRoutes(m *macaron.Macaron) { }, openIDSignInEnabled) m.Get("/sign_up", user.SignUp) m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) - m.Get("/reset_password", user.ResetPasswd) - m.Post("/reset_password", user.ResetPasswdPost) m.Group("/oauth2", func() { m.Get("/:provider", user.SignInOAuth) m.Get("/:provider/callback", user.SignInOAuthCallback) diff --git a/routers/user/auth.go b/routers/user/auth.go index 1c7004a2f..9b59725b5 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -902,8 +902,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au handleRegister(ctx, u, form.Remember, true) } -// SignOut sign out from login status -func SignOut(ctx *context.Context) { +func handleSignOut(ctx *context.Context) { ctx.Session.Delete("uid") ctx.Session.Delete("uname") ctx.Session.Delete("socialId") @@ -913,6 +912,11 @@ func SignOut(ctx *context.Context) { ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state. +} + +// SignOut sign out from login status +func SignOut(ctx *context.Context) { + handleSignOut(ctx) ctx.Redirect(setting.AppSubURL + "/") } @@ -1144,6 +1148,8 @@ func ForgotPasswdPost(ctx *context.Context) { func ResetPasswd(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("auth.reset_password") + // TODO for security and convenience, show the username / email here + code := ctx.Query("code") if len(code) == 0 { ctx.Error(404) @@ -1184,6 +1190,10 @@ func ResetPasswdPost(ctx *context.Context) { ctx.ServerError("UpdateUser", err) return } + + // Just in case the user is signed in to another account + handleSignOut(ctx) + u.HashPassword(passwd) if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil { ctx.ServerError("UpdateUser", err) @@ -1191,6 +1201,9 @@ func ResetPasswdPost(ctx *context.Context) { } log.Trace("User password reset: %s", u.Name) + + // TODO change the former form to have password retype and remember me, + // then sign in here instead of redirecting ctx.Redirect(setting.AppSubURL + "/user/login") return }