From d3a4d76d0e4a2b4186408a1f028e141660da233a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sun, 7 Oct 2018 05:36:05 +0000 Subject: [PATCH] allow current user to reset their own password --- routers/routes/routes.go | 6 ++++-- routers/user/auth.go | 17 +++++++++++++++-- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 4ca421065..8595a6709 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -185,6 +185,10 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues) // ***** START: User ***** + m.Group("/user", func() { + m.Get("/reset_password", user.ResetPasswd) + m.Post("/reset_password", user.ResetPasswdPost) + }) m.Group("/user", func() { m.Get("/login", user.SignIn) m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost) @@ -205,8 +209,6 @@ func RegisterRoutes(m *macaron.Macaron) { }, openIDSignInEnabled) m.Get("/sign_up", user.SignUp) m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) - m.Get("/reset_password", user.ResetPasswd) - m.Post("/reset_password", user.ResetPasswdPost) m.Group("/oauth2", func() { m.Get("/:provider", user.SignInOAuth) m.Get("/:provider/callback", user.SignInOAuthCallback) diff --git a/routers/user/auth.go b/routers/user/auth.go index a4a0ee3e6..e1512accb 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -859,8 +859,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au ctx.Redirect(setting.AppSubURL + "/user/login") } -// SignOut sign out from login status -func SignOut(ctx *context.Context) { +func handleSignOut(ctx *context.Context) { ctx.Session.Delete("uid") ctx.Session.Delete("uname") ctx.Session.Delete("socialId") @@ -870,6 +869,11 @@ func SignOut(ctx *context.Context) { ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state. +} + +// SignOut sign out from login status +func SignOut(ctx *context.Context) { + handleSignOut(ctx) ctx.Redirect(setting.AppSubURL + "/") } @@ -1139,6 +1143,8 @@ func ForgotPasswdPost(ctx *context.Context) { func ResetPasswd(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("auth.reset_password") + // TODO for security and convenience, show the username / email here + code := ctx.Query("code") if len(code) == 0 { ctx.Error(404) @@ -1179,6 +1185,10 @@ func ResetPasswdPost(ctx *context.Context) { ctx.ServerError("UpdateUser", err) return } + + // Just in case the user is signed in to another account + handleSignOut(ctx) + u.HashPassword(passwd) u.MustChangePassword = false if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil { @@ -1187,6 +1197,9 @@ func ResetPasswdPost(ctx *context.Context) { } log.Trace("User password reset: %s", u.Name) + + // TODO change the former form to have password retype and remember me, + // then sign in here instead of redirecting ctx.Redirect(setting.AppSubURL + "/user/login") return }