commit 7e19a39798af7337b46482e528480e4ab60db7b4
parent 4cfdbb91a6d78365d0fcaef9672f1c8603d8660d
Author: vasyahacker <vasya@magicfreedom.com>
Date: Tue, 16 May 2023 18:50:55 +0400
reauth bugfix, ask old password before reset
Diffstat:
5 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/cmd/idecd/main.go b/cmd/idecd/main.go
@@ -122,10 +122,10 @@ func main() {
unveil(*tpl_path_opt, "r")
unveil(*style_path_opt, "r")
- unveil(*echo_opt, "rwc") // list.txt
- unveil(*users_opt, "rwc") // points.txt
- unveil(filepath.Dir(*db_opt), "rwc")
- unveil(*db_opt+".idx", "rwc")
+ unveil(*echo_opt, "r") // list.txt
+ unveil(*users_opt, "rwc") // points.txt
+ unveil(filepath.Dir(*db_opt), "rwc")// db dir
+ unveil(*db_opt+".idx", "rwc") // db index
unveil(os.TempDir(), "rwc")
unveil_block()
diff --git a/cmd/idecd/web.go b/cmd/idecd/web.go
@@ -64,6 +64,11 @@ func www_register(ctx *WebContext, w http.ResponseWriter, r *http.Request) error
ii.Error.Printf("Access denied")
return errors.New("Access denied")
}
+ old_password := r.FormValue("old_password")
+ if !udb.Auth(u.Name, old_password) {
+ ii.Error.Printf("Old password missmatch (%s)", u.Name)
+ return errors.New("Old password missmatch")
+ }
password := r.FormValue("password")
u.Secret = ii.MakeSecret(u.Name + password)
if err := udb.Edit(u); err != nil {
@@ -155,9 +160,11 @@ func www_logout(ctx *WebContext, w http.ResponseWriter, r *http.Request) error {
token := cookie.Value
udb := ctx.www.udb
if udb.Access(token) {
- u := udb.UserInfo(token)
- u.Token = ""
- delete(ctx.www.udb.Tokens, token)
+ //ui := udb.UserInfoName(ctx.User.Name)
+ //ui.Token = ""
+ ctx.User.Token = ""
+ udb.Names[ctx.User.Name] = *ctx.User
+ delete(udb.Tokens, token)
}
}
rmcookie := http.Cookie{Name: "token", Value: "", Expires: time.Unix(0, 0)}
diff --git a/ii/db.go b/ii/db.go
@@ -1128,6 +1128,8 @@ func (db *UDB) LoadUsers() error {
u.Mail = a[2]
u.Secret = a[3]
u.Tags = NewTags(a[4])
+ //u.Token = a[5]
+ //db.Tokens[u.Token] = u.Name
db.ById[u.Id] = u.Name
db.Names[u.Name] = u
db.List = append(db.List, u.Name)
diff --git a/www/tpl/profile.tpl b/www/tpl/profile.tpl
@@ -3,7 +3,7 @@
<table id="profile" cellspacing=0 cellpadding=0>
{{if has_avatar .User.Name}}<img class="avatar" src="/avatar/{{.User.Name}}">{{end}}
<tr class="odd"><td>Login:</td><td>{{.User.Name}}</td></tr>
-<tr class="even"><td>Token:</td><td>{{.User.Token}}</td></tr>
+<tr class="even"><td>Auth token:</td><td>{{.User.Token}}</td></tr>
<tr class="odd"><td>e-mail:</td><td>{{.User.Mail}}</td></tr>
<tr class="even"><td>Addr:</td><td>{{.Selected}}</td></tr>
<tr class="odd"><td class="links" colspan="2"><a href="{{.PfxPath}}/from/{{.User.Name}}">/from/{{.User.Name}}</a> :: <a href="{{.PfxPath}}/to/{{.User.Name}}">/to/{{.User.Name}}</a>
diff --git a/www/tpl/reset.tpl b/www/tpl/reset.tpl
@@ -1,9 +1,15 @@
{{template "header.tpl" $}}
<form method="post" enctype="application/x-www-form-urlencoded" action="/register">
+<input type="hidden" name="token" value="{{.User.Token}}">
<table id="login" cellspacing=0 cellpadding=0>
<tr class="odd"><td>
-<input type="text" name="token" class="login" placeholder="authstr" value="{{.User.Token}}"><br>
+ Reset password
+<!-- <input type="text" name="token" class="login" placeholder="authstr" value="{{.User.Token}}"><br> -->
+</td></tr>
+
+<tr class="even"><td>
+<input type="password" name="old_password" class="passwd" placeholder="old password"><br>
</td></tr>
<tr class="even"><td>
