reauth bugfix, ask old password before reset
parent
4cfdbb91a6
commit
7e19a39798
|
@ -122,10 +122,10 @@ func main() {
|
|||
|
||||
unveil(*tpl_path_opt, "r")
|
||||
unveil(*style_path_opt, "r")
|
||||
unveil(*echo_opt, "rwc") // list.txt
|
||||
unveil(*users_opt, "rwc") // points.txt
|
||||
unveil(filepath.Dir(*db_opt), "rwc")
|
||||
unveil(*db_opt+".idx", "rwc")
|
||||
unveil(*echo_opt, "r") // list.txt
|
||||
unveil(*users_opt, "rwc") // points.txt
|
||||
unveil(filepath.Dir(*db_opt), "rwc")// db dir
|
||||
unveil(*db_opt+".idx", "rwc") // db index
|
||||
unveil(os.TempDir(), "rwc")
|
||||
unveil_block()
|
||||
|
||||
|
|
|
@ -64,6 +64,11 @@ func www_register(ctx *WebContext, w http.ResponseWriter, r *http.Request) error
|
|||
ii.Error.Printf("Access denied")
|
||||
return errors.New("Access denied")
|
||||
}
|
||||
old_password := r.FormValue("old_password")
|
||||
if !udb.Auth(u.Name, old_password) {
|
||||
ii.Error.Printf("Old password missmatch (%s)", u.Name)
|
||||
return errors.New("Old password missmatch")
|
||||
}
|
||||
password := r.FormValue("password")
|
||||
u.Secret = ii.MakeSecret(u.Name + password)
|
||||
if err := udb.Edit(u); err != nil {
|
||||
|
@ -155,9 +160,11 @@ func www_logout(ctx *WebContext, w http.ResponseWriter, r *http.Request) error {
|
|||
token := cookie.Value
|
||||
udb := ctx.www.udb
|
||||
if udb.Access(token) {
|
||||
u := udb.UserInfo(token)
|
||||
u.Token = ""
|
||||
delete(ctx.www.udb.Tokens, token)
|
||||
//ui := udb.UserInfoName(ctx.User.Name)
|
||||
//ui.Token = ""
|
||||
ctx.User.Token = ""
|
||||
udb.Names[ctx.User.Name] = *ctx.User
|
||||
delete(udb.Tokens, token)
|
||||
}
|
||||
}
|
||||
rmcookie := http.Cookie{Name: "token", Value: "", Expires: time.Unix(0, 0)}
|
||||
|
|
2
ii/db.go
2
ii/db.go
|
@ -1128,6 +1128,8 @@ func (db *UDB) LoadUsers() error {
|
|||
u.Mail = a[2]
|
||||
u.Secret = a[3]
|
||||
u.Tags = NewTags(a[4])
|
||||
//u.Token = a[5]
|
||||
//db.Tokens[u.Token] = u.Name
|
||||
db.ById[u.Id] = u.Name
|
||||
db.Names[u.Name] = u
|
||||
db.List = append(db.List, u.Name)
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
<table id="profile" cellspacing=0 cellpadding=0>
|
||||
{{if has_avatar .User.Name}}<img class="avatar" src="/avatar/{{.User.Name}}">{{end}}
|
||||
<tr class="odd"><td>Login:</td><td>{{.User.Name}}</td></tr>
|
||||
<tr class="even"><td>Token:</td><td>{{.User.Token}}</td></tr>
|
||||
<tr class="even"><td>Auth token:</td><td>{{.User.Token}}</td></tr>
|
||||
<tr class="odd"><td>e-mail:</td><td>{{.User.Mail}}</td></tr>
|
||||
<tr class="even"><td>Addr:</td><td>{{.Selected}}</td></tr>
|
||||
<tr class="odd"><td class="links" colspan="2"><a href="{{.PfxPath}}/from/{{.User.Name}}">/from/{{.User.Name}}</a> :: <a href="{{.PfxPath}}/to/{{.User.Name}}">/to/{{.User.Name}}</a>
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{{template "header.tpl" $}}
|
||||
<form method="post" enctype="application/x-www-form-urlencoded" action="/register">
|
||||
<input type="hidden" name="token" value="{{.User.Token}}">
|
||||
<table id="login" cellspacing=0 cellpadding=0>
|
||||
|
||||
<tr class="odd"><td>
|
||||
<input type="text" name="token" class="login" placeholder="authstr" value="{{.User.Token}}"><br>
|
||||
Reset password
|
||||
<!-- <input type="text" name="token" class="login" placeholder="authstr" value="{{.User.Token}}"><br> -->
|
||||
</td></tr>
|
||||
|
||||
<tr class="even"><td>
|
||||
<input type="password" name="old_password" class="passwd" placeholder="old password"><br>
|
||||
</td></tr>
|
||||
|
||||
<tr class="even"><td>
|
||||
|
|
Loading…
Reference in New Issue