package auth import ( "context" "crypto/rand" "encoding/base64" "io" "net/http" "time" "git.coopgo.io/coopgo-platform/mobility-accounts/grpcapi" "github.com/rs/zerolog/log" ) func (h *AuthHandler) LostPasswordInit(w http.ResponseWriter, r *http.Request) { if r.Method == "POST" { r.ParseForm() email := r.FormValue("email") if email != "" { account, err := h.services.GRPC.MobilityAccounts.GetAccountUsername(context.TODO(), &grpcapi.GetAccountUsernameRequest{ Username: email, Namespace: "parcoursmob", }) if err != nil { log.Error().Err(err).Msg("") http.Redirect(w, r, "/app/", http.StatusFound) return } b := make([]byte, 16) if _, err := io.ReadFull(rand.Reader, b); err != nil { log.Error().Err(err).Msg("") w.WriteHeader(http.StatusInternalServerError) return } key := base64.RawURLEncoding.EncodeToString(b) passwordretrieval := map[string]any{ "username": email, "account_id": account.Account.Id, "key": key, } h.cache.PutWithTTL("retrieve-password/"+key, passwordretrieval, 72*time.Hour) if err := h.emailing.Send("auth.retrieve_password", email, passwordretrieval); err != nil { log.Error().Err(err).Msg("") w.WriteHeader(http.StatusInternalServerError) return } http.Redirect(w, r, "/app/", http.StatusFound) } } h.Renderer.LostPasswordInit(w, r) } func (h *AuthHandler) LostPasswordRecover(w http.ResponseWriter, r *http.Request) { r.ParseForm() key := r.FormValue("key") recover, err := h.cache.Get("retrieve-password/" + key) if err != nil { log.Error().Err(err).Msg("") h.Renderer.LostPasswordRecoverKO(w, r, key) return } if r.Method == "POST" { newpassword := r.FormValue("password") if newpassword == "" { w.WriteHeader(http.StatusInternalServerError) w.Write([]byte("Password is empty")) return } _, err := h.services.GRPC.MobilityAccounts.ChangePassword(context.TODO(), &grpcapi.ChangePasswordRequest{ Id: recover.(map[string]any)["account_id"].(string), Password: newpassword, }) if err != nil { log.Error().Err(err).Msg("") w.WriteHeader(http.StatusInternalServerError) } err = h.cache.Delete("retrieve-password/" + key) if err != nil { log.Error().Err(err).Msg("") } http.Redirect(w, r, "/app/", http.StatusFound) } h.Renderer.LostPasswordRecover(w, r, recover) }