parcoursmob/handlers/auth/lost_password.go

98 lines
2.3 KiB
Go
Executable File

package auth
import (
"context"
"crypto/rand"
"encoding/base64"
"io"
"net/http"
"time"
"git.coopgo.io/coopgo-platform/mobility-accounts/grpcapi"
"github.com/rs/zerolog/log"
)
func (h *AuthHandler) LostPasswordInit(w http.ResponseWriter, r *http.Request) {
if r.Method == "POST" {
r.ParseForm()
email := r.FormValue("email")
if email != "" {
account, err := h.services.GRPC.MobilityAccounts.GetAccountUsername(context.TODO(), &grpcapi.GetAccountUsernameRequest{
Username: email,
Namespace: "parcoursmob",
})
if err != nil {
log.Error().Err(err).Msg("")
http.Redirect(w, r, "/app/", http.StatusFound)
return
}
b := make([]byte, 16)
if _, err := io.ReadFull(rand.Reader, b); err != nil {
log.Error().Err(err).Msg("")
w.WriteHeader(http.StatusInternalServerError)
return
}
key := base64.RawURLEncoding.EncodeToString(b)
passwordretrieval := map[string]any{
"username": email,
"account_id": account.Account.Id,
"key": key,
}
h.cache.PutWithTTL("retrieve-password/"+key, passwordretrieval, 72*time.Hour)
if err := h.emailing.Send("auth.retrieve_password", email, passwordretrieval); err != nil {
log.Error().Err(err).Msg("")
w.WriteHeader(http.StatusInternalServerError)
return
}
http.Redirect(w, r, "/app/", http.StatusFound)
}
}
h.Renderer.LostPasswordInit(w, r)
}
func (h *AuthHandler) LostPasswordRecover(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
key := r.FormValue("key")
recover, err := h.cache.Get("retrieve-password/" + key)
if err != nil {
log.Error().Err(err).Msg("")
h.Renderer.LostPasswordRecoverKO(w, r, key)
return
}
if r.Method == "POST" {
newpassword := r.FormValue("password")
if newpassword == "" {
w.WriteHeader(http.StatusInternalServerError)
w.Write([]byte("Password is empty"))
return
}
_, err := h.services.GRPC.MobilityAccounts.ChangePassword(context.TODO(), &grpcapi.ChangePasswordRequest{
Id: recover.(map[string]any)["account_id"].(string),
Password: newpassword,
})
if err != nil {
log.Error().Err(err).Msg("")
w.WriteHeader(http.StatusInternalServerError)
}
err = h.cache.Delete("retrieve-password/" + key)
if err != nil {
log.Error().Err(err).Msg("")
}
http.Redirect(w, r, "/app/", http.StatusFound)
}
h.Renderer.LostPasswordRecover(w, r, recover)
}