1
0
mirror of https://github.com/osmarks/mycorrhiza.git synced 2024-12-05 02:29:54 +00:00

implement admin form to change a user's password

This commit is contained in:
Jackson 2023-11-27 14:55:45 +01:00 committed by Timur Ismagilov
parent 5ed9e6d9ef
commit 4629f39e99
3 changed files with 68 additions and 0 deletions

View File

@ -93,6 +93,49 @@ func handlerAdminUserEdit(w http.ResponseWriter, rq *http.Request) {
viewEditUser(viewutil.MetaFrom(w, rq), f, u)
}
func handlerAdminUserChangePassword(w http.ResponseWriter, rq *http.Request) {
vars := mux.Vars(rq)
u := user.ByName(vars["username"])
if u == nil {
util.HTTP404Page(w, "404 page not found")
return
}
f := util.FormDataFromRequest(rq, []string{"password", "password_confirm"})
password := f.Get("password")
passwordConfirm := f.Get("password_confirm")
// server side validation
if password == "" {
err := fmt.Errorf("passwords should not be empty")
f = f.WithError(err)
}
if password == passwordConfirm {
previousPassword := u.Password // for rollback
if err := u.ChangePassword(password); err != nil {
f = f.WithError(err)
} else {
if err := user.SaveUserDatabase(); err != nil {
u.Password = previousPassword
f = f.WithError(err)
} else {
http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
return
}
}
} else {
err := fmt.Errorf("passwords do not match")
f = f.WithError(err)
}
if f.HasError() {
w.WriteHeader(http.StatusBadRequest)
}
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
viewEditUser(viewutil.MetaFrom(w, rq), f, u)
}
func handlerAdminUserDelete(w http.ResponseWriter, rq *http.Request) {
vars := mux.Vars(rq)
u := user.ByName(vars["username"])

View File

@ -10,6 +10,7 @@ import (
"net/http"
)
// TODO: translate some untranslated strings
const adminTranslationRu = `
{{define "panel title"}}Панель админстратора{{end}}
{{define "panel safe section title"}}Безопасная секция{{end}}
@ -33,6 +34,9 @@ const adminTranslationRu = `
{{define "new user"}}Новый пользователь{{end}}
{{define "password"}}Пароль{{end}}
{{define "confirm password"}}Confirm password{{end}}
{{define "change password"}}Change password{{end}}
{{define "non local password change"}}Non-local accounts cannot have their passwords changed.{{end}}
{{define "create"}}Создать{{end}}
{{define "change group"}}Изменить группу{{end}}
@ -57,6 +61,7 @@ func Init(rtr *mux.Router) {
rtr.HandleFunc("/new-user", handlerAdminUserNew).Methods(http.MethodGet, http.MethodPost)
rtr.HandleFunc("/users/{username}/edit", handlerAdminUserEdit).Methods(http.MethodGet, http.MethodPost)
rtr.HandleFunc("/users/{username}/change-password", handlerAdminUserChangePassword).Methods(http.MethodPost)
rtr.HandleFunc("/users/{username}/delete", handlerAdminUserDelete).Methods(http.MethodGet, http.MethodPost)
rtr.HandleFunc("/users", handlerAdminUsers)

View File

@ -33,6 +33,26 @@
</div>
</form>
<h2>{{block "change password" .}}Change password{{end}}</h2>
{{if eq .U.Source "local"}}
<form action="/admin/users/{{.U.Name}}/change-password" method="post">
<div class="form-field">
<label for="pass">{{block "password" .}}Password{{end}}</label>
<input required type="password" autocomplete="new-password" id="pass" name="password">
<br>
<label for="pass_confirm">{{block "confirm password" .}}Confirm password{{end}}</label>
<input required type="password" autocomplete="new-password" id="pass_confirm" name="password_confirm">
</div>
<div class="form-field">
<input class="btn" type="submit" value='{{block "submit" .}}Submit{{end}}'>
</div>
</form>
{{else}}
<p>{{block "non local password change" .}}Non-local accounts cannot have their passwords changed.{{end}}</p>
{{end}}
<h2>{{block "delete user" .}}Delete user{{end}}</h2>
<p>{{block "delete user tip" .}}Remove the user from the database. Changes made by the user will be preserved. It will be possible to take this username later.{{end}}</p>
<a class="btn btn_destructive" href="/admin/users/{{.U.Name}}/delete">{{template "delete"}}</a>