mirror of
https://github.com/osmarks/mycorrhiza.git
synced 2024-12-05 02:29:54 +00:00
implement admin form to change a user's password
This commit is contained in:
parent
5ed9e6d9ef
commit
4629f39e99
@ -93,6 +93,49 @@ func handlerAdminUserEdit(w http.ResponseWriter, rq *http.Request) {
|
||||
viewEditUser(viewutil.MetaFrom(w, rq), f, u)
|
||||
}
|
||||
|
||||
func handlerAdminUserChangePassword(w http.ResponseWriter, rq *http.Request) {
|
||||
vars := mux.Vars(rq)
|
||||
u := user.ByName(vars["username"])
|
||||
if u == nil {
|
||||
util.HTTP404Page(w, "404 page not found")
|
||||
return
|
||||
}
|
||||
|
||||
f := util.FormDataFromRequest(rq, []string{"password", "password_confirm"})
|
||||
|
||||
password := f.Get("password")
|
||||
passwordConfirm := f.Get("password_confirm")
|
||||
// server side validation
|
||||
if password == "" {
|
||||
err := fmt.Errorf("passwords should not be empty")
|
||||
f = f.WithError(err)
|
||||
}
|
||||
if password == passwordConfirm {
|
||||
previousPassword := u.Password // for rollback
|
||||
if err := u.ChangePassword(password); err != nil {
|
||||
f = f.WithError(err)
|
||||
} else {
|
||||
if err := user.SaveUserDatabase(); err != nil {
|
||||
u.Password = previousPassword
|
||||
f = f.WithError(err)
|
||||
} else {
|
||||
http.Redirect(w, rq, "/admin/users/", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
}
|
||||
} else {
|
||||
err := fmt.Errorf("passwords do not match")
|
||||
f = f.WithError(err)
|
||||
}
|
||||
|
||||
if f.HasError() {
|
||||
w.WriteHeader(http.StatusBadRequest)
|
||||
}
|
||||
w.Header().Set("Content-Type", mime.TypeByExtension(".html"))
|
||||
|
||||
viewEditUser(viewutil.MetaFrom(w, rq), f, u)
|
||||
}
|
||||
|
||||
func handlerAdminUserDelete(w http.ResponseWriter, rq *http.Request) {
|
||||
vars := mux.Vars(rq)
|
||||
u := user.ByName(vars["username"])
|
||||
|
@ -10,6 +10,7 @@ import (
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// TODO: translate some untranslated strings
|
||||
const adminTranslationRu = `
|
||||
{{define "panel title"}}Панель админстратора{{end}}
|
||||
{{define "panel safe section title"}}Безопасная секция{{end}}
|
||||
@ -33,6 +34,9 @@ const adminTranslationRu = `
|
||||
|
||||
{{define "new user"}}Новый пользователь{{end}}
|
||||
{{define "password"}}Пароль{{end}}
|
||||
{{define "confirm password"}}Confirm password{{end}}
|
||||
{{define "change password"}}Change password{{end}}
|
||||
{{define "non local password change"}}Non-local accounts cannot have their passwords changed.{{end}}
|
||||
{{define "create"}}Создать{{end}}
|
||||
|
||||
{{define "change group"}}Изменить группу{{end}}
|
||||
@ -57,6 +61,7 @@ func Init(rtr *mux.Router) {
|
||||
|
||||
rtr.HandleFunc("/new-user", handlerAdminUserNew).Methods(http.MethodGet, http.MethodPost)
|
||||
rtr.HandleFunc("/users/{username}/edit", handlerAdminUserEdit).Methods(http.MethodGet, http.MethodPost)
|
||||
rtr.HandleFunc("/users/{username}/change-password", handlerAdminUserChangePassword).Methods(http.MethodPost)
|
||||
rtr.HandleFunc("/users/{username}/delete", handlerAdminUserDelete).Methods(http.MethodGet, http.MethodPost)
|
||||
rtr.HandleFunc("/users", handlerAdminUsers)
|
||||
|
||||
|
@ -33,6 +33,26 @@
|
||||
</div>
|
||||
</form>
|
||||
|
||||
<h2>{{block "change password" .}}Change password{{end}}</h2>
|
||||
|
||||
{{if eq .U.Source "local"}}
|
||||
<form action="/admin/users/{{.U.Name}}/change-password" method="post">
|
||||
<div class="form-field">
|
||||
<label for="pass">{{block "password" .}}Password{{end}}</label>
|
||||
<input required type="password" autocomplete="new-password" id="pass" name="password">
|
||||
<br>
|
||||
<label for="pass_confirm">{{block "confirm password" .}}Confirm password{{end}}</label>
|
||||
<input required type="password" autocomplete="new-password" id="pass_confirm" name="password_confirm">
|
||||
</div>
|
||||
|
||||
<div class="form-field">
|
||||
<input class="btn" type="submit" value='{{block "submit" .}}Submit{{end}}'>
|
||||
</div>
|
||||
</form>
|
||||
{{else}}
|
||||
<p>{{block "non local password change" .}}Non-local accounts cannot have their passwords changed.{{end}}</p>
|
||||
{{end}}
|
||||
|
||||
<h2>{{block "delete user" .}}Delete user{{end}}</h2>
|
||||
<p>{{block "delete user tip" .}}Remove the user from the database. Changes made by the user will be preserved. It will be possible to take this username later.{{end}}</p>
|
||||
<a class="btn btn_destructive" href="/admin/users/{{.U.Name}}/delete">{{template "delete"}}</a>
|
||||
|
Loading…
Reference in New Issue
Block a user