Create/change account password (#156)

2024-12-22 20:42:40 +00:00 · 2023-11-21 02:03:28 +09:00 · 2023-11-21 02:03:28 +09:00 · d518a44d32
commit d518a44d32
parent dcacde0959
4 changed files with 72 additions and 1 deletions
--- a/internal/i18n/locales/en-US.yml
+++ b/internal/i18n/locales/en-US.yml
@ -106,6 +106,11 @@ settings.delete-ssh-key-confirm: Confirm deletion of SSH key
 settings.ssh-key-added-at: Added
 settings.ssh-key-never-used: Never used
 settings.ssh-key-last-used: Last used
+settings.create-password: Create password
+settings.create-password-help: Create your password to login to Opengist via HTTP
+settings.change-password: Change password
+settings.change-password-help: Change your password to login to Opengist via HTTP
+settings.password-label-title: Password

 auth.signup-disabled: Administrator has disabled signing up
 auth.login: Login
--- a/internal/web/server.go
+++ b/internal/web/server.go
@ -218,6 +218,7 @@ func NewServer(isDev bool) *Server {
 		g1.DELETE("/settings/account", accountDeleteProcess, logged)
 		g1.POST("/settings/ssh-keys", sshKeysProcess, logged)
 		g1.DELETE("/settings/ssh-keys/:id", sshKeysDelete, logged)
+		g1.PUT("/settings/password", passwordProcess, logged)

 		g2 := g1.Group("/admin-panel")
 		{
--- a/internal/web/settings.go
+++ b/internal/web/settings.go
@ -21,6 +21,7 @@ func userSettings(ctx echo.Context) error {

 	setData(ctx, "email", user.Email)
 	setData(ctx, "sshKeys", keys)
+	setData(ctx, "hasPassword", user.Password != "")
 	setData(ctx, "htmlTitle", "Settings")
 	return html(ctx, "settings.html")
 }
@ -110,3 +111,31 @@ func sshKeysDelete(ctx echo.Context) error {
 	addFlash(ctx, "SSH key deleted", "success")
 	return redirect(ctx, "/settings")
 }
+
+func passwordProcess(ctx echo.Context) error {
+	user := getUserLogged(ctx)
+
+	dto := new(db.UserDTO)
+	if err := ctx.Bind(dto); err != nil {
+		return errorRes(400, "Cannot bind data", err)
+	}
+	dto.Username = user.Username
+
+	if err := ctx.Validate(dto); err != nil {
+		addFlash(ctx, validationMessages(&err), "error")
+		return html(ctx, "settings.html")
+	}
+
+	password, err := argon2id.hash(dto.Password)
+	if err != nil {
+		return errorRes(500, "Cannot hash password", err)
+	}
+	user.Password = password
+
+	if err = user.Update(); err != nil {
+		return errorRes(500, "Cannot update password", err)
+	}
+
+	addFlash(ctx, "Password updated", "success")
+	return redirect(ctx, "/settings")
+}
--- a/templates/pages/settings.html
+++ b/templates/pages/settings.html
@ -90,7 +90,43 @@
                    </div>
                </div>
            </div>
-            <div class="sm:grid grid-cols-2 gap-x-4 md:gap-x-8">
+            <div class="sm:grid grid-cols-3 gap-x-4 md:gap-x-8">
+                <div class="w-full">
+                    <div class="bg-white dark:bg-gray-900 rounded-md border border-1 border-gray-200 dark:border-gray-700 py-8 px-4 shadow sm:rounded-lg sm:px-10">
+                        <h2 class="text-md font-bold text-slate-700 dark:text-slate-300">
+                            {{if .hasPassword}}
+                                {{ .locale.Tr "settings.change-password" }}
+                            {{else}}
+                                {{ .locale.Tr "settings.create-password" }}
+                            {{end}}
+                        </h2>
+                        <h3 class="text-sm text-gray-600 dark:text-gray-400 italic mb-4">
+                            {{if .hasPassword}}
+                                {{ .locale.Tr "settings.change-password-help" }}
+                            {{else}}
+                                {{ .locale.Tr "settings.create-password-help" }}
+                            {{end}}
+                        </h3>
+                        <form class="space-y-6" action="/settings/password" method="post">
+                            <div>
+                                <label for="password-change" class="block text-sm font-medium text-slate-700 dark:text-slate-300"> {{ .locale.Tr "settings.password-label-title" }} </label>
+                                <div class="mt-1">
+                                    <input id="password-change" name="password" type="password" required autocomplete="off" class="dark:bg-gray-800 appearance-none block w-full px-3 py-2 border border-gray-200 dark:border-gray-700 rounded-md shadow-sm placeholder-gray-600 dark:placeholder-gray-400 focus:outline-none focus:ring-primary-500 focus:border-primary-500 sm:text-sm">
+                                </div>
+                            </div>
+                            <input type="hidden" name="_method" value="PUT">
+
+                            <button type="submit" class="inline-flex items-center px-4 py-2 border border-transparent border-gray-200 dark:border-gray-700 text-sm font-medium rounded-md shadow-sm text-white dark:text-white bg-primary-500 hover:bg-primary-600 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-primary-500">
+                                {{if .hasPassword}}
+                                    {{ .locale.Tr "settings.change-password" }}
+                                {{else}}
+                                    {{ .locale.Tr "settings.create-password" }}
+                                {{end}}
+                            </button>
+                            {{ .csrfHtml }}
+                        </form>
+                    </div>
+                </div>
                <div class="w-full">
                    <div class="bg-white dark:bg-gray-900 rounded-md border border-1 border-gray-200 dark:border-gray-700 py-8 px-4 shadow sm:rounded-lg sm:px-10">
                        <h2 class="text-md font-bold text-slate-700 dark:text-slate-300">