x/web-app-template
Archived
Template
2
0
Fork 0
Code Issues 13 Pull Requests 4 Actions Packages Activity

feat(security): #328 delete old sessions forgot password [tbs]
Some checks failed
Build Docker Image / Build-Docker-Image (push) Failing after 41s
Details

Browse Source
This commit is contained in:
Tim Wundenberg
2024-12-18 22:48:54 +01:00
parent 2b46a00a49
commit 588f915c86
8 changed files with 103 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
handler/auth.go
View File

@@ -48,9 +48,9 @@ func (handler AuthImpl) Handle(router *http.ServeMux) {
router.Handle("/auth/change-password", handler.handleChangePasswordPage())
router.Handle("/api/auth/change-password", handler.handleChangePasswordComp())
router.Handle("/auth/reset-password", handler.handleResetPasswordPage())
router.Handle("/api/auth/reset-password", handler.handleForgotPasswordComp())
router.Handle("/api/auth/reset-password-actual", handler.handleForgotPasswordResponseComp())
router.Handle("/auth/forgot-password", handler.handleForgotPasswordPage())
router.Handle("/api/auth/forgot-password", handler.handleForgotPasswordComp())
router.Handle("/api/auth/forgot-password-actual", handler.handleForgotPasswordResponseComp())
}
var (
@@ -312,12 +312,12 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
}
}
func (handler AuthImpl) handleResetPasswordPage() http.HandlerFunc {
func (handler AuthImpl) handleForgotPasswordPage() http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
user := middleware.GetUser(r)
if user == nil {
utils.DoRedirect(w, r, "/auth/signin")
if user != nil {
utils.DoRedirect(w, r, "/")
return
}
@@ -335,7 +335,11 @@ func (handler AuthImpl) handleForgotPasswordComp() http.HandlerFunc {
return
}
err := handler.service.SendForgotPasswordMail(email)
_, err := utils.WaitMinimumTime(securityWaitDuration, func() (interface{}, error) {
err := handler.service.SendForgotPasswordMail(email)
return nil, err
})
if err != nil {
utils.TriggerToast(w, r, "error", "Internal Server Error", http.StatusInternalServerError)
} else {
@@ -355,11 +359,6 @@ func (handler AuthImpl) handleForgotPasswordResponseComp() http.HandlerFunc {
}
token := pageUrl.Query().Get("token")
if token == "" {
utils.TriggerToast(w, r, "error", "No token", http.StatusBadRequest)
return
}
newPass := r.FormValue("new-password")
err = handler.service.ForgotPassword(token, newPass)