surtur
1b2d860beb
All checks were successful
continuous-integration/drone/push Build is passing
...issue by deleting the session cookie after successful password change and forcing the user to re-authenticate. additionally, split the InitialPasswordChange func into separate "GET" and "POST" variants.
127 lines
3.2 KiB
Go
127 lines
3.2 KiB
Go
// Copyright 2023 wanderer <a_mirre at utb dot cz>
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"git.dotya.ml/mirre-mt/pcmt/ent"
|
|
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
|
|
"github.com/labstack/echo-contrib/session"
|
|
"github.com/labstack/echo/v4"
|
|
)
|
|
|
|
func Home(client *ent.Client) echo.HandlerFunc {
|
|
return func(c echo.Context) error {
|
|
var username string
|
|
|
|
addHeaders(c)
|
|
|
|
sess, _ := session.Get(setting.SessionCookieName(), c)
|
|
if sess == nil {
|
|
log.Info("no session, redirecting to /signin", "endpoint", "/home")
|
|
return c.Redirect(http.StatusSeeOther, "/signin")
|
|
}
|
|
|
|
if sess.Values["foo"] != nil {
|
|
log.Info("gorilla session", "custom field test", sess.Values["foo"].(string))
|
|
}
|
|
|
|
uname := sess.Values["username"]
|
|
if uname == nil {
|
|
log.Info("session cookie found but username invalid, redirecting to signin", "endpoint", "/home")
|
|
|
|
return c.Redirect(http.StatusSeeOther, "/signin")
|
|
}
|
|
|
|
log.Debug("session", "username", sess.Values["username"].(string), "endpoint", "/home")
|
|
username = sess.Values["username"].(string)
|
|
|
|
// example denial.
|
|
// if _, err := c.Cookie("aha"); err != nil {
|
|
// log.Printf("error: %q", err)
|
|
// return echo.NewHTTPError(http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
|
|
// }
|
|
|
|
var u moduser.User
|
|
|
|
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
|
|
if usr, err := moduser.QueryUser(ctx, client, username); err == nil && usr != nil {
|
|
c.Logger().Debug("got usr: ", usr.Username)
|
|
c.Logger().Debug("admin? ", usr.IsAdmin)
|
|
|
|
u.ID = usr.ID
|
|
u.Username = usr.Username
|
|
u.IsActive = usr.IsActive
|
|
u.IsAdmin = usr.IsAdmin
|
|
// TODO: this is redundant, if there is a user object, the user is logged in...
|
|
u.IsLoggedIn = true
|
|
} else {
|
|
c.Logger().Error("failed to query usr", username)
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError)+" failed to query usr (make sure you've got cookies enabled)",
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if !u.IsAdmin {
|
|
f, err := moduser.UsrFinishedSetup(ctx, dbclient, u.ID)
|
|
if err != nil {
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError,
|
|
http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
if !f {
|
|
return c.Redirect(http.StatusSeeOther, "/user/initial-password-change")
|
|
}
|
|
}
|
|
|
|
csrf := c.Get("csrf").(string)
|
|
p := newPage()
|
|
|
|
p.Title = "Home"
|
|
p.Current = "home"
|
|
p.CSRF = csrf
|
|
p.Name = username
|
|
p.User = u
|
|
|
|
if flsh, ok := sess.Values["flash"].(string); ok {
|
|
p.Data["flash"] = flsh
|
|
|
|
delete(sess.Values, "flash")
|
|
}
|
|
|
|
if _, ok := sess.Values["reauthFlash"].(string); ok {
|
|
p.Data["info"] = "First time after changing the password, yay!"
|
|
|
|
// if this is the first login after the initial password change, delete
|
|
// the cookie value.
|
|
delete(sess.Values, "reauthFlash")
|
|
}
|
|
|
|
_ = sess.Save(c.Request(), c.Response())
|
|
|
|
err := c.Render(http.StatusOK, "home.tmpl", p)
|
|
if err != nil {
|
|
c.Logger().Errorf("error: %q", err)
|
|
|
|
return renderErrorPage(
|
|
c,
|
|
http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError),
|
|
err.Error(),
|
|
)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
}
|