Example #1
0
func resetPassword(app *Application, answer *model.SecurityAnswer, token *model.Token, r *http.Request) error {
	ans := r.FormValue("answer")
	pass := r.FormValue("password")
	pass2 := r.FormValue("password2")

	if len(pass) < viper.GetInt("min_passwd_len") || len(pass2) < viper.GetInt("min_passwd_len") {
		return errors.New(fmt.Sprintf("Please set a password at least %d characters in length.", viper.GetInt("min_passwd_len")))
	}

	if pass != pass2 {
		return errors.New("Password do not match. Please confirm your password.")
	}

	if utf8.RuneCountInString(ans) < 2 || utf8.RuneCountInString(ans) > 100 {
		return errors.New("Invalid answer. Must be between 2 and 100 characters long.")
	}

	err := bcrypt.CompareHashAndPassword([]byte(answer.Answer), []byte(ans))
	if err != nil {
		return errors.New("The security answer you provided does not match. Please check that you are entering the correct answer.")
	}

	// Setup password in FreeIPA
	err = setPassword(token.UserName, "", pass)
	if err != nil {
		if ierr, ok := err.(*ipa.ErrPasswordPolicy); ok {
			logrus.WithFields(logrus.Fields{
				"uid":   token.UserName,
				"error": ierr.Error(),
			}).Error("password does not conform to policy")
			return errors.New("Your password is too weak. Please ensure your password includes a number and lower/upper case character")
		}

		if ierr, ok := err.(*ipa.ErrInvalidPassword); ok {
			logrus.WithFields(logrus.Fields{
				"uid":   token.UserName,
				"error": ierr.Error(),
			}).Error("invalid password from FreeIPA")
			return errors.New("Invalid password.")
		}

		logrus.WithFields(logrus.Fields{
			"uid":   token.UserName,
			"error": err.Error(),
		}).Error("failed to set user password in FreeIPA")
		return errors.New("Fatal system error")
	}

	// Destroy token
	err = model.DestroyToken(app.db, token.Token)
	if err != nil {
		logrus.WithFields(logrus.Fields{
			"uid":   token.UserName,
			"error": err.Error(),
		}).Error("failed to remove token from database")
		return errors.New("Fatal system error")
	}

	return nil
}
Example #2
0
func setupAccount(app *Application, questions []*model.SecurityQuestion, token *model.Token, r *http.Request) error {
	qid := r.FormValue("qid")
	answer := r.FormValue("answer")
	pass := r.FormValue("password")
	pass2 := r.FormValue("password2")

	if len(pass) < viper.GetInt("min_passwd_len") || len(pass2) < viper.GetInt("min_passwd_len") {
		return errors.New(fmt.Sprintf("Please set a password at least %d characters in length.", viper.GetInt("min_passwd_len")))
	}

	if pass != pass2 {
		return errors.New("Password do not match. Please confirm your password.")
	}

	if len(qid) == 0 || len(answer) == 0 {
		return errors.New("Please choose a security question and answer.")
	}

	if utf8.RuneCountInString(answer) < 2 || utf8.RuneCountInString(answer) > 100 {
		return errors.New("Invalid answer. Must be between 2 and 100 characters long.")
	}

	q, err := strconv.Atoi(qid)
	if err != nil {
		return errors.New("Invalid security question")
	}

	found := false
	for _, sq := range questions {
		if sq.Id == q {
			found = true
			break
		}
	}

	if found == false {
		return errors.New("Invalid security question")
	}

	hash, err := bcrypt.GenerateFromPassword([]byte(answer), bcrypt.DefaultCost)
	if err != nil {
		logrus.WithFields(logrus.Fields{
			"uid":   token.UserName,
			"error": err.Error(),
		}).Error("failed to generate bcrypt hash of answer")
		return errors.New("Fatal system error")
	}

	// Setup password in FreeIPA
	err = setPassword(token.UserName, "", pass)
	if err != nil {
		if ierr, ok := err.(*ipa.ErrPasswordPolicy); ok {
			logrus.WithFields(logrus.Fields{
				"uid":   token.UserName,
				"error": ierr.Error(),
			}).Error("password does not conform to policy")
			return errors.New("Your password is too weak. Please ensure your password includes a number and lower/upper case character")
		}

		if ierr, ok := err.(*ipa.ErrInvalidPassword); ok {
			logrus.WithFields(logrus.Fields{
				"uid":   token.UserName,
				"error": ierr.Error(),
			}).Error("invalid password from FreeIPA")
			return errors.New("Invalid password.")
		}

		logrus.WithFields(logrus.Fields{
			"uid":   token.UserName,
			"error": err.Error(),
		}).Error("failed to set user password in FreeIPA")
		return errors.New("Fatal system error")
	}

	// Save security answer
	a := &model.SecurityAnswer{
		UserName:   token.UserName,
		QuestionId: q,
		Answer:     string(hash)}

	err = model.StoreAnswer(app.db, a)
	if err != nil {
		logrus.WithFields(logrus.Fields{
			"uid":   token.UserName,
			"error": err.Error(),
		}).Error("failed to save answer to the database")
		return errors.New("Fatal system error")
	}

	// Destroy token
	err = model.DestroyToken(app.db, token.Token)
	if err != nil {
		logrus.WithFields(logrus.Fields{
			"uid":   token.UserName,
			"error": err.Error(),
		}).Error("failed to remove token from database")
		return errors.New("Fatal system error")
	}

	return nil
}