doForgotPassword handles the forgot password form submission.
(c echo.Context)
| 579 | |
| 580 | // doForgotPassword handles the forgot password form submission. |
| 581 | func (a *App) doForgotPassword(c echo.Context) error { |
| 582 | var ( |
| 583 | email = strings.ToLower(strings.TrimSpace(c.FormValue("email"))) |
| 584 | ) |
| 585 | |
| 586 | // Validate email format. |
| 587 | if !utils.ValidateEmail(email) { |
| 588 | return c.Render(http.StatusOK, tplMessage, makeMsgTpl(a.i18n.T("users.resetPassword"), "", a.i18n.T("users.resetLinkSent"))) |
| 589 | } |
| 590 | |
| 591 | // Get the user by email. |
| 592 | user, err := a.core.GetUser(0, "", email) |
| 593 | if err != nil { |
| 594 | return c.Render(http.StatusOK, tplMessage, makeMsgTpl(a.i18n.T("users.resetPassword"), "", a.i18n.T("users.resetLinkSent"))) |
| 595 | } |
| 596 | |
| 597 | // If the password login is disabled, do not proceed, but show success message to prevent email enumeration. |
| 598 | if !user.PasswordLogin { |
| 599 | return c.Render(http.StatusOK, tplMessage, makeMsgTpl(a.i18n.T("users.resetPassword"), "", a.i18n.T("users.resetLinkSent"))) |
| 600 | } |
| 601 | |
| 602 | // Generate a random token. |
| 603 | token, err := generateRandomString(tmpAuthTokenLen) |
| 604 | if err != nil { |
| 605 | a.log.Printf("error generating reset token: %v", err) |
| 606 | return echo.NewHTTPError(http.StatusInternalServerError, a.i18n.T("globals.messages.internalError")) |
| 607 | } |
| 608 | |
| 609 | // Store the reset token in tmptokens. |
| 610 | tmptokens.Set(email, passwordResetTTL, token) |
| 611 | |
| 612 | // Prepare the reset URL. |
| 613 | resetURL := fmt.Sprintf("%s/admin/reset?token=%s&email=%s", a.urlCfg.RootURL, token, url.QueryEscape(email)) |
| 614 | |
| 615 | // Prepare the email. |
| 616 | var msg bytes.Buffer |
| 617 | data := struct { |
| 618 | ResetURL string |
| 619 | L *i18n.I18n |
| 620 | }{ |
| 621 | ResetURL: resetURL, |
| 622 | L: a.i18n, |
| 623 | } |
| 624 | |
| 625 | // Render the email template. |
| 626 | if err := notifs.Tpls.ExecuteTemplate(&msg, notifs.TplForgotPassword, data); err != nil { |
| 627 | a.log.Printf("error compiling notification template '%s': %v", notifs.TplForgotPassword, err) |
| 628 | return echo.NewHTTPError(http.StatusInternalServerError, a.i18n.T("globals.messages.internalError")) |
| 629 | } |
| 630 | |
| 631 | subject, body := notifs.GetTplSubject(a.i18n.T("email.forgotPassword.subject"), msg.Bytes()) |
| 632 | |
| 633 | // Send the email. |
| 634 | if err := a.emailMsgr.Push(models.Message{ |
| 635 | From: a.cfg.FromEmail, |
| 636 | To: []string{email}, |
| 637 | Subject: subject, |
| 638 | Body: body, |
no test coverage detected