harbor/controllers/password.go

package controllers

import (
	"bytes"
	"net/http"
	"os"
	"regexp"
	"text/template"

	"github.com/astaxie/beego"
	"github.com/vmware/harbor/dao"
	"github.com/vmware/harbor/models"
	"github.com/vmware/harbor/utils"
	"github.com/vmware/harbor/utils/log"
)

type messageDetail struct {
	Hint string
	URL  string
	UUID string
}

// SendEmail verifies the Email address and contact SMTP server to send reset password Email.
func (cc *CommonController) SendEmail() {

	email := cc.GetString("email")

	pass, _ := regexp.MatchString(`^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$`, email)

	if !pass {
		cc.CustomAbort(http.StatusBadRequest, "email_content_illegal")
	} else {

		queryUser := models.User{Email: email}
		exist, err := dao.UserExists(queryUser, "email")
		if err != nil {
			log.Errorf("Error occurred in UserExists: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
		if !exist {
			cc.CustomAbort(http.StatusNotFound, "email_does_not_exist")
		}

		messageTemplate, err := template.ParseFiles("views/reset-password-mail.tpl")
		if err != nil {
			log.Errorf("Parse email template file failed: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, err.Error())
		}

		message := new(bytes.Buffer)

		harborURL := os.Getenv("HARBOR_URL")
		if harborURL == "" {
			harborURL = "localhost"
		}
		uuid, err := dao.GenerateRandomString()
		if err != nil {
			log.Errorf("Error occurred in GenerateRandomString: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
		err = messageTemplate.Execute(message, messageDetail{
			Hint: cc.Tr("Warning: You're receiving this because you're requesting for changing password in Harbor, if it is not your operation, please ignore; otherwise, please click the link below"),
			URL:  harborURL,
			UUID: uuid,
		})

		if err != nil {
			log.Errorf("Message template error: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, "internal_error")
		}

		config, err := beego.AppConfig.GetSection("mail")
		if err != nil {
			log.Errorf("Can not load app.conf: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, "internal_error")
		}

		mail := utils.Mail{
			From:    config["from"],
			To:      []string{email},
			Subject: cc.Tr("reset_email_subject"),
			Message: message.String()}

		err = mail.SendMail()

		if err != nil {
			log.Errorf("Send email failed: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, "send_email_failed")
		}

		user := models.User{ResetUUID: uuid, Email: email}
		dao.UpdateUserResetUUID(user)

	}

}

// ForgotPasswordController handles requests to /forgot_password
type ForgotPasswordController struct {
	BaseController
}

// Get renders forgot password page
func (fpc *ForgotPasswordController) Get() {
	fpc.Forward("Forgot Password", "forgot-password.htm")
}

// ResetPasswordController handles request to /resetPassword
type ResetPasswordController struct {
	BaseController
}

// Get checks if reset_uuid in the reset link is valid and render the result page for user to reset password.
func (rpc *ResetPasswordController) Get() {

	resetUUID := rpc.GetString("reset_uuid")
	if resetUUID == "" {
		log.Error("Reset uuid is blank.")
		rpc.Redirect("/", http.StatusFound)
		return
	}

	queryUser := models.User{ResetUUID: resetUUID}
	user, err := dao.GetUser(queryUser)
	if err != nil {
		log.Errorf("Error occurred in GetUser: %v", err)
		rpc.CustomAbort(http.StatusInternalServerError, "Internal error.")
	}

	if user != nil {
		rpc.Data["ResetUuid"] = user.ResetUUID
		rpc.Forward("Reset Password", "reset-password.htm")
	} else {
		rpc.Redirect("/", http.StatusFound)
	}
}

// ResetPassword handles request from the reset page and reset password
func (cc *CommonController) ResetPassword() {

	resetUUID := cc.GetString("reset_uuid")
	if resetUUID == "" {
		cc.CustomAbort(http.StatusBadRequest, "Reset uuid is blank.")
	}

	queryUser := models.User{ResetUUID: resetUUID}
	user, err := dao.GetUser(queryUser)
	if err != nil {
		log.Errorf("Error occurred in GetUser: %v", err)
		cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
	}
	if user == nil {
		log.Error("User does not exist")
		cc.CustomAbort(http.StatusBadRequest, "User does not exist")
	}

	password := cc.GetString("password")

	if password != "" {
		user.Password = password
		err = dao.ResetUserPassword(*user)
		if err != nil {
			log.Errorf("Error occurred in ResetUserPassword: %v", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
	} else {
		cc.CustomAbort(http.StatusBadRequest, "password_is_required")
	}
}
Initial commit 2016-02-01 12:59:10 +01:00			`package controllers`

			`import (`
			`"bytes"`
replace status codes with constants in net/http 2016-02-24 07:31:52 +01:00			`"net/http"`
Initial commit 2016-02-01 12:59:10 +01:00			`"os"`
			`"regexp"`
			`"text/template"`

replace UI code structure with new version. 2016-06-16 08:10:35 +02:00			`"github.com/astaxie/beego"`
Initial commit 2016-02-01 12:59:10 +01:00			`"github.com/vmware/harbor/dao"`
			`"github.com/vmware/harbor/models"`
			`"github.com/vmware/harbor/utils"`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`"github.com/vmware/harbor/utils/log"`
Initial commit 2016-02-01 12:59:10 +01:00			`)`

add comments to pass golint 2016-02-26 11:35:55 +01:00			`type messageDetail struct {`
Initial commit 2016-02-01 12:59:10 +01:00			`Hint string`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`URL string`
			`UUID string`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

add comments to pass golint 2016-02-26 11:35:55 +01:00			`// SendEmail verifies the Email address and contact SMTP server to send reset password Email.`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`func (cc *CommonController) SendEmail() {`
Initial commit 2016-02-01 12:59:10 +01:00
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`email := cc.GetString("email")`
Initial commit 2016-02-01 12:59:10 +01:00
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			pass, _ := regexp.MatchString(`^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$`, email)

			`if !pass {`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusBadRequest, "email_content_illegal")`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`} else {`
Initial commit 2016-02-01 12:59:10 +01:00
			`queryUser := models.User{Email: email}`
			`exist, err := dao.UserExists(queryUser, "email")`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Error occurred in UserExists: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`
			`if !exist {`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusNotFound, "email_does_not_exist")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`messageTemplate, err := template.ParseFiles("views/reset-password-mail.tpl")`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Parse email template file failed: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, err.Error())`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`message := new(bytes.Buffer)`

golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`harborURL := os.Getenv("HARBOR_URL")`
			`if harborURL == "" {`
			`harborURL = "localhost"`
Initial commit 2016-02-01 12:59:10 +01:00			`}`
			`uuid, err := dao.GenerateRandomString()`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Error occurred in GenerateRandomString: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`
add comments to pass golint 2016-02-26 11:35:55 +01:00			`err = messageTemplate.Execute(message, messageDetail{`
modify code for test 2016-06-23 12:15:58 +02:00			`Hint: cc.Tr("Warning: You're receiving this because you're requesting for changing password in Harbor, if it is not your operation, please ignore; otherwise, please click the link below"),`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`URL: harborURL,`
			`UUID: uuid,`
Initial commit 2016-02-01 12:59:10 +01:00			`})`

			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Message template error: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "internal_error")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`config, err := beego.AppConfig.GetSection("mail")`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Can not load app.conf: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "internal_error")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`mail := utils.Mail{`
			`From: config["from"],`
			`To: []string{email},`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`Subject: cc.Tr("reset_email_subject"),`
Initial commit 2016-02-01 12:59:10 +01:00			`Message: message.String()}`

			`err = mail.SendMail()`

			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Send email failed: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "send_email_failed")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

golint refactor for model 2016-02-26 03:15:01 +01:00			`user := models.User{ResetUUID: uuid, Email: email}`
golint refactor for dao 2016-02-26 04:26:54 +01:00			`dao.UpdateUserResetUUID(user)`
Initial commit 2016-02-01 12:59:10 +01:00
			`}`

			`}`

replace UI code structure with new version. 2016-06-16 08:10:35 +02:00			`// ForgotPasswordController handles requests to /forgot_password`
			`type ForgotPasswordController struct {`
			`BaseController`
			`}`

			`// Get renders forgot password page`
			`func (fpc *ForgotPasswordController) Get() {`
			`fpc.Forward("Forgot Password", "forgot-password.htm")`
			`}`

add comments to pass golint 2016-02-26 11:35:55 +01:00			`// ResetPasswordController handles request to /resetPassword`
Initial commit 2016-02-01 12:59:10 +01:00			`type ResetPasswordController struct {`
			`BaseController`
			`}`

add comments to pass golint 2016-02-26 11:35:55 +01:00			`// Get checks if reset_uuid in the reset link is valid and render the result page for user to reset password.`
Initial commit 2016-02-01 12:59:10 +01:00			`func (rpc *ResetPasswordController) Get() {`

golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`resetUUID := rpc.GetString("reset_uuid")`
			`if resetUUID == "" {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Error("Reset uuid is blank.")`
replace status codes with constants in net/http 2016-02-24 07:31:52 +01:00			`rpc.Redirect("/", http.StatusFound)`
added return clause after redirection. 2016-02-25 04:48:22 +01:00			`return`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`}`

golint refactor for model 2016-02-26 03:15:01 +01:00			`queryUser := models.User{ResetUUID: resetUUID}`
Initial commit 2016-02-01 12:59:10 +01:00			`user, err := dao.GetUser(queryUser)`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Error occurred in GetUser: %v", err)`
replace status codes with constants in net/http 2016-02-24 07:31:52 +01:00			`rpc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`

			`if user != nil {`
golint refactor for model 2016-02-26 03:15:01 +01:00			`rpc.Data["ResetUuid"] = user.ResetUUID`
replace UI code structure with new version. 2016-06-16 08:10:35 +02:00			`rpc.Forward("Reset Password", "reset-password.htm")`
Initial commit 2016-02-01 12:59:10 +01:00			`} else {`
replace status codes with constants in net/http 2016-02-24 07:31:52 +01:00			`rpc.Redirect("/", http.StatusFound)`
Initial commit 2016-02-01 12:59:10 +01:00			`}`
			`}`

add comments to pass golint 2016-02-26 11:35:55 +01:00			`// ResetPassword handles request from the reset page and reset password`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`func (cc *CommonController) ResetPassword() {`
Initial commit 2016-02-01 12:59:10 +01:00
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`resetUUID := cc.GetString("reset_uuid")`
			`if resetUUID == "" {`
			`cc.CustomAbort(http.StatusBadRequest, "Reset uuid is blank.")`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`}`
Initial commit 2016-02-01 12:59:10 +01:00
golint refactor for model 2016-02-26 03:15:01 +01:00			`queryUser := models.User{ResetUUID: resetUUID}`
Initial commit 2016-02-01 12:59:10 +01:00			`user, err := dao.GetUser(queryUser)`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Error occurred in GetUser: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`if user == nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Error("User does not exist")`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusBadRequest, "User does not exist")`
fixed codes about changing password processes. 2016-02-23 21:02:08 +01:00			`}`
Initial commit 2016-02-01 12:59:10 +01:00
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`password := cc.GetString("password")`
Initial commit 2016-02-01 12:59:10 +01:00
			`if password != "" {`
			`user.Password = password`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`err = dao.ResetUserPassword(*user)`
			`if err != nil {`
Replace the beego log module with the new logger for the files under the controllers directory 2016-03-30 14:49:43 +02:00			`log.Errorf("Error occurred in ResetUserPassword: %v", err)`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 13:44:46 +01:00			`}`
Initial commit 2016-02-01 12:59:10 +01:00			`} else {`
golint refactor for controller and service 2016-02-25 07:00:29 +01:00			`cc.CustomAbort(http.StatusBadRequest, "password_is_required")`
Initial commit 2016-02-01 12:59:10 +01:00			`}`
			`}`