harbor/controllers/password.go

/*
   Copyright (c) 2016 VMware, Inc. All Rights Reserved.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/
package controllers

import (
	"bytes"
	"net/http"
	"os"
	"regexp"
	"text/template"

	"github.com/vmware/harbor/dao"
	"github.com/vmware/harbor/models"
	"github.com/vmware/harbor/utils"

	"github.com/astaxie/beego"
)

type ChangePasswordController struct {
	BaseController
}

func (cpc *ChangePasswordController) Get() {
	sessionUserID := cpc.GetSession("userId")
	if sessionUserID == nil {
		cpc.Redirect("/signIn", http.StatusFound)
		return
	}
	cpc.Data["Username"] = cpc.GetSession("username")
	cpc.ForwardTo("page_title_change_password", "change-password")
}

func (cc *CommonController) UpdatePassword() {

	sessionUserID := cc.GetSession("userId")

	if sessionUserID == nil {
		beego.Warning("User does not login.")
		cc.CustomAbort(http.StatusUnauthorized, "please_login_first")
	}

	oldPassword := cc.GetString("old_password")
	if oldPassword == "" {
		beego.Error("Old password is blank")
		cc.CustomAbort(http.StatusBadRequest, "Old password is blank")
	}

	queryUser := models.User{UserID: sessionUserID.(int), Password: oldPassword}
	user, err := dao.CheckUserPassword(queryUser)
	if err != nil {
		beego.Error("Error occurred in CheckUserPassword:", err)
		cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
	}

	if user == nil {
		beego.Warning("Password input is not correct")
		cc.CustomAbort(http.StatusForbidden, "old_password_is_not_correct")
	}

	password := cc.GetString("password")
	if password != "" {
		updateUser := models.User{UserID: sessionUserID.(int), Password: password, Salt: user.Salt}
		err = dao.ChangeUserPassword(updateUser, oldPassword)
		if err != nil {
			beego.Error("Error occurred in ChangeUserPassword:", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
	} else {
		cc.CustomAbort(http.StatusBadRequest, "please_input_new_password")
	}
}

type ForgotPasswordController struct {
	BaseController
}

type MessageDetail struct {
	Hint string
	URL  string
	UUID string
}

func (fpc *ForgotPasswordController) Get() {
	fpc.ForwardTo("page_title_forgot_password", "forgot-password")
}

func (cc *CommonController) SendEmail() {

	email := cc.GetString("email")

	pass, _ := regexp.MatchString(`^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$`, email)

	if !pass {
		cc.CustomAbort(http.StatusBadRequest, "email_content_illegal")
	} else {

		queryUser := models.User{Email: email}
		exist, err := dao.UserExists(queryUser, "email")
		if err != nil {
			beego.Error("Error occurred in UserExists:", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
		if !exist {
			cc.CustomAbort(http.StatusNotFound, "email_does_not_exist")
		}

		messageTemplate, err := template.ParseFiles("views/reset-password-mail.tpl")
		if err != nil {
			beego.Error("Parse email template file failed:", err)
			cc.CustomAbort(http.StatusInternalServerError, err.Error())
		}

		message := new(bytes.Buffer)

		harborURL := os.Getenv("HARBOR_URL")
		if harborURL == "" {
			harborURL = "localhost"
		}
		uuid, err := dao.GenerateRandomString()
		if err != nil {
			beego.Error("Error occurred in GenerateRandomString:", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
		err = messageTemplate.Execute(message, MessageDetail{
			Hint: cc.Tr("reset_email_hint"),
			URL:  harborURL,
			UUID: uuid,
		})

		if err != nil {
			beego.Error("message template error:", err)
			cc.CustomAbort(http.StatusInternalServerError, "internal_error")
		}

		config, err := beego.AppConfig.GetSection("mail")
		if err != nil {
			beego.Error("Can not load app.conf:", err)
			cc.CustomAbort(http.StatusInternalServerError, "internal_error")
		}

		mail := utils.Mail{
			From:    config["from"],
			To:      []string{email},
			Subject: cc.Tr("reset_email_subject"),
			Message: message.String()}

		err = mail.SendMail()

		if err != nil {
			beego.Error("send email failed:", err)
			cc.CustomAbort(http.StatusInternalServerError, "send_email_failed")
		}

		user := models.User{ResetUUID: uuid, Email: email}
		dao.UpdateUserResetUuid(user)

	}

}

type ResetPasswordController struct {
	BaseController
}

func (rpc *ResetPasswordController) Get() {

	resetUUID := rpc.GetString("reset_uuid")
	if resetUUID == "" {
		beego.Error("Reset uuid is blank.")
		rpc.Redirect("/", http.StatusFound)
		return
	}

	queryUser := models.User{ResetUUID: resetUUID}
	user, err := dao.GetUser(queryUser)
	if err != nil {
		beego.Error("Error occurred in GetUser:", err)
		rpc.CustomAbort(http.StatusInternalServerError, "Internal error.")
	}

	if user != nil {
		rpc.Data["ResetUuid"] = user.ResetUUID
		rpc.ForwardTo("page_title_reset_password", "reset-password")
	} else {
		rpc.Redirect("/", http.StatusFound)
	}
}

func (cc *CommonController) ResetPassword() {

	resetUUID := cc.GetString("reset_uuid")
	if resetUUID == "" {
		cc.CustomAbort(http.StatusBadRequest, "Reset uuid is blank.")
	}

	queryUser := models.User{ResetUUID: resetUUID}
	user, err := dao.GetUser(queryUser)
	if err != nil {
		beego.Error("Error occurred in GetUser:", err)
		cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
	}
	if user == nil {
		beego.Error("User does not exist")
		cc.CustomAbort(http.StatusBadRequest, "User does not exist")
	}

	password := cc.GetString("password")

	if password != "" {
		user.Password = password
		err = dao.ResetUserPassword(*user)
		if err != nil {
			beego.Error("Error occurred in ResetUserPassword:", err)
			cc.CustomAbort(http.StatusInternalServerError, "Internal error.")
		}
	} else {
		cc.CustomAbort(http.StatusBadRequest, "password_is_required")
	}
}
Initial commit 2016-02-01 11:59:10 +00:00			`/*`
			`Copyright (c) 2016 VMware, Inc. All Rights Reserved.`
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`
			`package controllers`

			`import (`
			`"bytes"`
replace status codes with constants in net/http 2016-02-24 06:31:52 +00:00			`"net/http"`
Initial commit 2016-02-01 11:59:10 +00:00			`"os"`
			`"regexp"`
			`"text/template"`

			`"github.com/vmware/harbor/dao"`
			`"github.com/vmware/harbor/models"`
			`"github.com/vmware/harbor/utils"`

			`"github.com/astaxie/beego"`
			`)`

			`type ChangePasswordController struct {`
			`BaseController`
			`}`

			`func (cpc *ChangePasswordController) Get() {`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`sessionUserID := cpc.GetSession("userId")`
			`if sessionUserID == nil {`
replace status codes with constants in net/http 2016-02-24 06:31:52 +00:00			`cpc.Redirect("/signIn", http.StatusFound)`
added return clause after redirection. 2016-02-25 03:48:22 +00:00			`return`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`cpc.Data["Username"] = cpc.GetSession("username")`
			`cpc.ForwardTo("page_title_change_password", "change-password")`
			`}`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`func (cc *CommonController) UpdatePassword() {`
Initial commit 2016-02-01 11:59:10 +00:00
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`sessionUserID := cc.GetSession("userId")`
Initial commit 2016-02-01 11:59:10 +00:00
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`if sessionUserID == nil {`
Initial commit 2016-02-01 11:59:10 +00:00			`beego.Warning("User does not login.")`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusUnauthorized, "please_login_first")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`oldPassword := cc.GetString("old_password")`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`if oldPassword == "" {`
			`beego.Error("Old password is blank")`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusBadRequest, "Old password is blank")`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`}`

golint refactor for model 2016-02-26 02:15:01 +00:00			`queryUser := models.User{UserID: sessionUserID.(int), Password: oldPassword}`
Initial commit 2016-02-01 11:59:10 +00:00			`user, err := dao.CheckUserPassword(queryUser)`
			`if err != nil {`
			`beego.Error("Error occurred in CheckUserPassword:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`if user == nil {`
			`beego.Warning("Password input is not correct")`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusForbidden, "old_password_is_not_correct")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`password := cc.GetString("password")`
Initial commit 2016-02-01 11:59:10 +00:00			`if password != "" {`
golint refactor for model 2016-02-26 02:15:01 +00:00			`updateUser := models.User{UserID: sessionUserID.(int), Password: password, Salt: user.Salt}`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`err = dao.ChangeUserPassword(updateUser, oldPassword)`
			`if err != nil {`
			`beego.Error("Error occurred in ChangeUserPassword:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`}`
Initial commit 2016-02-01 11:59:10 +00:00			`} else {`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusBadRequest, "please_input_new_password")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`}`

			`type ForgotPasswordController struct {`
			`BaseController`
			`}`

			`type MessageDetail struct {`
			`Hint string`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`URL string`
			`UUID string`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`func (fpc *ForgotPasswordController) Get() {`
			`fpc.ForwardTo("page_title_forgot_password", "forgot-password")`
			`}`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`func (cc *CommonController) SendEmail() {`
Initial commit 2016-02-01 11:59:10 +00:00
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`email := cc.GetString("email")`
Initial commit 2016-02-01 11:59:10 +00:00
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			pass, _ := regexp.MatchString(`^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)\|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$`, email)

			`if !pass {`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusBadRequest, "email_content_illegal")`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`} else {`
Initial commit 2016-02-01 11:59:10 +00:00
			`queryUser := models.User{Email: email}`
			`exist, err := dao.UserExists(queryUser, "email")`
			`if err != nil {`
			`beego.Error("Error occurred in UserExists:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`if !exist {`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusNotFound, "email_does_not_exist")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`messageTemplate, err := template.ParseFiles("views/reset-password-mail.tpl")`
			`if err != nil {`
			`beego.Error("Parse email template file failed:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, err.Error())`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`message := new(bytes.Buffer)`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`harborURL := os.Getenv("HARBOR_URL")`
			`if harborURL == "" {`
			`harborURL = "localhost"`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`uuid, err := dao.GenerateRandomString()`
			`if err != nil {`
			`beego.Error("Error occurred in GenerateRandomString:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`err = messageTemplate.Execute(message, MessageDetail{`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`Hint: cc.Tr("reset_email_hint"),`
			`URL: harborURL,`
			`UUID: uuid,`
Initial commit 2016-02-01 11:59:10 +00:00			`})`

			`if err != nil {`
			`beego.Error("message template error:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "internal_error")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`config, err := beego.AppConfig.GetSection("mail")`
			`if err != nil {`
			`beego.Error("Can not load app.conf:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "internal_error")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`mail := utils.Mail{`
			`From: config["from"],`
			`To: []string{email},`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`Subject: cc.Tr("reset_email_subject"),`
Initial commit 2016-02-01 11:59:10 +00:00			`Message: message.String()}`

			`err = mail.SendMail()`

			`if err != nil {`
			`beego.Error("send email failed:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "send_email_failed")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

golint refactor for model 2016-02-26 02:15:01 +00:00			`user := models.User{ResetUUID: uuid, Email: email}`
Initial commit 2016-02-01 11:59:10 +00:00			`dao.UpdateUserResetUuid(user)`

			`}`

			`}`

			`type ResetPasswordController struct {`
			`BaseController`
			`}`

			`func (rpc *ResetPasswordController) Get() {`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`resetUUID := rpc.GetString("reset_uuid")`
			`if resetUUID == "" {`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`beego.Error("Reset uuid is blank.")`
replace status codes with constants in net/http 2016-02-24 06:31:52 +00:00			`rpc.Redirect("/", http.StatusFound)`
added return clause after redirection. 2016-02-25 03:48:22 +00:00			`return`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`}`

golint refactor for model 2016-02-26 02:15:01 +00:00			`queryUser := models.User{ResetUUID: resetUUID}`
Initial commit 2016-02-01 11:59:10 +00:00			`user, err := dao.GetUser(queryUser)`
			`if err != nil {`
			`beego.Error("Error occurred in GetUser:", err)`
replace status codes with constants in net/http 2016-02-24 06:31:52 +00:00			`rpc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`

			`if user != nil {`
golint refactor for model 2016-02-26 02:15:01 +00:00			`rpc.Data["ResetUuid"] = user.ResetUUID`
Initial commit 2016-02-01 11:59:10 +00:00			`rpc.ForwardTo("page_title_reset_password", "reset-password")`
			`} else {`
replace status codes with constants in net/http 2016-02-24 06:31:52 +00:00			`rpc.Redirect("/", http.StatusFound)`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`}`

golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`func (cc *CommonController) ResetPassword() {`
Initial commit 2016-02-01 11:59:10 +00:00
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`resetUUID := cc.GetString("reset_uuid")`
			`if resetUUID == "" {`
			`cc.CustomAbort(http.StatusBadRequest, "Reset uuid is blank.")`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`}`
Initial commit 2016-02-01 11:59:10 +00:00
golint refactor for model 2016-02-26 02:15:01 +00:00			`queryUser := models.User{ResetUUID: resetUUID}`
Initial commit 2016-02-01 11:59:10 +00:00			`user, err := dao.GetUser(queryUser)`
			`if err != nil {`
			`beego.Error("Error occurred in GetUser:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`if user == nil {`
			`beego.Error("User does not exist")`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusBadRequest, "User does not exist")`
fixed codes about changing password processes. 2016-02-23 20:02:08 +00:00			`}`
Initial commit 2016-02-01 11:59:10 +00:00
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`password := cc.GetString("password")`
Initial commit 2016-02-01 11:59:10 +00:00
			`if password != "" {`
			`user.Password = password`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 12:44:46 +00:00			`err = dao.ResetUserPassword(*user)`
			`if err != nil {`
			`beego.Error("Error occurred in ResetUserPassword:", err)`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusInternalServerError, "Internal error.")`
added checking affected count in changing password, added ut for changing password with old password. 2016-02-24 12:44:46 +00:00			`}`
Initial commit 2016-02-01 11:59:10 +00:00			`} else {`
golint refactor for controller and service 2016-02-25 06:00:29 +00:00			`cc.CustomAbort(http.StatusBadRequest, "password_is_required")`
Initial commit 2016-02-01 11:59:10 +00:00			`}`
			`}`