Commit f0bc2231 authored by ale's avatar ale

Make account recovery URL configurable

parent f144f4dc
Pipeline #1618 passed with stages
in 1 minute and 46 seconds
...@@ -1173,13 +1173,15 @@ var _templatesLogin_passwordHtml = []byte(`{{template "header" .}} ...@@ -1173,13 +1173,15 @@ var _templatesLogin_passwordHtml = []byte(`{{template "header" .}}
<input type="password" name="password" id="inputPassword" <input type="password" name="password" id="inputPassword"
class="form-control" placeholder="Password" required> class="form-control" placeholder="Password" required>
{{if .AccountRecoveryURL}}
<p> <p>
<small> <small>
<a href="/recovery"> <a href="{{.AccountRecoveryURL}}">
Forgot your password? Forgot your password?
</a> </a>
</small> </small>
</p> </p>
{{end}}
<button type="submit" class="btn btn-lg btn-primary btn-block">Login</button> <button type="submit" class="btn btn-lg btn-primary btn-block">Login</button>
...@@ -1198,7 +1200,7 @@ func templatesLogin_passwordHtml() (*asset, error) { ...@@ -1198,7 +1200,7 @@ func templatesLogin_passwordHtml() (*asset, error) {
return nil, err return nil, err
} }
info := bindataFileInfo{name: "templates/login_password.html", size: 1088, mode: os.FileMode(420), modTime: time.Unix(1541234797, 0)} info := bindataFileInfo{name: "templates/login_password.html", size: 1149, mode: os.FileMode(420), modTime: time.Unix(1542882702, 0)}
a := &asset{bytes: bytes, info: info} a := &asset{bytes: bytes, info: info}
return a, nil return a, nil
} }
......
...@@ -39,6 +39,7 @@ type Config struct { ...@@ -39,6 +39,7 @@ type Config struct {
DeviceManager *device.Config `yaml:"device_manager"` DeviceManager *device.Config `yaml:"device_manager"`
KeyStore *clientutil.BackendConfig `yaml:"keystore"` KeyStore *clientutil.BackendConfig `yaml:"keystore"`
KeyStoreEnableGroups []string `yaml:"keystore_enable_groups"` KeyStoreEnableGroups []string `yaml:"keystore_enable_groups"`
AccountRecoveryURL string `yaml:"account_recovery_url"`
allowedServicesRx []*regexp.Regexp allowedServicesRx []*regexp.Regexp
} }
......
...@@ -143,7 +143,9 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi ...@@ -143,7 +143,9 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
if err != nil { if err != nil {
return nil, err return nil, err
} }
s.loginHandler = newLoginHandler(s.loginCallback, devMgr, authClient, config.AuthService, config.U2FAppID, config.URLPrefix, s.tpl, sessionSecrets...) s.loginHandler = newLoginHandler(s.loginCallback, devMgr, authClient,
config.AuthService, config.U2FAppID, config.URLPrefix, config.AccountRecoveryURL,
s.tpl, sessionSecrets...)
return s, nil return s, nil
} }
......
...@@ -72,19 +72,20 @@ func init() { ...@@ -72,19 +72,20 @@ func init() {
type loginCallbackFunc func(http.ResponseWriter, *http.Request, string, string, *auth.UserInfo) error type loginCallbackFunc func(http.ResponseWriter, *http.Request, string, string, *auth.UserInfo) error
type loginHandler struct { type loginHandler struct {
authClient authclient.Client authClient authclient.Client
authService string authService string
u2fAppID string u2fAppID string
urlPrefix string urlPrefix string
devMgr *device.Manager devMgr *device.Manager
loginCallback loginCallbackFunc loginCallback loginCallbackFunc
loginSessionStore sessions.Store loginSessionStore sessions.Store
tpl *template.Template tpl *template.Template
accountRecoveryURL string
} }
// NewLoginHandler will wrap an http.Handler with the login workflow, // NewLoginHandler will wrap an http.Handler with the login workflow,
// invoking it only on successful login. // invoking it only on successful login.
func newLoginHandler(okHandler loginCallbackFunc, devMgr *device.Manager, authClient authclient.Client, authService, u2fAppID, urlPrefix string, tpl *template.Template, keyPairs ...[]byte) *loginHandler { func newLoginHandler(okHandler loginCallbackFunc, devMgr *device.Manager, authClient authclient.Client, authService, u2fAppID, urlPrefix, accountRecoveryURL string, tpl *template.Template, keyPairs ...[]byte) *loginHandler {
store := sessions.NewCookieStore(keyPairs...) store := sessions.NewCookieStore(keyPairs...)
store.Options = &sessions.Options{ store.Options = &sessions.Options{
HttpOnly: true, HttpOnly: true,
...@@ -92,14 +93,15 @@ func newLoginHandler(okHandler loginCallbackFunc, devMgr *device.Manager, authCl ...@@ -92,14 +93,15 @@ func newLoginHandler(okHandler loginCallbackFunc, devMgr *device.Manager, authCl
MaxAge: 0, MaxAge: 0,
} }
return &loginHandler{ return &loginHandler{
authClient: authClient, authClient: authClient,
authService: authService, authService: authService,
u2fAppID: u2fAppID, u2fAppID: u2fAppID,
urlPrefix: strings.TrimRight(urlPrefix, "/"), urlPrefix: strings.TrimRight(urlPrefix, "/"),
devMgr: devMgr, devMgr: devMgr,
loginCallback: okHandler, loginCallback: okHandler,
loginSessionStore: store, loginSessionStore: store,
tpl: parseEmbeddedTemplates(), accountRecoveryURL: accountRecoveryURL,
tpl: parseEmbeddedTemplates(),
} }
} }
...@@ -334,6 +336,7 @@ func (l *loginHandler) makeLoginURL(req *http.Request) string { ...@@ -334,6 +336,7 @@ func (l *loginHandler) makeLoginURL(req *http.Request) string {
func (l *loginHandler) executeTemplateToBuffer(req *http.Request, templateName string, data map[string]interface{}) (loginState, []byte, error) { func (l *loginHandler) executeTemplateToBuffer(req *http.Request, templateName string, data map[string]interface{}) (loginState, []byte, error) {
data["CSRFField"] = csrf.TemplateField(req) data["CSRFField"] = csrf.TemplateField(req)
data["URLPrefix"] = l.urlPrefix data["URLPrefix"] = l.urlPrefix
data["AccountRecoveryURL"] = l.accountRecoveryURL
var buf bytes.Buffer var buf bytes.Buffer
if err := l.tpl.ExecuteTemplate(&buf, templateName, data); err != nil { if err := l.tpl.ExecuteTemplate(&buf, templateName, data); err != nil {
return loginStateNone, nil, err return loginStateNone, nil, err
......
...@@ -28,13 +28,15 @@ ...@@ -28,13 +28,15 @@
<input type="password" name="password" id="inputPassword" <input type="password" name="password" id="inputPassword"
class="form-control" placeholder="Password" required> class="form-control" placeholder="Password" required>
{{if .AccountRecoveryURL}}
<p> <p>
<small> <small>
<a href="/recovery"> <a href="{{.AccountRecoveryURL}}">
Forgot your password? Forgot your password?
</a> </a>
</small> </small>
</p> </p>
{{end}}
<button type="submit" class="btn btn-lg btn-primary btn-block">Login</button> <button type="submit" class="btn btn-lg btn-primary btn-block">Login</button>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment