mirror of
https://github.com/LBPUnion/ProjectLighthouse.git
synced 2025-09-07 10:06:10 +00:00
Added password reset form (#336)
* Added password reset form * added using to commentsPartial without this i was experiencing an error when browsing to my profile page * (Hopefully) final password reset form * Update ProjectLighthouse.Servers.Website/Pages/PasswordResetPage.cshtml.cs Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse.Servers.Website/Pages/PasswordResetRequestForm.cshtml.cs Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse/Database.cs Co-authored-by: Jayden <jvyden@jvyden.xyz> * Update ProjectLighthouse.Servers.Website/Pages/LoginForm.cshtml Co-authored-by: Jayden <jvyden@jvyden.xyz> * Stopped leaking user email addresses * Made UserFromPasswordResetToken async * Made UserFromPasswordResetToken async * Indented login form row div * Fix AddedPasswordResetTokens migration not having proper attributes * Adjust password reset email text * Clean up password reset request form Co-authored-by: Jayden <jvyden@jvyden.xyz>
This commit is contained in:
Zaprit
GitHub
parent
714be9e59f
commit
0b27969a22
10 changed files with 256 additions and 12 deletions
|
|
@ -54,15 +54,23 @@
|
|||
{
|
||||
@await Html.PartialAsync("Partials/CaptchaPartial")
|
||||
}
|
||||
|
||||
<input type="submit" value="Log in" id="submit" class="ui blue button">
|
||||
@if (ServerConfiguration.Instance.Authentication.RegistrationEnabled)
|
||||
{
|
||||
<a href="/register">
|
||||
|
||||
<div class="row">
|
||||
<input type="submit" value="Log in" id="submit" class="ui blue button">
|
||||
@if (ServerConfiguration.Instance.Authentication.RegistrationEnabled)
|
||||
{
|
||||
<a href="/register">
|
||||
<div class="ui button">
|
||||
<i class="user alternate add icon"></i>
|
||||
Register
|
||||
</div>
|
||||
</a>
|
||||
}
|
||||
</div>
|
||||
<br/>
|
||||
<a href="/passwordResetRequest">
|
||||
<div class="ui button">
|
||||
<i class="user alternate add icon"></i>
|
||||
Register
|
||||
Forgot Password?
|
||||
</div>
|
||||
</a>
|
||||
}
|
||||
</form>
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
@using System.Web
|
||||
@using System.IO
|
||||
@using LBPUnion.ProjectLighthouse.PlayerData.Profiles
|
||||
<div class="ui yellow segment" id="comments">
|
||||
<h2>Comments</h2>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ using LBPUnion.ProjectLighthouse.Configuration;
|
|||
using LBPUnion.ProjectLighthouse.Helpers;
|
||||
using LBPUnion.ProjectLighthouse.PlayerData.Profiles;
|
||||
using LBPUnion.ProjectLighthouse.Servers.Website.Pages.Layouts;
|
||||
using LBPUnion.ProjectLighthouse.Types;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages;
|
||||
|
|
@ -19,8 +18,21 @@ public class PasswordResetPage : BaseLayout
|
|||
[UsedImplicitly]
|
||||
public async Task<IActionResult> OnPost(string password, string confirmPassword)
|
||||
{
|
||||
User? user = this.Database.UserFromWebRequest(this.Request);
|
||||
if (user == null) return this.Redirect("~/login");
|
||||
User? user;
|
||||
if (Request.Query.ContainsKey("token"))
|
||||
{
|
||||
user = await this.Database.UserFromPasswordResetToken(Request.Query["token"][0]);
|
||||
if (user == null)
|
||||
{
|
||||
this.Error = "This password reset link either is invalid or has expired. Please try again.";
|
||||
return this.Page();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
user = this.Database.UserFromWebRequest(this.Request);
|
||||
if (user == null) return this.Redirect("~/login");
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(password))
|
||||
{
|
||||
|
|
@ -48,6 +60,8 @@ public class PasswordResetPage : BaseLayout
|
|||
[UsedImplicitly]
|
||||
public IActionResult OnGet()
|
||||
{
|
||||
if (this.Request.Query.ContainsKey("token")) return this.Page();
|
||||
|
||||
User? user = this.Database.UserFromWebRequest(this.Request);
|
||||
if (user == null) return this.Redirect("~/login");
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,34 @@
|
|||
@page "/passwordResetRequest"
|
||||
@model LBPUnion.ProjectLighthouse.Servers.Website.Pages.PasswordResetRequestForm
|
||||
|
||||
@{
|
||||
Layout = "Layouts/BaseLayout";
|
||||
Model.Title = "Password Reset";
|
||||
}
|
||||
|
||||
@if (!string.IsNullOrWhiteSpace(Model.Error))
|
||||
{
|
||||
<div class="ui negative message">
|
||||
<div class="header">
|
||||
Uh oh!
|
||||
</div>
|
||||
<p style="white-space: pre-line">@Model.Error</p>
|
||||
</div>
|
||||
}
|
||||
|
||||
@if (!string.IsNullOrWhiteSpace(Model.Status))
|
||||
{
|
||||
<div class="ui positive message">
|
||||
<div class="header">
|
||||
Success!
|
||||
</div>
|
||||
<p style="white-space: pre-line">@Model.Status</p>
|
||||
</div>
|
||||
}
|
||||
|
||||
<form class="ui form" method="post">
|
||||
@Html.AntiForgeryToken()
|
||||
|
||||
<input type="text" autocomplete="no" id="username" placeholder="Username" name="username"/><br/><br/>
|
||||
<input type="submit" value="Request Password Reset" class="ui blue button"/>
|
||||
</form>
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
using JetBrains.Annotations;
|
||||
using LBPUnion.ProjectLighthouse.Configuration;
|
||||
using LBPUnion.ProjectLighthouse.Helpers;
|
||||
using LBPUnion.ProjectLighthouse.PlayerData;
|
||||
using LBPUnion.ProjectLighthouse.PlayerData.Profiles;
|
||||
using LBPUnion.ProjectLighthouse.Servers.Website.Pages.Layouts;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages;
|
||||
|
||||
public class PasswordResetRequestForm : BaseLayout
|
||||
{
|
||||
|
||||
public string? Error { get; private set; }
|
||||
|
||||
public string? Status { get; private set; }
|
||||
|
||||
public PasswordResetRequestForm(Database database) : base(database)
|
||||
{ }
|
||||
|
||||
[UsedImplicitly]
|
||||
public async Task<IActionResult> OnPost(string username)
|
||||
{
|
||||
|
||||
if (!ServerConfiguration.Instance.Mail.MailEnabled)
|
||||
{
|
||||
this.Error = "Email is not configured on this server, so password resets cannot be issued. Please contact your instance administrator for more details.";
|
||||
return this.Page();
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(username))
|
||||
{
|
||||
this.Error = "The username field is required.";
|
||||
return this.Page();
|
||||
}
|
||||
|
||||
User? user = await this.Database.Users.FirstOrDefaultAsync(u => u.Username == username);
|
||||
|
||||
if (user == null)
|
||||
{
|
||||
this.Error = "User does not exist.";
|
||||
return this.Page();
|
||||
}
|
||||
|
||||
PasswordResetToken token = new()
|
||||
{
|
||||
Created = DateTime.Now,
|
||||
UserId = user.UserId,
|
||||
ResetToken = CryptoHelper.GenerateAuthToken(),
|
||||
};
|
||||
|
||||
string messageBody = $"Hello, {user.Username}.\n\n" +
|
||||
"A request to reset your account's password was issued. If this wasn't you, this can probably be ignored.\n\n" +
|
||||
$"If this was you, your {ServerConfiguration.Instance.Customization.ServerName} password can be reset at the following link:\n" +
|
||||
$"{ServerConfiguration.Instance.ExternalUrl}/passwordReset?token={token.ResetToken}";
|
||||
|
||||
SMTPHelper.SendEmail(user.EmailAddress, $"Project Lighthouse Password Reset Request for {user.Username}", messageBody);
|
||||
|
||||
this.Database.PasswordResetTokens.Add(token);
|
||||
await this.Database.SaveChangesAsync();
|
||||
|
||||
this.Status = $"Password reset email sent to {CensorHelper.MaskEmail(user.EmailAddress)}.";
|
||||
return this.Page();
|
||||
}
|
||||
public void OnGet() => this.Page();
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue