// ui_account.go — self-service account surface (password change). // // Routes (wired in server.go): // // POST /api/account/password — JSON change-password (mounted in viewer band) // GET /settings/account — page (lands in Task F4) // POST /settings/account — page submit (lands in Task F4) package http import ( "encoding/json" stdhttp "net/http" "time" "github.com/oklog/ulid/v2" "gitea.dcglab.co.uk/steve/restic-manager/internal/auth" "gitea.dcglab.co.uk/steve/restic-manager/internal/store" ) type passwordChangeRequest struct { CurrentPassword string `json:"current_password"` NewPassword string `json:"new_password"` } func (s *Server) handleAPIAccountPassword(w stdhttp.ResponseWriter, r *stdhttp.Request) { u, ok := s.requireUser(r) if !ok { writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "") return } var req passwordChangeRequest if err := json.NewDecoder(r.Body).Decode(&req); err != nil { writeJSONError(w, stdhttp.StatusBadRequest, "invalid_json", err.Error()) return } if len(req.NewPassword) < 12 { writeJSONError(w, stdhttp.StatusBadRequest, "password_too_short", "min 12 chars") return } // Skip current-password check when must_change_password is set — // the user has no current password to know (only matters for the // legacy reset-password path; setup-token path doesn't use this). if !u.MustChangePassword { if err := auth.VerifyPassword(u.PasswordHash, req.CurrentPassword); err != nil { writeJSONError(w, stdhttp.StatusUnauthorized, "current_password_wrong", "") return } } hash, err := auth.HashPassword(req.NewPassword) if err != nil { writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error()) return } if err := s.deps.Store.SetPasswordHash(r.Context(), u.ID, hash); err != nil { writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error()) return } _ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{ ID: ulid.Make().String(), UserID: &u.ID, Actor: "user", Action: "user.password_changed", TargetKind: ptr("user"), TargetID: &u.ID, TS: time.Now().UTC(), }) w.WriteHeader(stdhttp.StatusOK) } type accountPage struct { Username string Role string MustChange bool Error string Saved bool } func (s *Server) handleUIAccountGet(w stdhttp.ResponseWriter, r *stdhttp.Request) { u := s.requireUIUser(w, r) if u == nil { return } full, err := s.deps.Store.GetUserByID(r.Context(), u.ID) if err != nil { stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError) return } view := s.baseView(r, u) view.Title = "Account · restic-manager" view.Active = "settings" view.Page = accountPage{ Username: full.Username, Role: string(full.Role), MustChange: full.MustChangePassword, } _ = s.deps.UI.Render(w, "account", view) } func (s *Server) handleUIAccountPost(w stdhttp.ResponseWriter, r *stdhttp.Request) { u := s.requireUIUser(w, r) if u == nil { return } if err := r.ParseForm(); err != nil { stdhttp.Error(w, "bad request", stdhttp.StatusBadRequest) return } cur := r.PostForm.Get("current_password") pw := r.PostForm.Get("new_password") pw2 := r.PostForm.Get("confirm_password") full, err := s.deps.Store.GetUserByID(r.Context(), u.ID) if err != nil { stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError) return } render := func(errMsg string, saved bool) { view := s.baseView(r, u) view.Title = "Account · restic-manager" view.Active = "settings" view.Page = accountPage{ Username: full.Username, Role: string(full.Role), MustChange: full.MustChangePassword, Error: errMsg, Saved: saved, } _ = s.deps.UI.Render(w, "account", view) } if pw == "" || pw != pw2 || len(pw) < 12 { render("Passwords must match and be at least 12 characters.", false) return } if !full.MustChangePassword { if err := auth.VerifyPassword(full.PasswordHash, cur); err != nil { render("Current password is incorrect.", false) return } } hash, err := auth.HashPassword(pw) if err != nil { render("Internal error.", false) return } if err := s.deps.Store.SetPasswordHash(r.Context(), u.ID, hash); err != nil { render("Internal error.", false) return } _ = s.deps.Store.AppendAudit(r.Context(), store.AuditEntry{ ID: ulid.Make().String(), UserID: &u.ID, Actor: "user", Action: "user.password_changed", TargetKind: ptr("user"), TargetID: &u.ID, TS: time.Now().UTC(), }) full.MustChangePassword = false render("", true) }