forked from Nixius/authelia
63 lines
1.7 KiB
Go
63 lines
1.7 KiB
Go
package handlers
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
func (a *App) handleResendReset(w http.ResponseWriter, r *http.Request) {
|
|
username := r.FormValue("username")
|
|
if username == "" {
|
|
http.Error(w, "username required", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if err := a.triggerPasswordReset(username); err != nil {
|
|
log.Printf("resend-reset: failed for %s: %v", username, err)
|
|
http.Error(w, "failed to send email", http.StatusInternalServerError)
|
|
return
|
|
}
|
|
log.Printf("resend-reset: password reset email sent for %s", username)
|
|
w.WriteHeader(http.StatusOK)
|
|
w.Write([]byte("Password setup email sent. Check your inbox."))
|
|
}
|
|
|
|
func (a *App) triggerPasswordReset(username string) error {
|
|
body, _ := json.Marshal(map[string]string{"username": username})
|
|
|
|
req, err := http.NewRequest(
|
|
http.MethodPost,
|
|
a.cfg.AutheliaInternalURL+"/api/reset-password/identity/start",
|
|
bytes.NewReader(body),
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("authelia reset build request: %w", err)
|
|
}
|
|
|
|
// Strip scheme from AutheliaURL to get the host for forwarding headers
|
|
externalHost := strings.TrimPrefix(strings.TrimPrefix(a.cfg.AutheliaURL, "https://"), "http://")
|
|
proto := "http"
|
|
if strings.HasPrefix(a.cfg.AutheliaURL, "https://") {
|
|
proto = "https"
|
|
}
|
|
|
|
req.Header.Set("Content-Type", "application/json")
|
|
req.Header.Set("X-Forwarded-Host", externalHost)
|
|
req.Header.Set("X-Forwarded-Proto", proto)
|
|
req.Header.Set("X-Forwarded-For", "127.0.0.1")
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
if err != nil {
|
|
return fmt.Errorf("authelia reset request: %w", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
return fmt.Errorf("authelia reset returned %d", resp.StatusCode)
|
|
}
|
|
return nil
|
|
}
|