mhoppa commented on a change in pull request #3929: Rewrote
/user/reset_password to Go
URL: https://github.com/apache/trafficcontrol/pull/3929#discussion_r335630857
##########
File path: traffic_ops/traffic_ops_golang/login/login.go
##########
@@ -21,26 +21,85 @@ package login
import (
"bytes"
+ "crypto/rand"
+ "database/sql"
"encoding/json"
"errors"
"fmt"
- "github.com/dgrijalva/jwt-go"
- "github.com/lestrrat-go/jwx/jwk"
+ "html/template"
"net/http"
"net/url"
"path/filepath"
"time"
"github.com/apache/trafficcontrol/lib/go-log"
+ "github.com/apache/trafficcontrol/lib/go-rfc"
"github.com/apache/trafficcontrol/lib/go-tc"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/auth"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/config"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/tocookie"
+ "github.com/dgrijalva/jwt-go"
"github.com/jmoiron/sqlx"
+ "github.com/lestrrat-go/jwx/jwk"
)
+type emailFormatter struct {
+ From rfc.EmailAddress
+ To rfc.EmailAddress
+ InstanceName string
+ ResetURL rfc.URL
+ Token string
+}
+
+const instanceNameQuery = `
+SELECT value
+FROM parameter
+WHERE name='tm.instance_name' AND
+ config_file='global'
+`
+const userQueryByEmail = `SELECT EXISTS(SELECT * FROM tm_user WHERE email=$1)`
+const setTokenQuery = `UPDATE tm_user SET token=$1 WHERE email=$2`
+
+var resetPasswordEmailTemplate = template.Must(template.New("Password Reset
Email").Parse("From: {{.From.String}}\r" + `
+To: {{.To.String}}` + "\r" + `
+Content-Type: text/html` + "\r" + `
+Subject: {{.InstanceName}} Password Reset Request` + "\r\n\r" + `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <title>{{.InstanceName}} Password Reset Request</title>
+ <meta charset="utf-8"/>
+ <style>
+ .button_link {
+ display: block;
+ width: 130px;
+ height: 35px;
+ background: #2682AF;
+ padding: 5px;
+ text-align: center;
+ border-radius: 5px;
+ color: white;
+ font-weight: bold;
+ text-decoration: none;
+ cursor: pointer;
+ }
+ </style>
+</head>
+<body>
+ <main>
+ <p>Someone has requested to change your password for the
{{.InstanceName}}. If you requested this change, please click the link below
and change your password. Otherwise, you can disregard this email.</p>
+ <p><a class="button_link" target="_blank"
href="{{.ResetURL}}?token={{.Token}}">Click to Reset Your Password</a></p>
Review comment:
the ResetURL is also running into issues on rendering I am getting
`href="#ZgotmplZ?token=....">` Per
https://stackoverflow.com/questions/14765395/why-am-i-seeing-zgotmplz-in-my-go-html-template-output
the `ZgotmplZ` means unsafe content reached a CSS or URL context at runtime.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
