From 01601a3842a7abf34f818c46c82397a5362cce42 Mon Sep 17 00:00:00 2001
From: Chris Mann <chris@lesgrandsvoisins.com>
Date: Sun, 23 Jul 2023 13:37:20 +0200
Subject: [PATCH] G Pas

---
 gpas.go       | 10 ++++++----
 model-user.go |  1 +
 profile.go    | 24 +++++++++++++++++++++++-
 3 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/gpas.go b/gpas.go
index af266c8..0696a74 100644
--- a/gpas.go
+++ b/gpas.go
@@ -83,7 +83,7 @@ func passwordLost(user User, config *ConfigFile, ldapConn *ldap.Conn) error {
 	return nil
 }
 
-func passwordFound(user User, config *ConfigFile, ldapConn *ldap.Conn) (bool, error) {
+func passwordFound(user User, config *ConfigFile, ldapConn *ldap.Conn) (string, error) {
 	l, err := openLdap(config)
 	if err != nil {
 		return false, err
@@ -96,8 +96,10 @@ func passwordFound(user User, config *ConfigFile, ldapConn *ldap.Conn) (bool, er
 		log.Printf("passwordFound %v", err)
 		log.Printf("passwordFound %v", user.DN)
 		log.Printf("passwordFound %v", user.UID)
-		log.Printf("passwordFound %v", user.Password)
-		return false, err
+		return "", err
 	}
-	return true, nil
+	searchReq := ldap.NewSearchRequest(user.DN, ldap.ScopeBaseObject,
+		ldap.NeverDerefAliases, 0, 0, false, "", []string{"seeAlso"}, nil)
+	searchRes, _ := ldapConn.Search(searchReq)
+	return searchRes.Entries[0].GetAttributeValue("seeAlso"), nil
 }
diff --git a/model-user.go b/model-user.go
index 7d8c94b..377264b 100644
--- a/model-user.go
+++ b/model-user.go
@@ -28,6 +28,7 @@ type User struct {
 	CanAdmin     bool
 	CanInvite    bool
 	UserEntry    *ldap.Entry
+	SeeAlso      string
 }
 
 func get(user User, config *ConfigFile, ldapConn *ldap.Conn) (*User, error) {
diff --git a/profile.go b/profile.go
index f8b67a8..ef5c359 100644
--- a/profile.go
+++ b/profile.go
@@ -144,12 +144,34 @@ func handleFoundPassword(w http.ResponseWriter, r *http.Request) {
 		Password: codeArray[1],
 		DN:       "uid=" + codeArray[0] + ",ou=invitations,dc=resdigita,dc=org",
 	}
-	data.Success, err = passwordFound(user, config, ldapConn)
+	dn, err = passwordFound(user, config, ldapConn)
 	if err != nil {
 		log.Printf("handleFoundPassword / passwordFound %v", err)
 		log.Printf("handleFoundPassword / passwordFound %v", err)
 		data.ErrorMessage = err.Error()
 	}
+	if r.Method == "POST" {
+		r.ParseForm()
+
+		password := strings.Join(r.Form["password"], "")
+		password2 := strings.Join(r.Form["password2"], "")
+
+		if len(password) < 8 {
+			data.TooShortError = true
+		} else if password2 != password {
+			data.NoMatchError = true
+		} else {
+			err := passwd(User{
+				DN:       user.SeeAlso,
+				Password: password,
+			}, config, ldapConn)
+			if err != nil {
+				data.ErrorMessage = err.Error()
+			} else {
+				data.Success = true
+			}
+		}
+	}
 	templateFoundPasswordPage.Execute(w, data)
 }