Add captcha support

Gopkg.toml

@@ -24,3 +24,6 @@
 [[constraint]]
   name = "gopkg.in/ldap.v2"
   version = "2.5.1"
+[[constraint]]
+  name = "github.com/dchest/captcha"
+  branch = "master"

Makefile

@@ -1,5 +1,5 @@
 REPO=npenkov/docker-ldap-passwd-webui
-VER=1.0
+VER=1.1
 
 .PHONY: all build push
 

README.md

@@ -55,4 +55,5 @@ make
 ## Credits
 
  * [Web UI for changing LDAP password - python](https://github.com/jirutka/ldap-passwd-webui)
- * [Gitea](https://github.com/go-gitea/gitea)
+ * [Gitea](https://github.com/go-gitea/gitea)
+ * [dchest/captcha](https://github.com/dchest/captcha)

app/web.go

@@ -8,6 +8,8 @@ import (
 
 	"html/template"
 
+	"github.com/dchest/captcha"
+
 	"regexp"
 
 	"net/http"
@@ -46,9 +48,10 @@ func (h *RegexpHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 }
 
 type pageData struct {
-	Title    string
-	Username string
-	Alerts   map[string]string
+	Title     string
+	Username  string
+	Alerts    map[string]string
+	CaptchaId string
 }
 
 // ServeAssets : Serves the static assets
@@ -58,7 +61,7 @@ func ServeAssets(w http.ResponseWriter, req *http.Request) {
 
 // ServeIndex : Serves index page on GET request
 func ServeIndex(w http.ResponseWriter, req *http.Request) {
-	p := &pageData{Title: getTitle()}
+	p := &pageData{Title: getTitle(), CaptchaId: captcha.New()}
 	t, e := template.ParseFiles(path.Join("templates", "index.html"))
 	if e != nil {
 		log.Printf("Error parsing file %v\n", e)
@@ -75,27 +78,36 @@ func ChangePassword(w http.ResponseWriter, req *http.Request) {
 	oldPassword := req.Form["old-password"]
 	newPassword := req.Form["new-password"]
 	confirmPassword := req.Form["confirm-password"]
+	captchaID := req.Form["captchaId"]
+	captchaSolution := req.Form["captchaSolution"]
 
 	alerts := map[string]string{}
 
 	if len(username) < 1 || username[0] == "" {
-		alerts["error"] = "Username not specified.<br/>"
+		alerts["error"] = "Username not specified."
 	} else {
 		un = username[0]
 	}
 	if len(oldPassword) < 1 || oldPassword[0] == "" {
-		alerts["error"] = alerts["error"] + "Old password not specified.<br/>"
+		alerts["error"] = "Old password not specified."
 	}
 	if len(newPassword) < 1 || newPassword[0] == "" {
-		alerts["error"] = alerts["error"] + "New password not specified.<br/>"
+		alerts["error"] = "New password not specified."
 	}
 	if len(confirmPassword) < 1 || confirmPassword[0] == "" {
-		alerts["error"] = alerts["error"] + "Confirmation password not specified.<br/>"
+		alerts["error"] = "Confirmation password not specified."
 	}
 
 	if len(confirmPassword) >= 1 && len(newPassword) >= 1 && strings.Compare(newPassword[0], confirmPassword[0]) != 0 {
-		alerts["error"] = alerts["error"] + "New and confirmation passwords does not match.<br/>"
+		alerts["error"] = "New and confirmation passwords does not match. "
 	}
+
+	if len(captchaID) < 1 || captchaID[0] == "" ||
+		len(captchaSolution) < 1 || captchaSolution[0] == "" ||
+		!captcha.VerifyString(captchaID[0], captchaSolution[0]) {
+		alerts["error"] = "Wrong captcha."
+	}
+
 	if len(alerts) == 0 {
 		client := NewLDAPClient()
 		if err := client.ModifyPassword(un, oldPassword[0], newPassword[0]); err != nil {
@@ -105,7 +117,7 @@ func ChangePassword(w http.ResponseWriter, req *http.Request) {
 		}
 	}
 
-	p := &pageData{Title: getTitle(), Alerts: alerts, Username: un}
+	p := &pageData{Title: getTitle(), Alerts: alerts, Username: un, CaptchaId: captcha.New()}
 
 	t, e := template.ParseFiles(path.Join("templates", "index.html"))
 	if e != nil {

main.go

@@ -2,8 +2,10 @@ package main
 
 import (
 	"fmt"
-	"github.com/npenkov/ldap-passwd-webui/app"
 	"net/http"
+
+	"github.com/dchest/captcha"
+	"github.com/npenkov/ldap-passwd-webui/app"
 )
 
 func main() {
@@ -12,7 +14,8 @@ func main() {
 	reHandler.HandleFunc(".*.[js|css|png|eof|svg|ttf|woff]", "GET", app.ServeAssets)
 	reHandler.HandleFunc("/", "GET", app.ServeIndex)
 	reHandler.HandleFunc("/", "POST", app.ChangePassword)
-
+	http.Handle("/captcha/", captcha.Server(captcha.StdWidth, captcha.StdHeight))
+	http.Handle("/", reHandler)
 	fmt.Println("Starting server on port 8080")
-	http.ListenAndServe(":8080", reHandler)
+	http.ListenAndServe(":8080", nil)
 }

templates/index.html

@@ -12,6 +12,36 @@
   </head>
 
   <body>
+    <script>
+      function setSrcQuery(e, q) {
+        var src = e.src;
+        var p = src.indexOf('?');
+        if (p >= 0) {
+          src = src.substr(0, p);
+        }
+        e.src = src + "?" + q
+      }
+      function playAudio() {
+        var le = document.getElementById("lang");
+        var lang = le.options[le.selectedIndex].value;
+        var e = document.getElementById('audio')
+        setSrcQuery(e, "lang=" + lang)
+        e.style.display = 'block';
+        e.autoplay = 'true';
+        return false;
+      }
+      function changeLang() {
+        var e = document.getElementById('audio')
+        if (e.style.display == 'block') {
+          playAudio();
+        }
+      }
+      function reload() {
+        setSrcQuery(document.getElementById('image'), "reload=" + (new Date()).getTime());
+        setSrcQuery(document.getElementById('audio'), (new Date()).getTime());
+        return false;
+      }
+    </script>
     <main>
       <h1>{{.Title}}</h1>
 
@@ -30,6 +60,14 @@
         <input id="confirm-password" name="confirm-password" type="password"
             pattern=".{8,}" x-moz-errormessage="Password must be at least 8 characters long." required>
 
+        <p>Type the numbers you see in the picture below:</p>
+        <p>
+          <img id=image src="/captcha/{{.CaptchaId}}.png" alt="Captcha image">
+        </p>
+        <a href="#" onclick="reload()">Reload</a>
+        <input type=hidden name=captchaId value="{{.CaptchaId}}">
+        <br>
+        <input id="captchaSolution" name="captchaSolution" type="text" required>
         <button type="submit">Update password</button>
       </form>