Merge branch 'pass-validation'

.gitignore

@@ -12,3 +12,5 @@
 
 # Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
 .glide/
+vendor/
+*.lock

Gopkg.toml

@@ -0,0 +1,29 @@
+
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#  name = "github.com/x/y"
+#  version = "2.4.0"
+
+
+[[constraint]]
+  name = "gopkg.in/ldap.v2"
+  version = "2.5.1"
+[[constraint]]
+  name = "github.com/dchest/captcha"
+  branch = "master"

Makefile

@@ -3,7 +3,10 @@ VER=1.2
 
 .PHONY: all build push
 
-all: build docker push clean
+all: init build docker push clean
+
+init:
+	dep ensure
 	
 build:
 	GOOS=linux go build -o ldap-pass-webui main.go

README.md

@@ -4,7 +4,29 @@ WebUI Client capable of connecting to backend LDAP server and changing the users
 
 ![Screenshot](screenshots/index.png)
 
-## Running in docker container
+The configuration is made with environment variables:
+
+|Env variable|Default value|Description|
+|------------|-------------|-----------|
+|LPW_TITLE|Change your global password for example.org|Title that will appear on the page|
+|LPW_HOST||LDAP Host to connect to|
+|LPW_PORT|636|LDAP Port (389|636 are default LDAP/LDAPS)|
+|LPW_ENCRYPTED|true|Use enrypted communication|
+|LPW_START_TLS|false|Start TLS communication|
+|LPW_SSL_SKIP_VERIFY|true|Skip TLS CA verification|
+|LPW_USER_DN|uid=%s,ou=people,dc=example,dc=org|Filter expression to search the user for Binding|
+|LPW_USER_BASE|ou=people,dc=example,dc=org|Base to use when doing the binding|
+
+## Running
+
+```sh
+dep ensure
+LPW_HOST=ldap_host_ip go run main.go
+```
+
+Browse [http://localhost:8080/](http://localhost:8080/)
+
+### Running in docker container
 
 ```sh
 docker run -d -p 8080:8080 --name ldap-passwd-webui \
@@ -23,6 +45,11 @@ docker run -d -p 8080:8080 --name ldap-passwd-webui \
 
 ## Building and tagging
 
+Get [Godep](https://github.com/golang/dep)
+```sh
+go get -u github.com/golang/dep/cmd/dep
+```
+
 ```sh
 make
 ```
@@ -31,3 +58,4 @@ make
 
  * [Web UI for changing LDAP password - python](https://github.com/jirutka/ldap-passwd-webui)
  * [Gitea](https://github.com/go-gitea/gitea)
+ * [dchest/captcha](https://github.com/dchest/captcha)

app/web.go

@@ -8,6 +8,8 @@ import (
 
 	"html/template"
 
+	"github.com/dchest/captcha"
+
 	"regexp"
 
 	"net/http"
@@ -19,14 +21,17 @@ type route struct {
 	handler http.Handler
 }
 
+// RegexpHandler is used for http handler to bind using regular expressions
 type RegexpHandler struct {
 	routes []*route
 }
 
+// Handler binds http handler on RegexpHandler
 func (h *RegexpHandler) Handler(pattern *regexp.Regexp, verb string, handler http.Handler) {
 	h.routes = append(h.routes, &route{pattern, verb, handler})
 }
 
+// HandleFunc binds http handler function on RegexpHandler
 func (h *RegexpHandler) HandleFunc(r string, v string, handler func(http.ResponseWriter, *http.Request)) {
 	re := regexp.MustCompile(r)
 	h.routes = append(h.routes, &route{re, v, http.HandlerFunc(handler)})
@@ -48,6 +53,7 @@ type pageData struct {
 	PatternInfo string
 	Username    string
 	Alerts      map[string]string
+	CaptchaId   string
 }
 
 // ServeAssets : Serves the static assets
@@ -57,7 +63,7 @@ func ServeAssets(w http.ResponseWriter, req *http.Request) {
 
 // ServeIndex : Serves index page on GET request
 func ServeIndex(w http.ResponseWriter, req *http.Request) {
-	p := &pageData{Title: getTitle(), Pattern: getPattern(), PatternInfo: getPatternInfo()}
+	p := &pageData{Title: getTitle(), CaptchaId: captcha.New(), Pattern: getPattern(), PatternInfo: getPatternInfo()}
 	t, e := template.ParseFiles(path.Join("templates", "index.html"))
 	if e != nil {
 		log.Printf("Error parsing file %v\n", e)
@@ -74,6 +80,8 @@ func ChangePassword(w http.ResponseWriter, req *http.Request) {
 	oldPassword := req.Form["old-password"]
 	newPassword := req.Form["new-password"]
 	confirmPassword := req.Form["confirm-password"]
+	captchaID := req.Form["captchaId"]
+	captchaSolution := req.Form["captchaSolution"]
 
 	alerts := map[string]string{}
 
@@ -100,6 +108,12 @@ func ChangePassword(w http.ResponseWriter, req *http.Request) {
 		alerts["error"] = alerts["error"] + fmt.Sprintf("%s", getPatternInfo())
 	}
 
+	if len(captchaID) < 1 || captchaID[0] == "" ||
+		len(captchaSolution) < 1 || captchaSolution[0] == "" ||
+		!captcha.VerifyString(captchaID[0], captchaSolution[0]) {
+		alerts["error"] = "Wrong captcha."
+	}
+
 	if len(alerts) == 0 {
 		client := NewLDAPClient()
 		if err := client.ModifyPassword(un, oldPassword[0], newPassword[0]); err != nil {
@@ -109,7 +123,7 @@ func ChangePassword(w http.ResponseWriter, req *http.Request) {
 		}
 	}
 
-	p := &pageData{Title: getTitle(), Alerts: alerts, Username: un}
+	p := &pageData{Title: getTitle(), Alerts: alerts, Username: un, CaptchaId: captcha.New()}
 
 	t, e := template.ParseFiles(path.Join("templates", "index.html"))
 	if e != nil {

main.go

@@ -2,8 +2,10 @@ package main
 
 import (
 	"fmt"
-	"github.com/npenkov/ldap-passwd-webui/app"
 	"net/http"
+
+	"github.com/dchest/captcha"
+	"github.com/npenkov/ldap-passwd-webui/app"
 )
 
 func main() {
@@ -12,7 +14,8 @@ func main() {
 	reHandler.HandleFunc(".*.[js|css|png|eof|svg|ttf|woff]", "GET", app.ServeAssets)
 	reHandler.HandleFunc("/", "GET", app.ServeIndex)
 	reHandler.HandleFunc("/", "POST", app.ChangePassword)
-
+	http.Handle("/captcha/", captcha.Server(captcha.StdWidth, captcha.StdHeight))
+	http.Handle("/", reHandler)
 	fmt.Println("Starting server on port 8080")
-	http.ListenAndServe(":8080", reHandler)
+	http.ListenAndServe(":8080", nil)
 }

templates/index.html

@@ -12,6 +12,36 @@
   </head>
 
   <body>
+    <script>
+      function setSrcQuery(e, q) {
+        var src = e.src;
+        var p = src.indexOf('?');
+        if (p >= 0) {
+          src = src.substr(0, p);
+        }
+        e.src = src + "?" + q
+      }
+      function playAudio() {
+        var le = document.getElementById("lang");
+        var lang = le.options[le.selectedIndex].value;
+        var e = document.getElementById('audio')
+        setSrcQuery(e, "lang=" + lang)
+        e.style.display = 'block';
+        e.autoplay = 'true';
+        return false;
+      }
+      function changeLang() {
+        var e = document.getElementById('audio')
+        if (e.style.display == 'block') {
+          playAudio();
+        }
+      }
+      function reload() {
+        setSrcQuery(document.getElementById('image'), "reload=" + (new Date()).getTime());
+        setSrcQuery(document.getElementById('audio'), (new Date()).getTime());
+        return false;
+      }
+    </script>
     <main>
       <h1>{{.Title}}</h1>
 
@@ -30,6 +60,14 @@
         <input id="confirm-password" name="confirm-password" type="password"
         pattern="{{.Pattern}}" x-moz-errormessage="{{.PatternInfo}}" required>
         <p>{{.PatternInfo}}</p>
+        <p>Type the numbers you see in the picture below:</p>
+        <p>
+          <img id=image src="/captcha/{{.CaptchaId}}.png" alt="Captcha image">
+        </p>
+        <a href="#" onclick="reload()">Reload</a>
+        <input type=hidden name=captchaId value="{{.CaptchaId}}">
+        <br>
+        <input id="captchaSolution" name="captchaSolution" type="text" required>
         <button type="submit">Update password</button>
       </form>