josh
/
docker-mailserver-passwords
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
docker-mailserver-passwords/main.go

202 lines
5.5 KiB
Go
Raw Blame History

package main
import (
"crypto"
"crypto/rand"
"encoding/base64"
"fmt"
"io"
"log"
"net/http"
"os"
"path"
"strings"
"text/template"
"time"
"github.com/gorilla/mux"
"git.teamworkapps.com/shortcut/forms"
"github.com/knadh/go-pop3"
)
// We use my forms package to create a password change form which on success executes a docker call to change the password
type tplData struct {
Time int64
Body string
}
func mwLog(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
log.Printf("%s %s", r.RemoteAddr, r.URL.String())
next.ServeHTTP(w, r)
})
}
func main() {
forms.GlobalStyles.ContainerClasses = "w-full bg-gray-100 justify-center py-6 rounded-lg shadow flex"
forms.GlobalStyles.ItemClasses = "w-full px-1 py-2"
forms.GlobalStyles.ErrorClasses = "text-red-600 text-right font-bold text-xl"
forms.GlobalStyles.LabelClasses = "block text-sm font-medium leading-6 text-gray-900"
forms.GlobalStyles.InputClasses = "block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-indigo-600 sm:text-sm sm:leading-6"
f := forms.NewForm()
e := forms.NewElement()
e.Label = "Email Address"
e.Type = "text"
e.Validator = "email"
e.FailMessage = "Must be a valid email address"
e.Name = "email"
f.Add(e)
e = forms.NewElement()
e.Label = "Old Password"
e.Type = "password"
e.Validator = ""
e.FailMessage = "Passsword Incorrect"
e.Name = "oldpassword"
f.Add(e)
e = forms.NewElement()
e.Label = "New Password"
e.Type = "password"
e.FailMessage = "Password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter and one digit"
e.Validator = "minlength=8;haslowercase;hasuppercase;hasdigit"
e.Name = "newpassword"
f.Add(e)
e = forms.NewElement()
e.Label = "Confirm Password"
e.Type = "password"
e.FailMessage = "Passwords do not match"
e.Validator = "mustmatch=newpassword"
e.Name = "confirmpassword"
f.Add(e)
e = forms.NewElement()
e.Label = "Change Password"
e.Type = "submit"
e.InputClasses = "flex w-full justify-center rounded-md bg-indigo-600 px-3 py-1.5 text-sm font-semibold leading-6 text-white shadow-sm hover:bg-indigo-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-indigo-600"
f.Add(e)
f.Route = "/chpass/changepassword"
out, err := f.ToJSON()
if err == nil {
os.WriteFile("form.json", out, 0644)
}
tmpFile := "template.html"
tmpl, err := template.New(path.Base(tmpFile)).ParseFiles(tmpFile)
if err != nil {
log.Fatal(err)
}
var d tplData
r := mux.NewRouter()
r.Use(mwLog)
r.HandleFunc("/style.css", http.FileServer(http.Dir("./")).ServeHTTP)
r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
d.Body = f.Render(false)
tmpl.Execute(w, d)
})
r.HandleFunc("/changepassword", func(w http.ResponseWriter, r *http.Request) {
if f.Validate(r) != nil {
d.Body = f.Render(true)
tmpl.Execute(w, d)
return
}
// Test if the given username ans password can authenticate via pop3
// If so, change the password
p := pop3.New(pop3.Opt{Host: "teamworkapps.com", Port: 995, TLSEnabled: true})
c, err := p.NewConn()
if err != nil {
log.Println(err)
d.Body = "Internal error"
tmpl.Execute(w, d)
return
}
defer c.Quit()
// Authenticate.
if err := c.Auth(f.GetValue("email"), f.GetValue("oldpassword")); err != nil {
f.MakeInvalid("oldpassword", "Invalid password")
d.Body = f.Render(true)
tmpl.Execute(w, d)
return
}
// Change the password
if !modifyPasswordFile(f.GetValue("email"), f.GetValue("newpassword")) {
log.Println(err)
d.Body = "Internal error"
tmpl.Execute(w, d)
return
}
d.Body = "Password changed. You will need to login again."
tmpl.Execute(w, d)
})
d.Time = time.Now().Unix()
d.Body = f.Render(true)
tmpl.Execute(os.Stdout, d)
http.ListenAndServe("127.0.0.1:8910", r)
}
/*
example password entry:
recreation@pinnaclelake.com|{SHA512-CRYPT}$6$uTiy7Q5xn1CIN22w$3VAElns3TFfejtdTCTJMcz8k2UPPwAmlUIoXC4NgPJRnDcgo3CnI91EsB6irgwuecCrolxAx7i4mjvTxPaAlf0
*/
// createPasswordEntry: input email and plain text password, output a password entry with sha512-crypt.
func modifyPasswordFile(email, password string) bool {
// read the password file
// find the entry with the given email
// replace the password with the new password
// write the file back
in, err := os.ReadFile("/root/docker/mail/config/postfix-accounts.cf")
if err != nil {
log.Println(err)
return false
}
out, err := os.Create("/root/docker/mail/config/postfix-accounts.cf.tmp")
if err != nil {
log.Println(err)
return false
}
lines := strings.Split(string(in), "\n")
for _, line := range lines {
if strings.HasPrefix(line, email) {
line = createPasswordEntry(email, password)
}
out.WriteString(line)
out.WriteString("\n")
}
out.Close()
os.Rename("/root/docker/mail/config/postfix-accounts.cf", "/root/docker/mail/config/postfix-accounts.cf.old")
os.Rename("/root/docker/mail/config/postfix-accounts.cf.tmp", "/root/docker/mail/config/postfix-accounts.cf")
return true
}
func createPasswordEntry(email, password string) string {
c := crypto.SHA512.New()
c.Write([]byte(password))
// hash := c.Sum(nil)
salt := getSalt()
str := base64.StdEncoding.EncodeToString([]byte(string(c.Sum(nil)) + salt))
return fmt.Sprintf("%s|{SHA512-CRYPT}$6$%s", email, str)
}
func getSalt() string {
salt := make([]byte, 5)
_, err := io.ReadFull(rand.Reader, salt)
if err != nil {
log.Fatal(err)
}
return string(salt)
}
Reference in New Issue View Git Blame Copy Permalink