feat(portal): Add password change feature for authenticated users
- New RPC method `change_password` in luci.secubox-users - Verifies current password before allowing change - Syncs new password to all enabled services (email, jabber, nextcloud) - Matrix/PeerTube require manual password update (noted in response) - Portal UI updates: - New "Account" section with "Change Password" card - Password change modal with current/new/confirm fields - "My Services" card showing enabled services - ACL updated to include new authentication methods Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
adc83c3d8e
commit
629c21a75c
@ -320,6 +320,20 @@
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<h2 class="section-title">Account</h2>
|
||||
<div class="services-grid">
|
||||
<a href="#" class="service-card" id="changePasswordCard" onclick="openPasswordModal(); return false;">
|
||||
<div class="service-icon">🔑</div>
|
||||
<div class="service-name">Change Password</div>
|
||||
<div class="service-url">Update password for all services</div>
|
||||
</a>
|
||||
<a href="#" class="service-card" onclick="showMyServices(); return false;">
|
||||
<div class="service-icon">📋</div>
|
||||
<div class="service-name">My Services</div>
|
||||
<div class="service-url">View enabled services</div>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<h2 class="section-title">Administration</h2>
|
||||
<div class="services-grid">
|
||||
<a href="https://admin.gk2.secubox.in/" class="service-card" target="_blank">
|
||||
@ -393,6 +407,51 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Password Change Modal -->
|
||||
<div class="modal-overlay" id="passwordModal" style="display:none;">
|
||||
<div class="modal-box">
|
||||
<div class="modal-header">
|
||||
<h3>🔑 Change Password</h3>
|
||||
<button class="modal-close" onclick="closePasswordModal()">×</button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<div class="form-group">
|
||||
<label>Current Password</label>
|
||||
<input type="password" id="currentPassword" placeholder="Enter current password" class="modal-input">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label>New Password</label>
|
||||
<input type="password" id="newPassword" placeholder="Enter new password (min 8 chars)" class="modal-input">
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label>Confirm New Password</label>
|
||||
<input type="password" id="confirmPassword" placeholder="Confirm new password" class="modal-input">
|
||||
</div>
|
||||
<div id="passwordResult" style="display:none;"></div>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button class="btn-secondary" onclick="closePasswordModal()">Cancel</button>
|
||||
<button class="btn-primary" id="changePasswordBtn" onclick="doChangePassword()">Change Password</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Services Modal -->
|
||||
<div class="modal-overlay" id="servicesModal" style="display:none;">
|
||||
<div class="modal-box">
|
||||
<div class="modal-header">
|
||||
<h3>📋 My Services</h3>
|
||||
<button class="modal-close" onclick="closeServicesModal()">×</button>
|
||||
</div>
|
||||
<div class="modal-body" id="servicesContent">
|
||||
Loading...
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button class="btn-primary" onclick="closeServicesModal()">Close</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
// Check authentication
|
||||
var token = sessionStorage.getItem("secubox_token");
|
||||
@ -410,6 +469,120 @@ document.getElementById("logoutBtn").onclick = function() {
|
||||
window.location.href = "/login.html";
|
||||
};
|
||||
|
||||
// Password Change Modal
|
||||
function openPasswordModal() {
|
||||
document.getElementById("passwordModal").style.display = "flex";
|
||||
document.getElementById("currentPassword").value = "";
|
||||
document.getElementById("newPassword").value = "";
|
||||
document.getElementById("confirmPassword").value = "";
|
||||
document.getElementById("passwordResult").style.display = "none";
|
||||
document.getElementById("changePasswordBtn").disabled = false;
|
||||
}
|
||||
|
||||
function closePasswordModal() {
|
||||
document.getElementById("passwordModal").style.display = "none";
|
||||
}
|
||||
|
||||
function doChangePassword() {
|
||||
var currentPass = document.getElementById("currentPassword").value;
|
||||
var newPass = document.getElementById("newPassword").value;
|
||||
var confirmPass = document.getElementById("confirmPassword").value;
|
||||
|
||||
if (!currentPass || !newPass || !confirmPass) {
|
||||
showPasswordResult("Please fill in all fields", true);
|
||||
return;
|
||||
}
|
||||
|
||||
if (newPass.length < 8) {
|
||||
showPasswordResult("New password must be at least 8 characters", true);
|
||||
return;
|
||||
}
|
||||
|
||||
if (newPass !== confirmPass) {
|
||||
showPasswordResult("New passwords do not match", true);
|
||||
return;
|
||||
}
|
||||
|
||||
document.getElementById("changePasswordBtn").disabled = true;
|
||||
showPasswordResult("Updating password on all services...", false);
|
||||
|
||||
fetch("/cgi-bin/luci/rpc/sys", {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({
|
||||
method: "call",
|
||||
params: ["00000000000000000000000000000000", "luci.secubox-users", "change_password", {
|
||||
username: user,
|
||||
current_password: currentPass,
|
||||
new_password: newPass
|
||||
}]
|
||||
})
|
||||
})
|
||||
.then(function(r) { return r.json(); })
|
||||
.then(function(data) {
|
||||
var result = data.result;
|
||||
if (result && result.success) {
|
||||
var msg = result.message || "Password updated successfully";
|
||||
if (result.manual) {
|
||||
msg += "<br><br><small>Note: Some services require manual password update:<br>" + result.manual + "</small>";
|
||||
}
|
||||
showPasswordResult(msg, false);
|
||||
setTimeout(function() {
|
||||
closePasswordModal();
|
||||
// Clear session and redirect to login
|
||||
sessionStorage.clear();
|
||||
alert("Password changed. Please log in again with your new password.");
|
||||
window.location.href = "/login.html";
|
||||
}, 3000);
|
||||
} else {
|
||||
showPasswordResult(result.error || "Failed to change password", true);
|
||||
document.getElementById("changePasswordBtn").disabled = false;
|
||||
}
|
||||
})
|
||||
.catch(function(err) {
|
||||
showPasswordResult("Error: " + err.message, true);
|
||||
document.getElementById("changePasswordBtn").disabled = false;
|
||||
});
|
||||
}
|
||||
|
||||
function showPasswordResult(message, isError) {
|
||||
var el = document.getElementById("passwordResult");
|
||||
el.style.display = "block";
|
||||
el.className = isError ? "result-error" : "result-success";
|
||||
el.innerHTML = message;
|
||||
}
|
||||
|
||||
// Services Modal
|
||||
function showMyServices() {
|
||||
document.getElementById("servicesModal").style.display = "flex";
|
||||
document.getElementById("servicesContent").innerHTML = "Loading your services...";
|
||||
|
||||
// For now, show static list based on what portal shows
|
||||
var services = [
|
||||
{icon: "📧", name: "Email", status: "webmail.gk2.secubox.in"},
|
||||
{icon: "💬", name: "Matrix", status: "matrix.gk2.secubox.in"},
|
||||
{icon: "🗨️", name: "Jabber", status: "xmpp.gk2.secubox.in"},
|
||||
{icon: "☁️", name: "Nextcloud", status: "cloud.gk2.secubox.in"},
|
||||
{icon: "🎬", name: "PeerTube", status: "tube.gk2.secubox.in"}
|
||||
];
|
||||
|
||||
var html = '<div style="margin-top:10px;">';
|
||||
html += '<p style="color:var(--muted);margin-bottom:15px;">Services enabled for <strong>' + user + '</strong>:</p>';
|
||||
services.forEach(function(s) {
|
||||
html += '<div style="padding:10px;border:1px solid var(--border);border-radius:8px;margin-bottom:8px;display:flex;align-items:center;gap:10px;">';
|
||||
html += '<span style="font-size:1.5rem;">' + s.icon + '</span>';
|
||||
html += '<div><strong>' + s.name + '</strong><br><small style="color:var(--accent);">' + s.status + '</small></div>';
|
||||
html += '</div>';
|
||||
});
|
||||
html += '</div>';
|
||||
|
||||
document.getElementById("servicesContent").innerHTML = html;
|
||||
}
|
||||
|
||||
function closeServicesModal() {
|
||||
document.getElementById("servicesModal").style.display = "none";
|
||||
}
|
||||
|
||||
// Video Import Modal
|
||||
var importJobId = null;
|
||||
var pollInterval = null;
|
||||
|
||||
@ -298,9 +298,109 @@ reset_password() {
|
||||
echo '{"success":true,"message":"Password updated"}'
|
||||
}
|
||||
|
||||
# Authenticated password change (user changes their own password)
|
||||
change_password() {
|
||||
read -r input
|
||||
local username=$(echo "$input" | jsonfilter -e '@.username' 2>/dev/null)
|
||||
local current_password=$(echo "$input" | jsonfilter -e '@.current_password' 2>/dev/null)
|
||||
local new_password=$(echo "$input" | jsonfilter -e '@.new_password' 2>/dev/null)
|
||||
|
||||
if [ -z "$username" ] || [ -z "$current_password" ] || [ -z "$new_password" ]; then
|
||||
echo '{"success":false,"error":"Username, current password, and new password required"}'
|
||||
return
|
||||
fi
|
||||
|
||||
# Validate new password strength
|
||||
if [ ${#new_password} -lt 8 ]; then
|
||||
echo '{"success":false,"error":"New password must be at least 8 characters"}'
|
||||
return
|
||||
fi
|
||||
|
||||
# Check user exists
|
||||
if ! uci -q get ${CONFIG}.${username} >/dev/null 2>&1; then
|
||||
echo '{"success":false,"error":"User not found"}'
|
||||
return
|
||||
fi
|
||||
|
||||
# Verify current password
|
||||
local stored_hash=$(uci -q get ${CONFIG}.${username}.password_hash)
|
||||
local input_hash=$(echo -n "$current_password" | sha256sum | cut -d' ' -f1)
|
||||
|
||||
if [ "$stored_hash" != "$input_hash" ]; then
|
||||
logger -t secubox-portal "Password change failed (wrong current password): $username"
|
||||
echo '{"success":false,"error":"Current password is incorrect"}'
|
||||
return
|
||||
fi
|
||||
|
||||
# Update password in UCI
|
||||
local new_hash=$(echo -n "$new_password" | sha256sum | cut -d' ' -f1)
|
||||
uci set ${CONFIG}.${username}.password_hash="$new_hash"
|
||||
uci commit ${CONFIG}
|
||||
|
||||
# Sync to all enabled services (mailserver, matrix, jabber, etc.)
|
||||
local services=$(uci -q get ${CONFIG}.${username}.services 2>/dev/null | tr ' ' '\n' | sort -u)
|
||||
local synced=""
|
||||
local failed=""
|
||||
|
||||
for svc in $services; do
|
||||
case "$svc" in
|
||||
email)
|
||||
if [ -x /usr/sbin/mailserverctl ]; then
|
||||
local domain=$(uci -q get ${CONFIG}.main.domain || echo "secubox.in")
|
||||
local email="${username}@${domain}"
|
||||
# Update mailserver password
|
||||
. /usr/lib/mailserver/users.sh 2>/dev/null
|
||||
if user_passwd "$email" "$new_password" >/dev/null 2>&1; then
|
||||
synced="$synced email"
|
||||
else
|
||||
failed="$failed email"
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
jabber)
|
||||
if [ -x /usr/sbin/jabberctl ]; then
|
||||
local domain=$(uci -q get ${CONFIG}.main.domain || echo "secubox.in")
|
||||
if jabberctl user passwd "${username}@${domain}" "$new_password" >/dev/null 2>&1; then
|
||||
synced="$synced jabber"
|
||||
else
|
||||
failed="$failed jabber"
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
nextcloud)
|
||||
if [ -x /usr/sbin/nextcloudctl ]; then
|
||||
export OC_PASS="$new_password"
|
||||
if nextcloudctl occ user:resetpassword "$username" --password-from-env >/dev/null 2>&1; then
|
||||
synced="$synced nextcloud"
|
||||
else
|
||||
failed="$failed nextcloud"
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
matrix)
|
||||
# Matrix Conduit doesn't have easy password change API
|
||||
# User will need to change via Element client
|
||||
failed="$failed matrix(manual)"
|
||||
;;
|
||||
peertube)
|
||||
# PeerTube doesn't have direct password change
|
||||
failed="$failed peertube(manual)"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
logger -t secubox-portal "Password changed: $username (synced:$synced failed:$failed)"
|
||||
|
||||
if [ -n "$failed" ]; then
|
||||
echo "{\"success\":true,\"message\":\"Password updated. Some services require manual update:$failed\",\"synced\":\"$synced\",\"manual\":\"$failed\"}"
|
||||
else
|
||||
echo "{\"success\":true,\"message\":\"Password updated on all services\",\"synced\":\"$synced\"}"
|
||||
fi
|
||||
}
|
||||
|
||||
list_methods() {
|
||||
cat <<'EOFM'
|
||||
{"status":{},"users":{},"add":{"username":"str","password":"str","services":"str"},"delete":{"username":"str"},"passwd":{"username":"str","password":"str"},"authenticate":{"username":"str","password":"str"},"recover":{"email":"str"},"reset_password":{"token":"str","password":"str"}}
|
||||
{"status":{},"users":{},"add":{"username":"str","password":"str","services":"str"},"delete":{"username":"str"},"passwd":{"username":"str","password":"str"},"authenticate":{"username":"str","password":"str"},"recover":{"email":"str"},"reset_password":{"token":"str","password":"str"},"change_password":{"username":"str","current_password":"str","new_password":"str"}}
|
||||
EOFM
|
||||
}
|
||||
|
||||
@ -316,6 +416,7 @@ case "$1" in
|
||||
authenticate) authenticate ;;
|
||||
recover) recover ;;
|
||||
reset_password) reset_password ;;
|
||||
change_password) change_password ;;
|
||||
*) echo '{"error":"Unknown method"}' ;;
|
||||
esac
|
||||
;;
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
},
|
||||
"write": {
|
||||
"ubus": {
|
||||
"luci.secubox-users": ["add", "delete", "passwd"]
|
||||
"luci.secubox-users": ["add", "delete", "passwd", "authenticate", "recover", "reset_password", "change_password"]
|
||||
},
|
||||
"uci": ["secubox-users"]
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user