update password and browser sessions

robur-coop · Oct 24, 2024 · e870dd8 · e870dd8
1 parent 8a556e2
commit e870dd8
Show file tree

Hide file tree

Showing 3 changed files with 445 additions and 9 deletions.
diff --git a/assets/main.js b/assets/main.js
@@ -32,15 +32,15 @@ function getUnikernelName(url) {
 }
 
 function filterData() {
-    const input = document.getElementById("searchQuery").value.toUpperCase();
-    const table = document.getElementById("data-table");
-    const rows = Array.from(table.querySelectorAll("tbody tr"));
-
-    rows.forEach(row => {
-        const cells = Array.from(row.getElementsByTagName("td"));
-        const match = cells.some(td => td.textContent.toUpperCase().includes(input));
-        row.style.display = match ? "" : "none";
-    });
+	const input = document.getElementById("searchQuery").value.toUpperCase();
+	const table = document.getElementById("data-table");
+	const rows = Array.from(table.querySelectorAll("tbody tr"));
+
+	rows.forEach(row => {
+		const cells = Array.from(row.getElementsByTagName("td"));
+		const match = cells.some(td => td.textContent.toUpperCase().includes(input));
+		row.style.display = match ? "" : "none";
+	});
 }
 
 
@@ -418,3 +418,73 @@ function sort_data() {
 	};
 }
 
+async function updatePassword() {
+	const passwordButton = document.getElementById("password-button");
+	try {
+		buttonLoading(passwordButton, true, "Updating..")
+		const molly_csrf = document.getElementById("molly-csrf").value.trim();
+		const current_password = document.getElementById("current-password").value.trim();
+		const new_password = document.getElementById("new-password").value.trim();
+		const confirm_password = document.getElementById("confirm-password").value.trim();
+		const formAlert = document.getElementById("form-alert");
+		if (!current_password || !new_password || !confirm_password ) {
+			formAlert.classList.remove("hidden", "text-primary-500");
+			formAlert.classList.add("text-secondary-500");
+			formAlert.textContent = "Please fill in all the required passwords"
+			buttonLoading(passwordButton, false, "Deploy")
+		} else {
+			const response = await fetch('/account/password/update', {
+				method: 'POST',
+				body: JSON.stringify(
+					{
+						molly_csrf,
+						current_password,
+						new_password,
+						confirm_password
+
+					}),
+				headers: { 'Content-Type': 'application/json' }
+			});
+
+			const data = await response.json();
+			if (response.status === 200) {
+				postAlert("bg-primary-300", data.data);
+				setTimeout(() => window.location.reload(), 1000);
+			} else {
+				postAlert("bg-secondary-300", data.data);
+				buttonLoading(passwordButton, false, "Save")
+			}
+		}
+	} catch (error) {
+		postAlert("bg-secondary-300", error);
+		buttonLoading(passwordButton, false, "Save")
+	}
+}
+
+async function closeSessions() {
+	const sessionButton = document.getElementById("session-button");
+	try {
+		buttonLoading(sessionButton, true, "Closing sessions..")
+		const molly_csrf = document.getElementById("molly-csrf").value.trim();
+		const response = await fetch('/account/sessions/close', {
+			method: 'POST',
+			body: JSON.stringify(
+				{
+					molly_csrf,
+				}),
+			headers: { 'Content-Type': 'application/json' }
+		});
+
+		const data = await response.json();
+		if (response.status === 200) {
+			postAlert("bg-primary-300", data.data);
+			setTimeout(() => window.location.reload(), 1000);
+		} else {
+			postAlert("bg-secondary-300", data.data);
+			buttonLoading(sessionButton, false, "Logout all other sessions")
+		}
+	} catch (error) {
+		postAlert("bg-secondary-300", error);
+		buttonLoading(sessionButton, false, "Logout all other sessions")
+	}
+}
diff --git a/unikernel.ml b/unikernel.ml
@@ -1103,6 +1103,27 @@ struct
         | "/dashboard" ->
             check_meth `GET (fun () ->
                 authenticate !store reqd (dashboard !albatross reqd))
+| "/account" ->
+            check_meth `GET (fun () ->
+                authenticate store reqd (account_page store reqd))
+        | "/account/password/update" ->
+            check_meth `POST (fun () ->
+                extract_csrf_token reqd >>= function
+                | Ok (form_csrf, json) ->
+                    authenticate ~form_csrf store reqd
+                      (update_password json store reqd)
+                | Error (`Msg msg) ->
+                    Middleware.http_response reqd ~title:"Error"
+                      ~data:(String.escaped msg) `Bad_request)
+        | "/account/sessions/close" ->
+            check_meth `POST (fun () ->
+                extract_csrf_token reqd >>= function
+                | Ok (form_csrf, _) ->
+                    authenticate ~form_csrf store reqd
+                      (close_sessions store reqd)
+                | Error (`Msg msg) ->
+                    Middleware.http_response reqd ~title:"Error"
+                      ~data:(String.escaped msg) `Bad_request)
         | "/admin/users" ->
             check_meth `GET (fun () ->
                 authenticate ~check_admin:true !store reqd (users !store reqd))