infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-07-12 17:04:39 +03:00
Code Issues Packages Projects Releases Wiki Activity

add account config option to prevent the account for setting their own custom password, and enable by default for new accounts

Browse Source 
accounts with this option enabled can only generate get a new randomly
generated password. this prevents password reuse across services and weak
passwords. existing accounts keep their current ability to set custom
passwords. only admins can change this setting for an account.

related to issue #286 by skyguy
This commit is contained in:
Mechiel Lukkien
2025-02-15 12:44:18 +01:00
parent 09975a3100
commit 3e53abc4db
16 changed files with 266 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
webaccount/account.go
View File

@ -368,9 +368,16 @@ func (w Account) Logout(ctx context.Context) {
xcheckf(ctx, err, "logout")
}
// SetPassword saves a new password for the account, invalidating the previous password.
// Sessions are not interrupted, and will keep working. New login attempts must use the new password.
// SetPassword saves a new password for the account, invalidating the previous
// password.
//
// Sessions are not interrupted, and will keep working. New login attempts must use
// the new password.
//
// Password must be at least 8 characters.
//
// Setting a user-supplied password is not allowed if NoCustomPassword is set
// for the account.
func (Account) SetPassword(ctx context.Context, password string) {
log := pkglog.WithContext(ctx)
if len(password) < 8 {
@ -385,6 +392,11 @@ func (Account) SetPassword(ctx context.Context, password string) {
log.Check(err, "closing account")
}()
accConf, _ := acc.Conf()
if accConf.NoCustomPassword {
xcheckuserf(ctx, errors.New("custom password not allowed"), "setting password")
}
// Retrieve session, resetting password invalidates it.
ls, err := store.SessionUse(ctx, log, reqInfo.AccountName, reqInfo.SessionToken, "")
xcheckf(ctx, err, "get session")
@ -397,6 +409,35 @@ func (Account) SetPassword(ctx context.Context, password string) {
xcheckf(ctx, err, "restoring session after password reset")
}
// GeneratePassword sets a new randomly generated password for the current account.
// Sessions are not interrupted, and will keep working.
func (Account) GeneratePassword(ctx context.Context) (password string) {
log := pkglog.WithContext(ctx)
reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)
acc, err := store.OpenAccount(log, reqInfo.AccountName, false)
xcheckf(ctx, err, "open account")
defer func() {
err := acc.Close()
log.Check(err, "closing account")
}()
password = mox.GeneratePassword()
// Retrieve session, resetting password invalidates it.
ls, err := store.SessionUse(ctx, log, reqInfo.AccountName, reqInfo.SessionToken, "")
xcheckf(ctx, err, "get session")
err = acc.SetPassword(log, password)
xcheckf(ctx, err, "setting password")
// Session has been invalidated. Add it again.
err = store.SessionAddToken(ctx, log, &ls)
xcheckf(ctx, err, "restoring session after password reset")
return
}
// Account returns information about the account.
// StorageUsed is the sum of the sizes of all messages, in bytes.
// StorageLimit is the maximum storage that can be used, or 0 if there is no limit.