package main

import (
	"log"
	"net/http"
	"strings"
)


func resetPassword(w http.ResponseWriter, r *http.Request) {
	if len(r.URL.Query().Get("l")) == 0 || len(r.URL.Query().Get("t")) == 0 {
		http.Redirect(w, r, "lost", http.StatusFound)
	}

	if r.Method != "POST" {
		displayTmpl(w, "reset.html", map[string]interface{}{
			"login": r.URL.Query().Get("l"),
			"token": strings.Replace(r.URL.Query().Get("t"), " ", "+", -1),
		})
		return
	}

	// Check the two new passwords are identical
	if r.PostFormValue("newpassword") != r.PostFormValue("new2password") {
		displayTmplError(w, http.StatusNotAcceptable, "reset.html", map[string]interface{}{"error": "New passwords are not identical. Please retry."})
		return
	} else if err := checkPasswdConstraint(r.PostFormValue("newpassword")); err != nil {
		displayTmplError(w, http.StatusNotAcceptable, "reset.html", map[string]interface{}{"error": "The password you chose doesn't respect all constraints: " + err.Error()})
		return
	}

	// Connect to the LDAP server
	conn, err := myLDAP.Connect()
	if err != nil || conn == nil {
		log.Println(err)
		displayTmplError(w, http.StatusInternalServerError, "reset.html", map[string]interface{}{"error": err.Error()})
		return
	}

	// Bind as service to perform the search
	err = conn.ServiceBind()
	if err != nil {
		log.Println(err)
		displayTmplError(w, http.StatusInternalServerError, "reset.html", map[string]interface{}{"error": err.Error()})
		return
	}

	// Search the dn of the given user
	dn, err := conn.SearchDN(r.PostFormValue("login"))
	if err != nil {
		log.Println(err)
		displayTmplError(w, http.StatusInternalServerError, "reset.html", map[string]interface{}{"error": err.Error()})
		return
	}

	// Check token validity (allow current token + last one)
	if conn.genToken(dn, false) != r.PostFormValue("token") && conn.genToken(dn, true) != r.PostFormValue("token") {
		displayTmplError(w, http.StatusNotAcceptable, "reset.html", map[string]interface{}{"error": "Token invalid, please retry the lost password procedure. Please note that our token expires after 1 hour."})
		return
	}

	// Replace the password by the new given
	if err := conn.ChangePassword(dn, r.PostFormValue("newpassword")); err != nil {
		log.Println(err)
		displayTmplError(w, http.StatusInternalServerError, "reset.html", map[string]interface{}{"error": err.Error()})
		return
	}

	displayMsg(w, "Password successfully changed!", http.StatusOK)
}