sftpgo-mirror/httpd/resetcode.go
Nicola Murino 78233ff9a3
web UI/REST API: add password reset
In order to reset the password from the admin/client user interface,
an SMTP configuration must be added and the user/admin must have an email
address.
You can prohibit the reset functionality on a per-user basis by using a
specific restriction.

Fixes #597
2021-11-13 13:25:43 +01:00

43 lines
764 B
Go

package httpd
import (
"sync"
"time"
"github.com/drakkan/sftpgo/v2/util"
)
var (
resetCodeLifespan = 10 * time.Minute
resetCodes sync.Map
)
type resetCode struct {
Code string
Username string
IsAdmin bool
ExpiresAt time.Time
}
func (c *resetCode) isExpired() bool {
return c.ExpiresAt.Before(time.Now().UTC())
}
func newResetCode(username string, isAdmin bool) *resetCode {
return &resetCode{
Code: util.GenerateUniqueID(),
Username: username,
IsAdmin: isAdmin,
ExpiresAt: time.Now().Add(resetCodeLifespan).UTC(),
}
}
func cleanupExpiredResetCodes() {
resetCodes.Range(func(key, value interface{}) bool {
c, ok := value.(*resetCode)
if !ok || c.isExpired() {
resetCodes.Delete(key)
}
return true
})
}