-

Author: geosoft1

Diff for: CHANGES

@@ -3,4 +3,7 @@ first release
 
 1.1.0-release-build300419
 - salted and hashed passwords in database
-- send random recovery passwords on mail
+- send random recovery passwords on mail
+
+1.1.1-release-build030519
+- reset the password to random only if the mail was successfully sent

Diff for: ui_reset_random.go

@@ -3,7 +3,6 @@
 package main
 
 import (
-	"log"
 	"net/http"
 
 	"github.com/geosoft1/token"
@@ -22,12 +21,8 @@ func reset(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, http.StatusText(http.StatusNotAcceptable), http.StatusNotAcceptable)
 			return
 		}
-		// TODO reset password to random, uncomment the following 4 lines
+		// generate a random password
 		user.Password = token.GetToken(token_len)
-		if err := sqlUpdateUser(&user); err != nil {
-			http.Error(w, http.StatusText(http.StatusNotAcceptable), http.StatusNotAcceptable)
-			return
-		}
 		// https://stackoverflow.com/a/24431749
 		mail := gomail.NewMessage()
 		mail.SetAddressHeader("From", config.SMTP.User, config.SMTP.Name)
@@ -37,7 +32,13 @@ func reset(w http.ResponseWriter, r *http.Request) {
 		dialer := gomail.NewPlainDialer(config.SMTP.Server, config.SMTP.Port, config.SMTP.User, config.SMTP.Password)
 		//dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
 		if err := dialer.DialAndSend(mail); err != nil {
-			log.Println(err)
+			http.Error(w, http.StatusText(http.StatusServiceUnavailable), http.StatusServiceUnavailable)
+			return
+		}
+		// reset the password to random only if the mail was successfully sent
+		if err := sqlUpdateUser(&user); err != nil {
+			http.Error(w, http.StatusText(http.StatusNotAcceptable), http.StatusNotAcceptable)
+			return
 		}
 		w.Header().Set("Content-Type", "text/html; charset=utf-8")
 		w.Write([]byte("A mail with instructions was send, read and <a href=\"/\">sign in</a>"))