Settings password reset (plausible#4649)

* Enable exceptions when revoking all user sessions * Add `User` changeset for changing password * Make button in `2fa_input` component optional * Implement password change from User Settings * Add tests * Fix 2FA modal cancel button formatting * Update changelog * Don't pass redundant params to `render_settings` and clean up code a bit * Render one error per field in password reset form * Refactor inline form 2FA validation --------- Co-authored-by: Adrian Gruntkowski <[email protected]>
yonasBSD · Oct 3, 2024 · 6940281 · 6940281
1 parent 35c8010
commit 6940281
Show file tree

Hide file tree

Showing 10 changed files with 400 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Add ability to review and revoke particular logged in user sessions
+- Add ability to change password from user settings screen
 
 ### Removed
 

diff --git a/lib/plausible/auth/auth.ex b/lib/plausible/auth/auth.ex
@@ -23,6 +23,11 @@ defmodule Plausible.Auth do
       prefix: "email-change:user",
       limit: 2,
       interval: :timer.hours(1)
+    },
+    password_change_user: %{
+      prefix: "password-change:user",
+      limit: 5,
+      interval: :timer.minutes(20)
     }
   }
 

diff --git a/lib/plausible/auth/user.ex b/lib/plausible/auth/user.ex
@@ -25,6 +25,7 @@ defmodule Plausible.Auth.User do
   schema "users" do
     field :email, :string
     field :password_hash
+    field :old_password, :string, virtual: true
     field :password, :string, virtual: true
     field :password_confirmation, :string, virtual: true
     field :name, :string
@@ -65,8 +66,7 @@ defmodule Plausible.Auth.User do
     %Plausible.Auth.User{}
     |> cast(attrs, @required)
     |> validate_required(@required)
-    |> validate_length(:password, min: 12, message: "has to be at least 12 characters")
-    |> validate_length(:password, max: 128, message: "cannot be longer than 128 characters")
+    |> validate_password_length()
     |> validate_confirmation(:password, required: true)
     |> validate_password_strength()
     |> hash_password()
@@ -142,9 +142,20 @@ defmodule Plausible.Auth.User do
     user
     |> cast(%{password: password}, [:password])
     |> validate_required([:password])
-    |> validate_length(:password, min: 12, message: "has to be at least 12 characters")
-    |> validate_length(:password, max: 128, message: "cannot be longer than 128 characters")
+    |> validate_password_length()
+    |> validate_password_strength()
+    |> hash_password()
+  end
+
+  def password_changeset(user, params \\ %{}) do
+    user
+    |> cast(params, [:old_password, :password])
+    |> check_password(:old_password)
+    |> validate_required([:old_password, :password])
+    |> validate_password_length()
+    |> validate_confirmation(:password, required: true)
     |> validate_password_strength()
+    |> validate_password_changed()
     |> hash_password()
   end
 
@@ -226,18 +237,35 @@ defmodule Plausible.Auth.User do
     end
   end
 
-  defp check_password(changeset) do
-    if password = get_change(changeset, :password) do
+  defp validate_password_changed(changeset) do
+    old_password = get_change(changeset, :old_password)
+    new_password = get_change(changeset, :password)
+
+    if old_password == new_password do
+      add_error(changeset, :password, "is too weak", validation: :different_password)
+    else
+      changeset
+    end
+  end
+
+  defp check_password(changeset, field \\ :password) do
+    if password = get_change(changeset, field) do
       if Plausible.Auth.Password.match?(password, changeset.data.password_hash) do
         changeset
       else
-        add_error(changeset, :password, "is invalid", validation: :check_password)
+        add_error(changeset, field, "is invalid", validation: :check_password)
       end
     else
       changeset
     end
   end
 
+  defp validate_password_length(changeset) do
+    changeset
+    |> validate_length(:password, min: 12, message: "has to be at least 12 characters")
+    |> validate_length(:password, max: 128, message: "cannot be longer than 128 characters")
+  end
+
   defp validate_password_strength(changeset) do
     if get_change(changeset, :password) != nil and password_strength(changeset).score <= 2 do
       add_error(changeset, :password, "is too weak", validation: :strength)

diff --git a/lib/plausible_web/components/two_factor.ex b/lib/plausible_web/components/two_factor.ex
@@ -2,7 +2,8 @@ defmodule PlausibleWeb.Components.TwoFactor do
   @moduledoc """
   Reusable components specific to 2FA
   """
-  use Phoenix.Component
+  use Phoenix.Component, global_prefixes: ~w(x-)
+  import PlausibleWeb.Components.Generic
 
   attr :text, :string, required: true
   attr :scale, :integer, default: 4
@@ -24,14 +25,26 @@ defmodule PlausibleWeb.Components.TwoFactor do
   attr :form, :any, required: true
   attr :field, :any, required: true
   attr :class, :string, default: ""
+  attr :show_button?, :boolean, default: true
 
   def verify_2fa_input(assigns) do
+    input_class =
+      "font-mono tracking-[0.5em] w-36 pl-5 font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block border-gray-300 dark:border-gray-500 dark:text-gray-200 dark:bg-gray-900 rounded-l-md"
+
+    input_class =
+      if assigns.show_button? do
+        input_class
+      else
+        [input_class, "rounded-r-md"]
+      end
+
+    assigns = assign(assigns, :input_class, input_class)
+
     ~H"""
     <div class={[@class, "flex items-center"]}>
       <%= Phoenix.HTML.Form.text_input(@form, @field,
         autocomplete: "off",
-        class:
-          "font-mono tracking-[0.5em] w-36 pl-5 font-medium shadow-sm focus:ring-indigo-500 focus:border-indigo-500 block border-gray-300 dark:border-gray-500 dark:text-gray-200 dark:bg-gray-900 rounded-l-md",
+        class: @input_class,
         oninput:
           "this.value=this.value.replace(/[^0-9]/g, ''); if (this.value.length >= 6) document.getElementById('verify-button').focus()",
         onclick: "this.select();",
@@ -42,6 +55,7 @@ defmodule PlausibleWeb.Components.TwoFactor do
         required: "required"
       ) %>
       <PlausibleWeb.Components.Generic.button
+        :if={@show_button?}
         type="submit"
         id={@id}
         mt?={false}
@@ -139,13 +153,14 @@ defmodule PlausibleWeb.Components.TwoFactor do
             </div>
             <div class="bg-gray-50 dark:bg-gray-850 px-4 py-3 sm:px-9 sm:flex sm:flex-row-reverse">
               <%= render_slot(@buttons) %>
-              <button
+              <.button
                 type="button"
-                class="sm:mr-2 mt-3 w-full inline-flex justify-center rounded-md border border-gray-300 dark:border-gray-500 shadow-sm px-4 py-2 bg-white dark:bg-gray-800 text-base font-medium text-gray-700 dark:text-gray-300 hover:bg-gray-50 dark:hover:bg-gray-850 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 sm:mt-0 sm:ml-3 sm:w-auto sm:text-sm"
                 x-on:click={"#{@state_param} = false"}
+                class="mr-2"
+                theme="bright"
               >
                 Cancel
-              </button>
+              </.button>
             </div>
           <% end %>
         </div>

diff --git a/lib/plausible_web/controllers/auth_controller.ex b/lib/plausible_web/controllers/auth_controller.ex
@@ -29,6 +29,7 @@ defmodule PlausibleWeb.AuthController do
            :user_settings,
            :save_settings,
            :update_email,
+           :update_password,
            :cancel_update_email,
            :new_api_key,
            :create_api_key,
@@ -261,14 +262,7 @@ defmodule PlausibleWeb.AuthController do
   end
 
   def user_settings(conn, _params) do
-    user = conn.assigns.current_user
-    settings_changeset = Auth.User.settings_changeset(user)
-    email_changeset = Auth.User.settings_changeset(user)
-
-    render_settings(conn,
-      settings_changeset: settings_changeset,
-      email_changeset: email_changeset
-    )
+    render_settings(conn, [])
   end
 
   def initiate_2fa_setup(conn, _params) do
@@ -453,12 +447,7 @@ defmodule PlausibleWeb.AuthController do
         |> redirect(to: Routes.auth_path(conn, :user_settings))
 
       {:error, changeset} ->
-        email_changeset = Auth.User.settings_changeset(user)
-
-        render_settings(conn,
-          settings_changeset: changeset,
-          email_changeset: email_changeset
-        )
+        render_settings(conn, settings_changeset: changeset)
     end
   end
 
@@ -476,26 +465,42 @@ defmodule PlausibleWeb.AuthController do
       end
     else
       {:error, %Ecto.Changeset{} = changeset} ->
-        settings_changeset = Auth.User.settings_changeset(user)
-
-        render_settings(conn,
-          settings_changeset: settings_changeset,
-          email_changeset: changeset
-        )
+        render_settings(conn, email_changeset: changeset)
 
       {:error, {:rate_limit, _}} ->
-        settings_changeset = Auth.User.settings_changeset(user)
-
-        {:error, changeset} =
+        changeset =
           user
           |> Auth.User.email_changeset(user_params)
           |> Ecto.Changeset.add_error(:email, "too many requests, try again in an hour")
-          |> Ecto.Changeset.apply_action(:validate)
+          |> Map.put(:action, :validate)
 
-        render_settings(conn,
-          settings_changeset: settings_changeset,
-          email_changeset: changeset
-        )
+        render_settings(conn, email_changeset: changeset)
+    end
+  end
+
+  def update_password(conn, %{"user" => params}) do
+    user = conn.assigns.current_user
+    user_session = conn.assigns.current_user_session
+
+    with :ok <- Auth.rate_limit(:password_change_user, user),
+         {:ok, user} <- do_update_password(user, params) do
+      UserAuth.revoke_all_user_sessions(user, except: user_session)
+
+      conn
+      |> put_flash(:success, "Your password is now changed")
+      |> redirect(to: Routes.auth_path(conn, :user_settings) <> "#change-password")
+    else
+      {:error, %Ecto.Changeset{} = changeset} ->
+        render_settings(conn, password_changeset: changeset)
+
+      {:error, {:rate_limit, _}} ->
+        changeset =
+          user
+          |> Auth.User.password_changeset(params)
+          |> Ecto.Changeset.add_error(:password, "too many attempts, try again in 20 minutes")
+          |> Map.put(:action, :validate)
+
+        render_settings(conn, password_changeset: changeset)
     end
   end
 
@@ -524,18 +529,57 @@ defmodule PlausibleWeb.AuthController do
     |> redirect(to: Routes.auth_path(conn, :user_settings) <> "#change-email-address")
   end
 
+  defp do_update_password(user, params) do
+    changes = Auth.User.password_changeset(user, params)
+
+    Repo.transaction(fn ->
+      with {:ok, user} <- Repo.update(changes),
+           {:ok, user} <- validate_2fa_code(user, params["two_factor_code"]) do
+        user
+      else
+        {:error, :invalid_2fa} ->
+          changes
+          |> Ecto.Changeset.add_error(:password, "invalid 2FA code")
+          |> Map.put(:action, :validate)
+          |> Repo.rollback()
+
+        {:error, changeset} ->
+          Repo.rollback(changeset)
+      end
+    end)
+  end
+
+  defp validate_2fa_code(user, code) do
+    if Auth.TOTP.enabled?(user) do
+      case Auth.TOTP.validate_code(user, code) do
+        {:ok, user} -> {:ok, user}
+        {:error, :not_enabled} -> {:ok, user}
+        {:error, _} -> {:error, :invalid_2fa}
+      end
+    else
+      {:ok, user}
+    end
+  end
+
   defp render_settings(conn, opts) do
     current_user = conn.assigns.current_user
-    settings_changeset = Keyword.fetch!(opts, :settings_changeset)
-    email_changeset = Keyword.fetch!(opts, :email_changeset)
     api_keys = Repo.preload(current_user, :api_keys).api_keys
     user_sessions = Auth.UserSessions.list_for_user(current_user)
 
+    settings_changeset =
+      Keyword.get(opts, :settings_changeset, Auth.User.settings_changeset(current_user))
+
+    email_changeset = Keyword.get(opts, :email_changeset, Auth.User.email_changeset(current_user))
+
+    password_changeset =
+      Keyword.get(opts, :password_changeset, Auth.User.password_changeset(current_user))
+
     render(conn, "user_settings.html",
       api_keys: api_keys,
       user_sessions: user_sessions,
       settings_changeset: settings_changeset,
       email_changeset: email_changeset,
+      password_changeset: password_changeset,
       subscription: current_user.subscription,
       invoices: Plausible.Billing.paddle_api().get_invoices(current_user.subscription),
       theme: current_user.theme || "system",

diff --git a/lib/plausible_web/router.ex b/lib/plausible_web/router.ex
@@ -329,6 +329,7 @@ defmodule PlausibleWeb.Router do
     get "/settings", AuthController, :user_settings
     put "/settings", AuthController, :save_settings
     put "/settings/email", AuthController, :update_email
+    put "/settings/password", AuthController, :update_password
     post "/settings/email/cancel", AuthController, :cancel_update_email
     delete "/me", AuthController, :delete_me
     get "/settings/api-keys/new", AuthController, :new_api_key