feat(PROJ-25): User-Profil & Einstellungen — Passwort, E-Mail, 2FA

Backend: - PATCH /api/auth/password — Passwort ändern (bcrypt, LDAP-Guard, Audit-Log) - PATCH /api/auth/email — E-Mail ändern (Unique-Check, LDAP-Guard, Audit-Log) - userstore: UpdatePassword, UpdateEmail, GetPasswordHash Frontend: - UserNav.tsx: Dropdown-Menü (Profil & Einstellungen, Abmelden) - navbar.tsx: UserNav eingebunden - /settings: Passwort ändern, E-Mail ändern, 2FA verwalten (QR-Code + Deaktivieren) - api.ts: changePassword, changeEmail, getTOTPSetup, confirmTOTPSetup, disableTOTP Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-18 01:05:33 +01:00
parent 89a6651b62
commit 280034679e
7 changed files with 753 additions and 22 deletions
@@ -0,0 +1,152 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"strings"
+
+	"github.com/archivmail/internal/audit"
+	"github.com/jackc/pgx/v5/pgconn"
+	"golang.org/x/crypto/bcrypt"
+)
+
+// ── PROJ-25: Profile Handlers (Password & Email Change) ─────────────────
+
+// handleChangePassword allows a local user to change their own password.
+// PATCH /api/auth/password
+func (s *Server) handleChangePassword(w http.ResponseWriter, r *http.Request) {
+	sess := sessionFromCtx(r.Context())
+	if sess.UserID == 0 {
+		writeError(w, http.StatusUnauthorized, "not authenticated")
+		return
+	}
+
+	var req struct {
+		CurrentPassword string `json:"current_password"`
+		NewPassword     string `json:"new_password"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		writeError(w, http.StatusBadRequest, "invalid request body")
+		return
+	}
+
+	// Load user
+	user, err := s.users.GetByUsername(sess.Username)
+	if err != nil {
+		s.logger.Error("change_password: user not found", "err", err, "username", sess.Username)
+		writeError(w, http.StatusInternalServerError, "user not found")
+		return
+	}
+
+	// LDAP users cannot change password here
+	if user.Source == "ldap" {
+		writeError(w, http.StatusBadRequest, "password is managed by LDAP")
+		return
+	}
+
+	// Verify current password
+	currentHash, err := s.users.GetPasswordHash(r.Context(), user.ID)
+	if err != nil {
+		s.logger.Error("change_password: get hash failed", "err", err)
+		writeError(w, http.StatusInternalServerError, "internal error")
+		return
+	}
+
+	if err := bcrypt.CompareHashAndPassword([]byte(currentHash), []byte(req.CurrentPassword)); err != nil {
+		writeError(w, http.StatusForbidden, "current password is incorrect")
+		return
+	}
+
+	// Validate new password length
+	if len(req.NewPassword) < 8 {
+		writeError(w, http.StatusBadRequest, "new password must be at least 8 characters")
+		return
+	}
+
+	// Hash new password
+	newHash, err := bcrypt.GenerateFromPassword([]byte(req.NewPassword), 12)
+	if err != nil {
+		s.logger.Error("change_password: bcrypt failed", "err", err)
+		writeError(w, http.StatusInternalServerError, "internal error")
+		return
+	}
+
+	// Persist
+	if err := s.users.UpdatePassword(r.Context(), user.ID, string(newHash)); err != nil {
+		s.logger.Error("change_password: update failed", "err", err)
+		writeError(w, http.StatusInternalServerError, "failed to update password")
+		return
+	}
+
+	s.audlog.Log(audit.Entry{
+		EventType: audit.EventUserMgmt,
+		Username:  sess.Username,
+		IPAddress: remoteIP(r),
+		Success:   true,
+		Detail:    "change_password",
+	})
+
+	writeJSON(w, http.StatusOK, map[string]bool{"ok": true})
+}
+
+// handleChangeEmail allows a local user to change their own email address.
+// PATCH /api/auth/email
+func (s *Server) handleChangeEmail(w http.ResponseWriter, r *http.Request) {
+	sess := sessionFromCtx(r.Context())
+	if sess.UserID == 0 {
+		writeError(w, http.StatusUnauthorized, "not authenticated")
+		return
+	}
+
+	var req struct {
+		Email string `json:"email"`
+	}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		writeError(w, http.StatusBadRequest, "invalid request body")
+		return
+	}
+
+	// Load user
+	user, err := s.users.GetByUsername(sess.Username)
+	if err != nil {
+		s.logger.Error("change_email: user not found", "err", err, "username", sess.Username)
+		writeError(w, http.StatusInternalServerError, "user not found")
+		return
+	}
+
+	// LDAP users cannot change email here
+	if user.Source == "ldap" {
+		writeError(w, http.StatusBadRequest, "email is managed by LDAP")
+		return
+	}
+
+	// Basic email validation
+	if !strings.Contains(req.Email, "@") || !strings.Contains(req.Email, ".") {
+		writeError(w, http.StatusBadRequest, "invalid email address")
+		return
+	}
+
+	// Persist
+	if err := s.users.UpdateEmail(r.Context(), user.ID, req.Email); err != nil {
+		// Check for unique constraint violation (duplicate email)
+		var pgErr *pgconn.PgError
+		if errors.As(err, &pgErr) && pgErr.Code == "23505" {
+			writeError(w, http.StatusConflict, "email already in use")
+			return
+		}
+		s.logger.Error("change_email: update failed", "err", err)
+		writeError(w, http.StatusInternalServerError, "failed to update email")
+		return
+	}
+
+	s.audlog.Log(audit.Entry{
+		EventType: audit.EventUserMgmt,
+		Username:  sess.Username,
+		IPAddress: remoteIP(r),
+		Success:   true,
+		Detail:    "change_email",
+	})
+
+	writeJSON(w, http.StatusOK, map[string]interface{}{"ok": true, "email": req.Email})
+}
@@ -195,6 +195,10 @@ func (s *Server) routes() {
 	s.mux.HandleFunc("POST /api/pop3/{id}/import", s.auth(s.handleStartPop3Import))
 	s.mux.HandleFunc("GET /api/pop3/{id}/progress", s.auth(s.handlePop3Progress))

+	// PROJ-25: Profile routes (password & email change)
+	s.mux.HandleFunc("PATCH /api/auth/password", s.auth(s.handleChangePassword))
+	s.mux.HandleFunc("PATCH /api/auth/email", s.auth(s.handleChangeEmail))
+
 	// PROJ-24: TOTP 2FA routes
 	s.mux.HandleFunc("GET /api/auth/totp/setup", s.auth(s.handleTOTPSetupGet))
 	s.mux.HandleFunc("POST /api/auth/totp/setup", s.auth(s.handleTOTPSetupPost))
@@ -453,6 +453,36 @@ func (s *Store) ResetTOTP(ctx context.Context, userID int64, resetBy string) err
 	return nil
 }

+// ── PROJ-25: Profile Update Methods ───────────────────────────────────────
+
+// GetPasswordHash returns the bcrypt password hash for a user by ID.
+func (s *Store) GetPasswordHash(ctx context.Context, userID int64) (string, error) {
+	var hash string
+	err := s.pool.QueryRow(ctx, `SELECT password_hash FROM users WHERE id = $1`, userID).Scan(&hash)
+	if err != nil {
+		return "", fmt.Errorf("userstore: get password hash: %w", err)
+	}
+	return hash, nil
+}
+
+// UpdatePassword sets a new password hash for the given user.
+func (s *Store) UpdatePassword(ctx context.Context, userID int64, passwordHash string) error {
+	_, err := s.pool.Exec(ctx, `UPDATE users SET password_hash = $1 WHERE id = $2`, passwordHash, userID)
+	if err != nil {
+		return fmt.Errorf("userstore: update password: %w", err)
+	}
+	return nil
+}
+
+// UpdateEmail sets a new email address for the given user.
+func (s *Store) UpdateEmail(ctx context.Context, userID int64, email string) error {
+	_, err := s.pool.Exec(ctx, `UPDATE users SET email = $1 WHERE id = $2`, email, userID)
+	if err != nil {
+		return fmt.Errorf("userstore: update email: %w", err)
+	}
+	return nil
+}
+
 // GetTOTPSecret returns the encrypted TOTP secret and enabled status for a user.
 func (s *Store) GetTOTPSecret(ctx context.Context, userID int64) (secret []byte, enabled bool, err error) {
 	err = s.pool.QueryRow(ctx,