Dfg 425 password reset success mail (#475)

* Send password reset success mail

Author: blazej-teonite

src/grpc/password_reset.rs

@@ -10,7 +10,10 @@ use crate::{
         models::enrollment::{Token, PASSWORD_RESET_TOKEN_TYPE},
         DbPool, User,
     },
-    handlers::{mail::send_password_reset_email, user::check_password_strength},
+    handlers::{
+        mail::{send_password_reset_email, send_password_reset_success_email},
+        user::check_password_strength,
+    },
     ldap::utils::ldap_change_password,
     mail::Mail,
 };
@@ -207,6 +210,18 @@ impl password_reset_service_server::PasswordResetService for PasswordResetServer
         debug!("Starting password reset: {request:?}");
         let enrollment = self.validate_session(&request).await?;
 
+        let ip_address = request
+            .metadata()
+            .get("ip_address")
+            .and_then(|value| value.to_str().map(ToString::to_string).ok())
+            .unwrap_or_default();
+
+        let user_agent = request
+            .metadata()
+            .get("user_agent")
+            .and_then(|value| value.to_str().map(ToString::to_string).ok())
+            .unwrap_or_default();
+
         let request = request.into_inner();
         if let Err(err) = check_password_strength(&request.password) {
             error!("Password not strong enough: {err}");
@@ -236,6 +251,13 @@ impl password_reset_service_server::PasswordResetService for PasswordResetServer
             Status::internal("unexpected error")
         })?;
 
+        send_password_reset_success_email(
+            &user,
+            &self.mail_tx,
+            Some(ip_address),
+            Some(user_agent),
+        )?;
+
         Ok(Response::new(()))
     }
 }

src/handlers/mail.rs

@@ -39,6 +39,7 @@ static EMAIL_MFA_CODE_EMAIL_SUBJECT: &str = "Your Multi-Factor Authentication Co
 static GATEWAY_DISCONNECTED: &str = "Defguard: Gateway disconnected";
 
 pub static EMAIL_PASSOWRD_RESET_START_SUBJECT: &str = "Defguard: Password reset";
+pub static EMAIL_PASSOWRD_RESET_SUCCESS_SUBJECT: &str = "Defguard: Password reset success";
 
 #[derive(Clone, Deserialize)]
 pub struct TestMail {
@@ -452,3 +453,33 @@ pub fn send_password_reset_email(
         }
     }
 }
+
+pub fn send_password_reset_success_email(
+    user: &User,
+    mail_tx: &UnboundedSender<Mail>,
+    ip_address: Option<String>,
+    device_info: Option<String>,
+) -> Result<(), TokenError> {
+    debug!("Sending password reset success email to {}", user.email);
+
+    let mail = Mail {
+        to: user.email.clone(),
+        subject: EMAIL_PASSOWRD_RESET_SUCCESS_SUBJECT.into(),
+        content: templates::email_password_reset_success_mail(ip_address, device_info)?,
+        attachments: Vec::new(),
+        result_tx: None,
+    };
+
+    let to = mail.to.clone();
+
+    match mail_tx.send(mail) {
+        Ok(()) => {
+            info!("Password reset email success sent to {to}");
+            Ok(())
+        }
+        Err(err) => {
+            error!("Failed to send password reset success email to {to} with error:\n{err}");
+            Ok(())
+        }
+    }
+}

src/templates.rs

@@ -29,6 +29,8 @@ static MAIL_EMAIL_MFA_ACTIVATION: &str =
 static MAIL_EMAIL_MFA_CODE: &str = include_str!("../templates/mail_email_mfa_code.tera");
 static MAIL_PASSWORD_RESET_START: &str =
     include_str!("../templates/mail_password_reset_start.tera");
+static MAIL_PASSWORD_RESET_SUCCESS: &str =
+    include_str!("../templates/mail_password_reset_success.tera");
 
 #[allow(dead_code)]
 static MAIL_DATE_FORMAT: &str = "%Y-%m-%dT%H:%M:00Z";
@@ -295,6 +297,17 @@ pub fn email_password_reset_mail(
     Ok(tera.render("mail_passowrd_reset_start", &context)?)
 }
 
+pub fn email_password_reset_success_mail(
+    ip_address: Option<String>,
+    device_info: Option<String>,
+) -> Result<String, TemplateError> {
+    let (mut tera, context) = get_base_tera(None, None, ip_address, device_info)?;
+
+    tera.add_raw_template("mail_passowrd_reset_success", MAIL_PASSWORD_RESET_SUCCESS)?;
+
+    Ok(tera.render("mail_passowrd_reset_success", &context)?)
+}
+
 #[cfg(test)]
 mod test {
     use crate::config::DefGuardConfig;

templates/base.tera

@@ -215,7 +215,7 @@
     {% endblock %}
 
     <!-- device info -->
-    <div style="margin: 30px auto 0px; max-width: 600px;">
+    <div style="margin: 0px auto 0px; max-width: 600px;">
       <table align="center" border="0" cellpadding="0" cellspacing="0" role="presentation" style="width: 100%">
         <tbody>
           <tr>

templates/mail_password_reset_start.tera

@@ -33,6 +33,7 @@ macros::paragraph(content="Or click the button below:"),
   text-align: center;
   display: inline-block;
   margin: 0px auto;
+  margin-bottom: 10px;
   cursor: pointer;
 "><span>Reset password</span></a></p>
 {% endblock %}

templates/mail_password_reset_success.tera

@@ -0,0 +1,15 @@
+{# Requires context
+enrollment_url -> URL of the enrollment service
+link_url -> URL of the enrollment service with the token query param included
+defguard_url -> URL of defguard core Web UI
+token -> enrollment token
+#}
+{% extends "base.tera" %}
+{% import "macros.tera" as macros %}
+{% block mail_content %}
+{% set section_content = [
+macros::paragraph(content="<b>Password reset</b>"),
+macros::paragraph(content= "Your password has been successfully changed."),
+] %}
+{{ macros::text_section(content_array=section_content)}}
+{% endblock %}