From 61248119c5756b68bae8888f1580c47d64cc3a59 Mon Sep 17 00:00:00 2001
From: Evert <imsonotsleepy@gmail.com>
Date: Thu, 7 Dec 2017 17:37:36 +0200
Subject: [PATCH] A lot of user actions, add CSRF tokens to all POSTs

---
 server/api/admin.js                   |  64 ++++++++++++++---
 server/api/emailer.js                 |   4 ++
 server/api/index.js                   |  37 ++++++----
 server/routes/admin.js                | 100 +++++++++++++++++++-------
 src/script/component/BanList.vue      |   8 ++-
 src/script/component/ClientModal.vue  |  10 ++-
 src/script/component/OAuthClients.vue |   8 ++-
 src/script/component/User.vue         |  21 +++++-
 src/script/component/UserList.vue     |  53 +++++++++++++-
 src/script/component/UserModal.vue    |  93 ++++++++++++++++++++++++
 src/style/admin.styl                  |   5 +-
 src/style/main.styl                   |   4 ++
 templates/reset_password/html.pug     |   1 -
 templates/reset_password/subject.pug  |   2 +-
 14 files changed, 347 insertions(+), 63 deletions(-)
 create mode 100644 src/script/component/UserModal.vue

diff --git a/server/api/admin.js b/server/api/admin.js
index c2aa95f..1ced840 100644
--- a/server/api/admin.js
+++ b/server/api/admin.js
@@ -3,7 +3,9 @@ import Models from './models'
 
 const perPage = 6
 
-function cleanUserObject (dbe, admin) {
+async function cleanUserObject (dbe, admin) {
+  let totp = await Users.User.Login.totpTokenRequired(dbe)
+
   return {
     id: dbe.id,
     username: dbe.username,
@@ -17,7 +19,8 @@ function cleanUserObject (dbe, admin) {
     password: dbe.password !== null,
     nw_privilege: dbe.nw_privilege,
     created_at: dbe.created_at,
-    bannable: dbe.nw_privilege < admin.nw_privilege && dbe.id !== admin.id
+    totp_enabled: totp,
+    bannable: admin ? (dbe.nw_privilege < admin.nw_privilege && dbe.id !== admin.id) : false
   }
 }
 
@@ -96,7 +99,7 @@ const API = {
     for (let i in raw) {
       let entry = raw[i]
 
-      users.push(cleanUserObject(entry, admin))
+      users.push(await cleanUserObject(entry, admin))
     }
 
     return {
@@ -104,6 +107,53 @@ const API = {
       users: users
     }
   },
+  getUser: async function (id) {
+    let user = await Users.User.get(id)
+    if (!user) throw new Error('No such user')
+
+    return cleanUserObject(user, null)
+  },
+  editUser: async function (id, data) {
+    let user = await Users.User.get(id)
+    if (!user) throw new Error('No such user')
+
+    let fields = [
+      'username', 'display_name', 'email', 'nw_privilege', 'activated'
+    ]
+
+    data = dataFilter(data, fields, ['nw_privilege', 'activated'])
+    if (!data) throw new Error('Missing fields')
+
+    await Users.User.update(user, data)
+
+    return {}
+  },
+  resendActivationEmail: async function (id) {
+    let user = await Users.User.get(id)
+    if (!user) throw new Error('No such user')
+
+    if (user.activated === 1) return {}
+
+    await Users.User.Register.activationEmail(user)
+
+    return {}
+  },
+  revokeTotpToken: async function (id) {
+    let user = await Users.User.get(id)
+    if (!user) throw new Error('No such user')
+
+    await Models.TotpToken.query().delete().where('user_id', user.id)
+
+    return {}
+  },
+  sendPasswordEmail: async function (id) {
+    let user = await Users.User.get(id)
+    if (!user) throw new Error('No such user')
+
+    let token = await Users.User.Reset.reset(user.email, false, true)
+
+    return {token}
+  },
   // List all clients (paginated)
   getAllClients: async function (page) {
     let count = await Models.OAuth2Client.query().count('id as ids')
@@ -123,14 +173,13 @@ const API = {
     }
 
     return {
-      page: paginated,
-      clients: clients
+      page: paginated, clients
     }
   },
   // Get information about a client via id
   getClient: async function (id) {
     let raw = await Models.OAuth2Client.query().where('id', id)
-    if (!raw.length) return null
+    if (!raw.length) throw new Error('No such client')
 
     return cleanClientObject(raw[0])
   },
@@ -211,8 +260,7 @@ const API = {
     }
 
     return {
-      page: paginated,
-      bans: bans
+      page: paginated, bans
     }
   },
   // Remove a ban
diff --git a/server/api/emailer.js b/server/api/emailer.js
index 0135742..89b9109 100644
--- a/server/api/emailer.js
+++ b/server/api/emailer.js
@@ -4,6 +4,10 @@ import nodemailer from 'nodemailer'
 
 import config from '../../scripts/load-config'
 
+// TEMPORARY FIX FOR NODE v9.2.0
+import tls from 'tls'
+tls.DEFAULT_ECDH_CURVE = 'auto'
+
 const templateDir = path.join(__dirname, '../../', 'templates')
 
 let templateCache = {}
diff --git a/server/api/index.js b/server/api/index.js
index d7df691..3dbd4da 100644
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -372,8 +372,16 @@ const API = {
         // Create user
         let user = await models.User.query().insert(data)
 
+        if (email) {
+          await API.User.Register.activationEmail(user, true)
+        }
+
+        return user
+      },
+      activationEmail: async function (user, deleteOnFail = false) {
         // Activation token
         let activationToken = API.Hash(16)
+
         await models.Token.query().insert({
           expires_at: new Date(Date.now() + 86400000), // 1 day
           token: activationToken,
@@ -381,25 +389,28 @@ const API = {
           type: 1
         })
 
-        // Send Activation Email
         console.debug('Activation token:', activationToken)
-        if (email) {
-          try {
-            let em = await emailer.pushMail('activate', user.email, {
-              domain: config.server.domain,
-              display_name: user.display_name,
-              activation_token: activationToken
-            })
 
-            console.debug(em)
-          } catch (e) {
-            console.error(e)
+        // Send Activation Email
+        try {
+          let em = await emailer.pushMail('activate', user.email, {
+            domain: config.server.domain,
+            display_name: user.display_name,
+            activation_token: activationToken
+          })
+
+          console.debug(em)
+        } catch (e) {
+          console.error(e)
+
+          if (deleteOnFail) {
             await models.User.query().delete().where('id', user.id)
-            throw new Error('Invalid email address!')
           }
+
+          throw new Error('Invalid email address!')
         }
 
-        return user
+        return true
       }
     },
     Reset: {
diff --git a/server/routes/admin.js b/server/routes/admin.js
index 4ab3a46..f8c6eb5 100644
--- a/server/routes/admin.js
+++ b/server/routes/admin.js
@@ -88,6 +88,19 @@ router.get('/oauth2', wrap(async (req, res) => {
  * =======
  */
 
+function csrfVerify (req, res, next) {
+  if (req.body.csrf !== req.session.csrf) {
+    return next(new Error('Invalid session'))
+  }
+
+  next()
+}
+
+/* =============
+ *   User Data
+ * =============
+ */
+
 apiRouter.get('/users', wrap(async (req, res) => {
   let page = parseInt(req.query.page)
   if (isNaN(page) || page < 1) {
@@ -98,6 +111,51 @@ apiRouter.get('/users', wrap(async (req, res) => {
   res.jsonp(users)
 }))
 
+apiRouter.get('/user/:id', wrap(async (req, res) => {
+  let id = parseInt(req.params.id)
+  if (isNaN(id)) {
+    throw new Error('Invalid number')
+  }
+
+  res.jsonp(await API.getUser(id))
+}))
+
+apiRouter.post('/user', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.user_id)
+  if (isNaN(id)) {
+    throw new Error('Invalid or missing user ID')
+  }
+
+  res.jsonp(await API.editUser(id, req.body))
+}))
+
+apiRouter.post('/user/resend_activation', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.user_id)
+  if (isNaN(id)) {
+    throw new Error('Invalid or missing user ID')
+  }
+
+  res.jsonp(await API.resendActivationEmail(id))
+}))
+
+apiRouter.post('/user/revoke_totp', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.user_id)
+  if (isNaN(id)) {
+    throw new Error('Invalid or missing user ID')
+  }
+
+  res.jsonp(await API.revokeTotpToken(id))
+}))
+
+apiRouter.post('/user/reset_password', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.user_id)
+  if (isNaN(id)) {
+    throw new Error('Invalid or missing user ID')
+  }
+
+  res.jsonp(await API.sendPasswordEmail(id))
+}))
+
 /* ===============
  *   OAuth2 Data
  * ===============
@@ -115,43 +173,34 @@ apiRouter.get('/clients', wrap(async (req, res) => {
 apiRouter.get('/client/:id', wrap(async (req, res) => {
   let id = parseInt(req.params.id)
   if (isNaN(id)) {
-    return res.status(400).jsonp({error: 'Invalid number'})
+    throw new Error('Invalid number')
   }
 
   let client = await API.getClient(id)
-  if (!client) return res.status(400).jsonp({error: 'Invalid client'})
 
   res.jsonp(client)
 }))
 
-apiRouter.post('/client/new', wrap(async (req, res) => {
-  if (req.body.csrf !== req.session.csrf) {
-    return res.status(400).jsonp({error: 'Invalid session'})
-  }
-
+apiRouter.post('/client/new', csrfVerify, wrap(async (req, res) => {
   await API.createClient(req.body, req.session.user)
 
   res.status(204).end()
 }))
 
-apiRouter.post('/client/update', wrap(async (req, res) => {
+apiRouter.post('/client/update', csrfVerify, wrap(async (req, res) => {
   let id = parseInt(req.body.id)
 
-  if (!id || isNaN(id)) return res.status(400).jsonp({error: 'ID missing'})
-
-  if (req.body.csrf !== req.session.csrf) {
-    return res.status(400).jsonp({error: 'Invalid session'})
-  }
+  if (!id || isNaN(id)) throw new Error('ID missing')
 
   await API.updateClient(id, req.body)
 
   res.status(204).end()
 }))
 
-apiRouter.post('/client/new_secret/:id', wrap(async (req, res) => {
-  let id = parseInt(req.params.id)
+apiRouter.post('/client/new_secret', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.id)
   if (isNaN(id)) {
-    return res.status(400).jsonp({error: 'Invalid number'})
+    throw new Error('Invalid client ID')
   }
 
   let client = await API.newSecret(id)
@@ -159,10 +208,10 @@ apiRouter.post('/client/new_secret/:id', wrap(async (req, res) => {
   res.jsonp(client)
 }))
 
-apiRouter.post('/client/delete/:id', wrap(async (req, res) => {
-  let id = parseInt(req.params.id)
+apiRouter.post('/client/delete', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.id)
   if (isNaN(id)) {
-    return res.status(400).jsonp({error: 'Invalid number'})
+    throw new Error('Invalid client ID')
   }
 
   let client = await API.removeClient(id)
@@ -185,10 +234,10 @@ apiRouter.get('/bans', wrap(async (req, res) => {
   res.jsonp(bans)
 }))
 
-apiRouter.post('/ban/pardon/:id', wrap(async (req, res) => {
-  let id = parseInt(req.params.id)
+apiRouter.post('/ban/pardon', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.id)
   if (isNaN(id)) {
-    return res.status(400).jsonp({error: 'Invalid number'})
+    throw new Error('Invalid number')
   }
 
   let ban = await API.removeBan(id)
@@ -196,11 +245,8 @@ apiRouter.post('/ban/pardon/:id', wrap(async (req, res) => {
   res.jsonp(ban)
 }))
 
-apiRouter.post('/ban', wrap(async (req, res) => {
-  if (!req.body.user_id) return res.status(400).jsonp({error: 'ID missing'})
-  if (req.body.csrf !== req.session.csrf) {
-    return res.status(400).jsonp({error: 'Invalid session'})
-  }
+apiRouter.post('/ban', csrfVerify, wrap(async (req, res) => {
+  if (!req.body.user_id) throw new Error('ID missing')
 
   let result = await API.addBan(req.body, req.session.user.id)
 
diff --git a/src/script/component/BanList.vue b/src/script/component/BanList.vue
index da00099..370615a 100644
--- a/src/script/component/BanList.vue
+++ b/src/script/component/BanList.vue
@@ -11,6 +11,7 @@
 <script type="text/javascript">
   import Pagination from './Pagination.vue'
   import Ban from './Ban.vue'
+  const csrfToken = document.querySelector('meta[name="csrf-token"]').content
  
   export default {
     data: function () {
@@ -44,7 +45,10 @@
         })
       },
       pardon: function (id) {
-        this.$http.post('/admin/api/ban/pardon/' + id).then(data => {
+        this.$http.post('/admin/api/ban/pardon', {
+          id: id,
+          csrf: csrfToken
+        }).then(data => {
           this.getBans(1)
         })
       }
@@ -53,7 +57,7 @@
       this.getBans(1)
 
       this.$root.$on('reload_bans', () => {
-        this.getBans(1)
+        this.getBans(this.pagination.page)
       })
 
       this.$on('pardon', (id) => {
diff --git a/src/script/component/ClientModal.vue b/src/script/component/ClientModal.vue
index 0110b9e..59b9288 100644
--- a/src/script/component/ClientModal.vue
+++ b/src/script/component/ClientModal.vue
@@ -61,9 +61,9 @@
         this.verified = false
       },
       submit: function () {
-        let url = this.id === -1 ? 'new' : 'update'
+        let uri = this.id === -1 ? 'new' : 'update'
 
-        this.$http.post('/admin/api/client/' + url, {
+        this.$http.post('/admin/api/client/' + uri, {
           id: this.id,
           title: this.title,
           description: this.description,
@@ -81,7 +81,10 @@
         })
       },
       newSecret: function () {
-        this.$http.post('/admin/api/client/new_secret/' + this.id).then(data => {
+        this.$http.post('/admin/api/client/new_secret', {
+          id: this.id,
+          csrf: csrfToken
+        }).then(data => {
           alert('New secret generated.')
           this.$root.$emit('reload_clients')
         }).catch(err => {
@@ -92,6 +95,7 @@
     watch: {
       id: function () {
         if (this.id <= 0) return
+
         this.$http.get('/admin/api/client/' + this.id).then(data => {
           let dr = data.body
 
diff --git a/src/script/component/OAuthClients.vue b/src/script/component/OAuthClients.vue
index 282a0d4..d049c1c 100644
--- a/src/script/component/OAuthClients.vue
+++ b/src/script/component/OAuthClients.vue
@@ -13,6 +13,7 @@
   import Pagination from './Pagination.vue'
   import OAuthClient from './OAuthClient.vue'
   import ClientModal from './ClientModal.vue'
+  const csrfToken = document.querySelector('meta[name="csrf-token"]').content
 
   export default {
     data: function () {
@@ -48,7 +49,10 @@
         })
       },
       deleteClient: function (id) {
-        this.$http.post('/admin/api/client/delete/' + id).then(data => {
+        this.$http.post('/admin/api/client/delete', {
+          id: id,
+          csrf: csrfToken
+        }).then(data => {
           this.getClients(1)
         })
       }
@@ -57,7 +61,7 @@
       this.getClients(1)
 
       this.$root.$on('reload_clients', () => {
-        this.getClients(1)
+        this.getClients(this.pagination.page)
       })
 
       this.$on('edit', function (id) {
diff --git a/src/script/component/User.vue b/src/script/component/User.vue
index 066b8c3..042d6c7 100644
--- a/src/script/component/User.vue
+++ b/src/script/component/User.vue
@@ -8,17 +8,34 @@
         .stamp(title="Used an external login" v-if="!password")
           i.fa.fa-fw.fa-sign-out
 
-        .noactive.stamp(v-if='activated == false', title='Not activated.')
+        .noactive.stamp(v-if='activated == false' title='Not activated.')
           i.fa.fa-fw.fa-envelope
 
+        .totp.stamp(v-if='totp_enabled' title="Two-Factor Authentication Enabled")
+          i.fa.fa-fw.fa-shield
+
         .dropdown-wrapper.stamp(@click="dropdown = !dropdown" v-on-clickaway='away')
           i.fa.fa-fw.fa-ellipsis-v
           transition(name="pop")
             .dropdown(v-show="dropdown")
               .title Actions
+              .action(v-on:click='$parent.$emit("edit", id)') 
+                i.fa.fa-fw.fa-pencil
+                |&nbsp;Edit User
               .action(v-if='bannable' v-on:click='$parent.$emit("ban", id)') 
                 i.fa.fa-fw.fa-ban
                 |&nbsp;Ban User
+              .separator
+              .action(v-if='!activated' v-on:click='$parent.$emit("activation", id)') 
+                i.fa.fa-fw.fa-envelope
+                |&nbsp;Activation Email
+              .action(v-if="totp_enabled" v-on:click='$parent.$emit("totp-revoke", id)')
+                i.fa.fa-fw.fa-shield
+                |&nbsp;Revoke 2FA
+              .action(v-on:click='$parent.$emit("reset-password", id)')
+                i.fa.fa-fw.fa-envelope
+                |&nbsp;Password Email
+
 
       .display_name {{ display_name }}
       .name {{ id }} - {{ username }} ({{ uuid }})
@@ -40,7 +57,7 @@
   import { directive as onClickaway } from 'vue-clickaway'
  
   export default {
-    props: ['avatar_file', 'activated', 'display_name', 'id', 'username', 'uuid', 'email', 'nw_privilege', 'created_at', 'password', 'bannable', 'ip_address'],
+    props: ['avatar_file', 'activated', 'display_name', 'id', 'username', 'uuid', 'email', 'nw_privilege', 'created_at', 'password', 'bannable', 'ip_address', 'totp_enabled'],
     directives: {
       onClickaway: onClickaway,
     },
diff --git a/src/script/component/UserList.vue b/src/script/component/UserList.vue
index 1a7efd4..108d48b 100644
--- a/src/script/component/UserList.vue
+++ b/src/script/component/UserList.vue
@@ -5,12 +5,15 @@
     .list.users
       user(v-for='user in users' v-bind="user" :key="user.id")
     ban-modal(:show='banning' @close='banning = 0' :id='banning')
+    user-modal(:show='editing' @close='editing = 0' :id='editing')
 </template>
 
 <script>
   import Pagination from './Pagination.vue'
   import User from './User.vue'
   import BanModal from './BanModal.vue'
+  import UserModal from './UserModal.vue'
+  const csrfToken = document.querySelector('meta[name="csrf-token"]').content
 
   export default {
     data: function () {
@@ -23,11 +26,12 @@
           total: 0
         },
         users: [],
-        banning: 0
+        banning: 0,
+        editing: 0
       }
     },
     components: {
-      Pagination, User, BanModal
+      Pagination, User, BanModal, UserModal
     },
     methods: {
       getUsers: function (page) {
@@ -44,6 +48,51 @@
       this.$on('ban', function (id) {
         this.banning = id
       })
+
+      this.$on('edit', function (id) {
+        this.editing = id
+      })
+
+      this.$on('activation', function (id) {
+        this.$http.post('/admin/api/user/resend_activation', {
+          user_id: id,
+          csrf: csrfToken
+        }).then(data => {
+          alert('Email sent!')
+        }).catch(err => {
+          console.error(err)
+          alert('Failed to send activation email to this user.')
+        })
+      })
+
+      this.$on('totp-revoke', function (id) {
+        this.$http.post('/admin/api/user/revoke_totp', {
+          user_id: id,
+          csrf: csrfToken
+        }).then(data => {
+          alert('Success!')
+          this.getUsers(this.pagination.page)
+        }).catch(err => {
+          console.error(err)
+          alert('An error occured.')
+        })
+      })
+
+      this.$on('reset-password', function (id) {
+        this.$http.post('/admin/api/user/reset_password', {
+          user_id: id,
+          csrf: csrfToken
+        }).then(data => {
+          alert('Email sent!')
+        }).catch(err => {
+          console.error(err)
+          alert('Failed to send activation email to this user.')
+        })
+      })
+
+      this.$root.$on('reload_users', () => {
+        this.getUsers(this.pagination.page)
+      })
     }
   }
 </script>
diff --git a/src/script/component/UserModal.vue b/src/script/component/UserModal.vue
new file mode 100644
index 0000000..1f0903e
--- /dev/null
+++ b/src/script/component/UserModal.vue
@@ -0,0 +1,93 @@
+<template lang="pug">
+  modal(:show='show', @close='close')
+    .modal-header
+      h3 Edit User
+    .modal-body.aligned-form
+      .message.error(v-if='error') {{ error }}
+      .cell
+        label(for="username") Username
+        input(type="text" id="username" name="username" v-model="username")
+      .cell
+        label(for="display_name") Display Name
+        input(type="text" id="display_name" name="display_name" v-model="display_name")
+      .cell
+        label(for="email") Email
+        input(type="email" id="email" name="email" v-model="email")
+      .cell
+        label(for="privilege") Privilege
+        input(type="range" min="0" max="5" step="1" id="privilege" name="privilege" v-model="nw_privilege")
+        span {{ nw_privilege }}
+      .cell
+        label(for="activated") Activated
+        input(type="checkbox" id="activated" name="activated" v-model="activated")
+    .modal-footer.text-align
+      button(@click='submit') Done
+      button(@click='close') Cancel
+</template>
+
+<script type="text/javascript">
+  import Modal from './Modal.vue'
+  const csrfToken = document.querySelector('meta[name="csrf-token"]').content
+
+  export default {
+    props: ['show', 'id'],
+    data: function () {
+      return {
+        error: '',
+        username: '',
+        display_name: '',
+        email: '',
+        nw_privilege: 0,
+        activated: false
+      }
+    },
+    components: {
+      Modal
+    },
+    methods: {
+      close: function () {
+        this.$emit('close')
+        this.error = ''
+        this.username = ''
+        this.display_name = ''
+        this.email = ''
+        this.nw_privilege = 0
+        this.activated = true
+      },
+      submit: function () {
+        this.$http.post('/admin/api/user', {
+          user_id: this.id,
+          username: this.username,
+          display_name: this.display_name,
+          email: this.email,
+          nw_privilege: this.nw_privilege,
+          activated: this.activated,
+          csrf: csrfToken
+        }).then(data => {
+          this.close()
+          this.$root.$emit('reload_users')
+        }).catch(err => {
+          console.error(err)
+          if (err.body && err.body.error) this.error = err.body.error
+        })
+      }
+    },
+    watch: {
+      id: function () {
+        if (this.id <= 0) return
+        this.$http.get('/admin/api/user/' + this.id).then(data => {
+          let dr = data.body
+
+          this.username = dr.username
+          this.display_name = dr.display_name
+          this.email = dr.email
+          this.nw_privilege = dr.nw_privilege
+          this.activated = dr.activated
+        }).catch(err => {
+          alert('Failed to fetch user information')
+          this.close()
+        })
+      }
+    }
+  }
+</script>
diff --git a/src/style/admin.styl b/src/style/admin.styl
index b63f58b..1675ef2 100644
--- a/src/style/admin.styl
+++ b/src/style/admin.styl
@@ -111,8 +111,9 @@ nav
         background-color: #fff
         border: 1px solid #ddd
         border-radius: 5px
-        min-width: 180px
-        font-size: 120%
+        min-width: 210px
+        font-size: 100%
+        z-index: 2999
         
         .title
             padding: 5px
diff --git a/src/style/main.styl b/src/style/main.styl
index 75a0b97..92959b7 100644
--- a/src/style/main.styl
+++ b/src/style/main.styl
@@ -579,6 +579,10 @@ select
             padding: 8px 0
         input[type="checkbox"]
             margin-top: 10px
+        span
+            padding: 10px
+            display: inline-block
+            vertical-align: top
 
 @media all and (max-width: 800px)
     .navigator
diff --git a/templates/reset_password/html.pug b/templates/reset_password/html.pug
index 8a8f29c..509231d 100644
--- a/templates/reset_password/html.pug
+++ b/templates/reset_password/html.pug
@@ -1,5 +1,4 @@
 h1 Hello, #{display_name}!
-p You've requested to reset your password on Icy Network.
 p Click on or copy the following link into your URL bar in order to reset your Icy Network account password:
 a.activate(href=domain + "/reset/" + reset_token, target="_blank", rel="nofollow")= domain + "/reset/" + reset_token
 p If you did not request a password reset on Icy Network, please ignore this email.
diff --git a/templates/reset_password/subject.pug b/templates/reset_password/subject.pug
index 85b8d0b..f266d28 100644
--- a/templates/reset_password/subject.pug
+++ b/templates/reset_password/subject.pug
@@ -1 +1 @@
-|Icy Network - Password reset request
+|Icy Network - Reset Your Password