benutzer bearbeiten

2025-10-29 09:15:33 +00:00 · 2025-05-23 19:27:08 +02:00
parent c44467f229
commit 4bd289669d
13 changed files with 498 additions and 34 deletions
--- a/helpers/collections/session_cache.go
+++ b/helpers/collections/session_cache.go
@@ -99,6 +99,13 @@ func (c *UserSessionCache) Delete(sessionTokenClear string) {
 	}
 }

+func (c *UserSessionCache) Clear() {
+	c.cache.Clear()
+	c.mu.Lock()
+	c.approximateSize = 0
+	c.mu.Unlock()
+}
+
 func (c *UserSessionCache) startCleanupRoutine() {
 	ticker := time.NewTicker(c.cleanupInterval)
 	defer ticker.Stop()
--- a/middleware/authenticated.go
+++ b/middleware/authenticated.go
@@ -11,7 +11,7 @@ import (
 	"github.com/pocketbase/pocketbase/core"
 )

-var cache = collections.NewUserSessionCache(1000, 5*time.Minute)
+var SESSION_CACHE = collections.NewUserSessionCache(1000, 5*time.Minute)
 var deact_cookie = &http.Cookie{
 	Name:   dbmodels.SESSION_COOKIE_NAME,
 	MaxAge: -1,
@@ -30,7 +30,7 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
 			return e.Next()
 		}

-		user, session, loaded := cache.Get(cookie.Value)
+		user, session, loaded := SESSION_CACHE.Get(cookie.Value)
 		if !loaded {
 			record, err := app.FindFirstRecordByData(dbmodels.SESSIONS_TABLE, dbmodels.SESSIONS_TOKEN_FIELD, cookie.Value)
 			if err != nil {
@@ -47,16 +47,16 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
 				return e.Next()
 			}
 			u := dbmodels.NewUser(r)
-			user, session = cache.Set(u, s)
+			user, session = SESSION_CACHE.Set(u, s)
 		}

 		slog.Debug("User session detected", "user", user.Id, "name", user.Name, "session", session.ID)

-		if session.IsExpired() {
+		if session.IsExpired() || user.Deactivated {
 			// TODO: (Maybe) less rigid handling here: for creation or update of items forgive shortly
 			// expired tokens, if CSRF and everything else is a match.
 			slog.Warn("Session expired", "user", user.Id, "name", user.Name, "session", session.ID)
-			cache.Delete(cookie.Value)
+			SESSION_CACHE.Delete(cookie.Value)
 			go func() {
 				r, err := app.FindRecordById(dbmodels.SESSIONS_TABLE, session.ID)
 				e.SetCookie(deact_cookie)
--- a/pagemodels/pagedata.go
+++ b/pagemodels/pagedata.go
@@ -39,4 +39,6 @@ const (

 	P_USER_MGMT_ACCESS_NAME = "user_management_access"
 	P_USER_CREATE_NAME      = "user_create"
+
+	P_USER_EDIT_NAME = "user_edit"
 )
--- a/pages/login.go
+++ b/pages/login.go
@@ -124,6 +124,11 @@ func (p *LoginPage) POST(engine *templating.Engine, app core.App) HandleFunc {
 			return Unauthorized(engine, e, fmt.Errorf("Benuztername oder Passwort falsch. Bitte versuchen Sie es erneut."), data)
 		}

+		user := dbmodels.NewUser(record)
+		if user.Deactivated() {
+			return Unauthorized(engine, e, fmt.Errorf("Ihr Benutzerkonto ist deaktiviert. Bitte kontaktieren Sie den Administrator."), data)
+		}
+
 		duration := time.Minute * 60
 		if formdata.Persistent == "on" {
 			duration = time.Hour * 24 * 90
--- a/pages/logout.go
+++ b/pages/logout.go
@@ -5,6 +5,7 @@ import (

 	"github.com/Theodor-Springmann-Stiftung/musenalm/app"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/dbmodels"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/middleware"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/pagemodels"
 	"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
 	"github.com/pocketbase/pocketbase/core"
@@ -56,6 +57,8 @@ func Logout(e *core.RequestEvent, app *core.App) {
 			if err == nil && record != nil {
 				app.Delete(record)
 			}
+
+			middleware.SESSION_CACHE.Delete(cookie.Value)
 		}()
 	}
 }
--- a/pages/user_create.go
+++ b/pages/user_create.go
@@ -74,6 +74,9 @@ func InvalidSignupResponse(engine *templating.Engine, e *core.RequestEvent, erro

 	data["csrf_nonce"] = nonce
 	data["csrf_token"] = token
+
+	SetRedirect(data, e)
+
 	str, err := engine.RenderToString(e, data, TEMPLATE_USER_CREATE, "blank")
 	if err != nil {
 		return engine.Response500(e, err, data)
--- a/pages/user_edit.go
+++ b/pages/user_edit.go
@@ -0,0 +1,203 @@
+package pages
+
+import (
+	"github.com/Theodor-Springmann-Stiftung/musenalm/app"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/dbmodels"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/middleware"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/pagemodels"
+	"github.com/Theodor-Springmann-Stiftung/musenalm/templating"
+	"github.com/pocketbase/pocketbase/core"
+	"github.com/pocketbase/pocketbase/tools/router"
+)
+
+const (
+	URL_USER_EDIT      = "/user/{uid}/edit/"
+	UID_PATH_VALUE     = "uid"
+	TEMPLATE_USER_EDIT = "/user/edit/"
+)
+
+func init() {
+	ump := &UserEditPage{
+		StaticPage: pagemodels.StaticPage{
+			Name:     pagemodels.P_USER_EDIT_NAME,
+			Layout:   "blank",
+			Template: TEMPLATE_USER_EDIT,
+			URL:      URL_USER_EDIT,
+		},
+	}
+	app.Register(ump)
+}
+
+type UserEditPage struct {
+	pagemodels.StaticPage
+}
+
+func (p *UserEditPage) Setup(router *router.Router[*core.RequestEvent], app core.App, engine *templating.Engine) error {
+	router.GET(URL_USER_EDIT, p.GET(engine, app))
+	router.POST(URL_USER_EDIT, p.POST(engine, app))
+	return nil
+}
+
+func (p *UserEditPage) GET(engine *templating.Engine, app core.App) HandleFunc {
+	return func(e *core.RequestEvent) error {
+		data := make(map[string]any)
+
+		uid := e.Request.PathValue(UID_PATH_VALUE)
+		req := templating.NewRequest(e)
+		user := req.User()
+
+		if user == nil {
+			return engine.Response404(e, nil, nil)
+		}
+
+		if user.Id != uid && user.Role != "Admin" {
+			return engine.Response404(e, nil, nil)
+		}
+
+		u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
+		if err != nil {
+			return engine.Response404(e, err, nil)
+		}
+
+		fu := dbmodels.NewUser(u).Fixed()
+
+		data["user"] = &fu
+
+		nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+		if err != nil {
+			return engine.Response500(e, err, nil)
+		}
+		data["csrf_token"] = token
+		data["csrf_nonce"] = nonce
+
+		SetRedirect(data, e)
+
+		return engine.Response200(e, TEMPLATE_USER_EDIT, data, p.Layout)
+	}
+}
+
+func InvalidDataResponse(engine *templating.Engine, e *core.RequestEvent, error string, user *dbmodels.FixedUser) error {
+	data := make(map[string]any)
+	data["error"] = error
+	data["user"] = user
+
+	nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+	if err != nil {
+		return engine.Response500(e, err, data)
+	}
+
+	data["csrf_nonce"] = nonce
+	data["csrf_token"] = token
+
+	SetRedirect(data, e)
+
+	str, err := engine.RenderToString(e, data, TEMPLATE_USER_EDIT, "blank")
+	if err != nil {
+		return engine.Response500(e, err, data)
+	}
+
+	return e.HTML(400, str)
+}
+
+func (p *UserEditPage) POST(engine *templating.Engine, app core.App) HandleFunc {
+	return func(e *core.RequestEvent) error {
+		data := make(map[string]any)
+
+		uid := e.Request.PathValue(UID_PATH_VALUE)
+		req := templating.NewRequest(e)
+		user := req.User()
+
+		if user == nil {
+			return engine.Response404(e, nil, nil)
+		}
+
+		if user.Id != uid && user.Role != "Admin" {
+			return engine.Response404(e, nil, nil)
+		}
+
+		u, err := app.FindRecordById(dbmodels.USERS_TABLE, uid)
+		if err != nil {
+			return engine.Response404(e, err, nil)
+		}
+		user_proxy := dbmodels.NewUser(u)
+		fu := user_proxy.Fixed()
+
+		formdata := struct {
+			Email          string `form:"username"`
+			Name           string `form:"name"`
+			Role           string `form:"role"`
+			CsrfNonce      string `form:"csrf_nonce"`
+			CsrfToken      string `form:"csrf_token"`
+			Password       string `form:"password"`
+			PasswordRepeat string `form:"password_repeat"`
+			OldPassword    string `form:"old_password"`
+		}{}
+
+		if err := e.BindBody(&formdata); err != nil {
+			return InvalidDataResponse(engine, e, err.Error(), &fu)
+		}
+
+		if formdata.CsrfNonce != "" && formdata.CsrfToken != "" {
+			if _, err := CSRF_CACHE.ValidateTokenBundle(formdata.CsrfNonce, formdata.CsrfToken); err != nil {
+				return InvalidDataResponse(engine, e, "CSRF ungültig oder abgelaufen", &fu)
+			}
+		} else {
+			return InvalidDataResponse(engine, e, "CSRF ungültig oder abgelaufen", &fu)
+		}
+
+		if formdata.Email == "" || formdata.Name == "" {
+			return InvalidDataResponse(engine, e, "Bitte alle Felder ausfüllen", &fu)
+		}
+
+		// INFO: at this point email and name changes are allowed
+		user_proxy.SetEmail(formdata.Email)
+		user_proxy.SetName(formdata.Name)
+
+		if formdata.Role != "" && formdata.Role != user_proxy.Role() {
+			if user.Role == "Admin" &&
+				(formdata.Role == "User" || formdata.Role == "Editor" || formdata.Role == "Admin") {
+				user_proxy.SetRole(formdata.Role)
+			} else {
+				return InvalidDataResponse(engine, e, "Rolle nicht erlaubt", &fu)
+			}
+		}
+
+		if formdata.Password != "" || formdata.PasswordRepeat != "" || formdata.OldPassword != "" {
+			if user.Role != "Admin" && formdata.OldPassword == "" {
+				return InvalidDataResponse(engine, e, "Altes Passwort erforderlich", &fu)
+			} else if user.Role != "Admin" && !user_proxy.ValidatePassword(formdata.OldPassword) {
+				return InvalidDataResponse(engine, e, "Altes Passwort falsch", &fu)
+			}
+
+			if formdata.Password != formdata.PasswordRepeat {
+				return InvalidDataResponse(engine, e, "Passwörter stimmen nicht überein", &fu)
+			}
+
+			user_proxy.SetPassword(formdata.Password)
+		}
+
+		if err := app.Save(user_proxy); err != nil {
+			return InvalidDataResponse(engine, e, err.Error(), &fu)
+		}
+
+		middleware.SESSION_CACHE.Clear()
+
+		fu = user_proxy.Fixed()
+		data["user"] = &fu
+		if user_proxy.Id == user.Id {
+			e.Set("user", &fu)
+		}
+
+		data["success"] = "Benutzer erfolgreich bearbeitet"
+
+		nonce, token, err := CSRF_CACHE.GenerateTokenBundle()
+		if err != nil {
+			return engine.Response500(e, err, nil)
+		}
+		data["csrf_token"] = token
+		data["csrf_nonce"] = nonce
+
+		SetRedirect(data, e)
+		return engine.Response200(e, TEMPLATE_USER_EDIT, data, p.Layout)
+	}
+}
--- a/pages/user_management_access.go
+++ b/pages/user_management_access.go
@@ -76,10 +76,7 @@ func (p *UserManagementAccessPage) GET(engine *templating.Engine, app core.App)
 		data["csrf_nonce"] = nonce
 		data["csrf_token"] = token

-		redirect_url := e.Request.URL.Query().Get("redirectTo")
-		if redirect_url != "" {
-			data["redirect_url"] = redirect_url
-		}
+		SetRedirect(data, e)

 		return engine.Response200(e, p.Template, data, p.Layout)
 	}
@@ -109,11 +106,15 @@ func (p *UserManagementAccessPage) POST(engine *templating.Engine, app core.App)
 		data["relative_url"] = path_access + "?token=" + token.Token()
 		data["validUntil"] = token.Expires().Time().Format("02.01.2006 15:04")

-		redirect_url := e.Request.URL.Query().Get("redirectTo")
-		if redirect_url != "" {
-			data["redirect_url"] = redirect_url
-		}
+		SetRedirect(data, e)

 		return engine.Response200(e, p.Template, data, p.Layout)
 	}
 }
+
+func SetRedirect(data map[string]any, e *core.RequestEvent) {
+	redirect_url := e.Request.URL.Query().Get("redirectTo")
+	if redirect_url != "" {
+		data["redirect_url"] = redirect_url
+	}
+}
--- a/templating/request.go
+++ b/templating/request.go
@@ -43,6 +43,10 @@ func (r *Request) User() *dbmodels.FixedUser {
 	return nil
 }

+func (r *Request) SetUser(user *dbmodels.FixedUser) {
+	r.Set("user", user)
+}
+
 func (r *Request) Session() *dbmodels.FixedSession {
 	if session := r.Get("session"); session != nil {
 		s, _ := session.(*dbmodels.FixedSession)
@@ -58,3 +62,24 @@ func (r *Request) AccessToken() *dbmodels.FixedAccessToken {
 	}
 	return nil
 }
+
+func (r *Request) IsAdmin() bool {
+	if user := r.User(); user != nil {
+		return user.Role == "Admin"
+	}
+	return false
+}
+
+func (r *Request) IsAuthenticated() bool {
+	if user := r.User(); user != nil {
+		return true
+	}
+	return false
+}
+
+func (r *Request) IsEditor() bool {
+	if user := r.User(); user != nil {
+		return user.Role == "Editor"
+	}
+	return false
+}
--- a/views/assets/style.css
+++ b/views/assets/style.css
--- a/views/layouts/components/_footer.gohtml
+++ b/views/layouts/components/_footer.gohtml
@@ -2,29 +2,32 @@
 <footer
 	class="container-normal pb-1.5 text-base text-gray-800 relative"
 	x-data="{ openusermenu: false }">
-	<div class="" x-show="openusermenu">
-		<div
-			class="absolute right-0 bottom-10 bg-white border border-gray-300 rounded-md shadow mt-2
+	{{- if .request.user -}}
+		<div class="" x-show="openusermenu">
+			<div
+				class="absolute right-0 bottom-10 bg-white border-gray-300 rounded-md shadow mt-2
 		[&>a]:no-underline [&>a]:text-gray-700 [&>a]:hover:bg-gray-100 [&>a]:hover:text-gray-900
-		[&>a]:block [&>a]:px-3 [&>a]:py-2 [&>a]:text-sm [&>a]:rounded-md [&>a]:w-full [&>a]:text-left
+		[&>a]:block [&>a]:px-3 [&>a]:py-2 [&>a]:text-sm [&>a]:w-full [&>a]:text-left
 		[&>a]:whitespace-nowrap [&>a]:transition-all [&>a]:duration-200 [&>a]:border-b
 		[&>a]:last:border-b-0">
-			<a href="/user/edit" class="">
-				<i class="ri-user-3-line"></i>
-				Profil bearbeiten
-			</a>
-			{{ if and .request.user (eq .request.user.Role "Admin") }}
-				<a href="/user/management/access/User?redirectTo={{ .request.fullpath }}" class="">
-					<i class="ri-group-3-line"></i>
-					Benutzer einladen
+				<a href="/user/{{ .request.user.Id }}/edit?redirectTo={{ .request.fullpath }}" class="">
+					<i class="ri-user-3-line"></i>
+					Profil bearbeiten
 				</a>
-			{{ end }}
-			<a href="/logout?redirectTo={{ .request.fullpath }}" class="">
-				<i class="ri-logout-box-line"></i>
-				Ausloggen
-			</a>
+				{{ if and .request.user (eq .request.user.Role "Admin") }}
+					<a href="/user/management/access/User?redirectTo={{ .request.fullpath }}" class="">
+						<i class="ri-group-3-line"></i>
+						Benutzer einladen
+					</a>
+				{{ end }}
+				<a href="/logout?redirectTo={{ .request.fullpath }}" class="">
+					<i class="ri-logout-box-line"></i>
+					Ausloggen
+				</a>
+			</div>
 		</div>
-	</div>
+	{{- end -}}
+

 	<div class="mt-12 pt-3 flex flex-row justify-between">
 		<div>
@@ -45,7 +48,9 @@
 			<a href="https://github.com/Theodor-Springmann-Stiftung/musenalm">Code</a>
 			<span>&middot;</span>
 			{{ if .request.user }}
-				<button class="inline-block cursor-pointer" @click="openusermenu = !openusermenu">
+				<button
+					class="inline-block cursor-pointer hover:shadow-lg hover:bg-gray-100 px-1"
+					@click="openusermenu = !openusermenu">
 					<i class="ri-user-3-line"></i>
 					{{ if .request.user.Name }}
 						<b>{{ .request.user.Name }}</b>
--- a/views/routes/user/edit/body.gohtml
+++ b/views/routes/user/edit/body.gohtml
@@ -0,0 +1,210 @@
+{{ $model := . }}
+
+
+<div class="flex max-w-lg mx-auto !pt-44">
+	<div class="flex-col w-full">
+		{{ if $model.redirect_url }}
+			<a href="{{ $model.redirect_url }}" class="text-gray-700 hover:text-slate-950">
+				<i class="ri-arrow-left-s-line"></i> Zurück
+			</a>
+		{{ else }}
+			<a href="/" class="text-gray-700 hover:text-slate-950">
+				<i class="ri-arrow-left-s-line"></i> Startseite
+			</a>
+		{{ end }}
+		<h1 class="text-2xl self-baseline w-full my-6 font-bold">Benutzer bearbeiten</h1>
+		{{ if $model.success }}
+			<div
+				class="text-green-800 text-sm mt-2 rounded bg-green-200 p-2 font-bold border-green-700
+				border-2 mb-3">
+				{{ $model.success }}
+			</div>
+		{{ end }}
+		{{ if $model.error }}
+			<div
+				class="text-red-800 text-sm mt-2 rounded bg-red-200 p-2 font-bold border-red-700
+				border-2 mb-3">
+				{{ $model.error }}
+			</div>
+		{{ end }}
+		<form class="w-full grid grid-cols-3 gap-4" method="POST" x-data="{ openpw: false }">
+			<div
+				class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1 pb-1.5
+				bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
+				<label for="username" class="text-sm text-gray-700 font-bold">
+					Name <i class="ri-text"></i>
+				</label>
+				<input
+					type="text"
+					name="name"
+					id="name"
+					class="mt-1 block w-full rounded-md focus:border-none focus:outline-none"
+					placeholder=""
+					required
+					autocomplete="off"
+					value="{{ $model.user.Name }}"
+					autofocus />
+			</div>
+			<div
+				class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1 pb-1.5
+				bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
+				<label for="username" class="text-sm text-gray-700 font-bold">
+					E-Mail <i class="ri-at-line"></i>
+				</label>
+				<input
+					type="email"
+					name="username"
+					id="username"
+					autocomplete="off"
+					class="mt-1 block w-full rounded-md focus:border-none focus:outline-none"
+					placeholder=""
+					required
+					value="{{ $model.user.Email }}" />
+			</div>
+			<div
+				class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1
+				pb-1.5 bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
+				<label for="role" class="text-sm text-gray-700 font-bold">
+					Rolle <i class="ri-user-3-line"></i>
+				</label>
+				<select
+					{{ if not (eq $model.request.user.Role "Admin") -}}
+						disabled
+					{{- end }}
+					name="role"
+					id="role"
+					autocomplete="off"
+					class="mt-1 block w-full rounded-md focus:border-none focus:outline-none
+					disabled:opacity-50">
+					<option value="User" {{ if eq $model.user.Role "User" }}selected{{ end }}>
+						Benutzer
+					</option>
+					<option value="Editor" {{ if eq $model.user.Role "Editor" }}selected{{ end }}>
+						Redakteur
+					</option>
+					<option value="Admin" {{ if eq $model.user.Role "Admin" }}selected{{ end }}>
+						Administrator
+					</option>
+				</select>
+			</div>
+			<div class="col-span-3">
+				<div class="flex items-center">
+					<input type="checkbox" name="openpw" id="openpw" x-model="openpw" class="mr-2" />
+					<label for="openpw" class="text-sm text-gray-700 font-bold">
+						Passwort ändern <i class="ri-key-2-line"></i>
+					</label>
+				</div>
+			</div>
+			{{- if not (eq $model.request.user.Role "Admin") -}}
+				<div
+					x-bind:style="!openpw ? 'display:none' : ''"
+					class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1 pb-1.5
+				bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
+					<label for="password_old" class="text-sm text-gray-700 font-bold"> Altes Passwort </label>
+					<input
+						x-bind:type="openpw ? 'password' : 'hidden'"
+						minlength="10"
+						name="password_old"
+						id="password_old"
+						class="mt-1 block w-full rounded-md focus:border-none focus:outline-none"
+						placeholder=""
+						required />
+				</div>
+			{{- end -}}
+			<div
+				x-bind:style="!openpw ? 'display:none' : ''"
+				class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1 pb-1.5
+				bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
+				<label for="password" class="text-sm text-gray-700 font-bold"> Neues Passwort </label>
+				<input
+					x-bind:type="openpw ? 'password' : 'hidden'"
+					minlength="10"
+					name="password"
+					id="password"
+					class="mt-1 block w-full rounded-md focus:border-none focus:outline-none"
+					placeholder=""
+					required />
+			</div>
+			<div
+				x-bind:style="!openpw ? 'display:none' : ''"
+				class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1 pb-1.5
+				bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
+				<label for="password_repeat" class="text-sm text-gray-700 font-bold">
+					Passwort wiederholen
+				</label>
+				<input
+					x-bind:type="openpw ? 'password' : 'hidden'"
+					minlength="10"
+					name="password_repeat"
+					id="password_repeat"
+					class="mt-1 block w-full rounded-md focus:border-none focus:outline-none"
+					placeholder=""
+					required />
+			</div>
+			<div class="col-span-1 col-start-2">
+				<a
+					href="/user/{{ $model.user.Id }}/edit?redirectTo={{ $model.redirect_url }}"
+					type="cancel"
+					class="w-full inline-flex justify-center py-2 px-4 border border-transparent rounded-md text-sm font-medium text-gray-800 bg-stone-200 hover:bg-stone-300 cursor-pointer focus:outline-none
+					focus:ring-2 focus:ring-offset-2 focus:ring-slate-500 no-underline">
+					Zurücksetzen
+				</a>
+			</div>
+			<div class="col-span-1 col-start-3">
+				<input
+					type="hidden"
+					name="csrf_nonce"
+					id="csrf_nonce"
+					required
+					value="{{ $model.csrf_nonce }}" />
+				<input
+					type="hidden"
+					name="csrf_token"
+					id="csrf_token"
+					required
+					value="{{ $model.csrf_token }}" />
+				<button
+					type="submit"
+					class="w-full inline-flex justify-center py-2 px-4 border border-transparent rounded-md
+					shadow-sm text-sm font-medium text-white bg-slate-700 hover:bg-slate-800 cursor-pointer focus:outline-none
+					focus:ring-2 focus:ring-offset-2 focus:ring-slate-500">
+					Speichern
+				</button>
+			</div>
+			<!--
+			<div class="col-span-3">
+				<a href="/forgot-password" class="text-sm text-slate-600 hover:text-slate-900">
+					Passwort vergessen?
+				</a>
+			</div>
+			-->
+		</form>
+
+		<div class="col-span-1 mt-8 justify-self-end self-end items-end flex flex-row justify-end">
+			{{ if not $model.user.Deactivated }}
+				<button
+					type="submit"
+					formmethod="POST"
+					formaction="/user/{{ $model.user.Id }}/deactivate"
+					type="button"
+					class="inline-flex justify-center py-2 px-3  border border-transparent hover:border-red-800
+							rounded-lg text-sm font-medium text-red-800 bg-red-200 hover:bg-red-300 cursor-pointer
+							focus:outline-none
+						focus:ring-2 focus:ring-offset-2 focus:ring-slate-500 no-underline">
+					<i class="ri-prohibited-2-line mr-1"></i> Deaktivieren
+				</button>
+			{{ else }}
+				<button
+					type="submit"
+					formmethod="POST"
+					formaction="/user/{{ $model.user.Id }}/activate"
+					type="button"
+					class="inline-flex justify-center py-2 px-4 border border-transparent hover:border-red-800
+							rounded-lg text-sm font-medium text-red-800 bg-red-200 hover:bg-red-300 cursor-pointer
+							focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-slate-500 no-underline">
+					<i class="ri-restart-line"></i>
+				</button>
+			{{ end }}
+		</div>
+	</div>
+</div>
--- a/views/routes/user/new/body.gohtml
+++ b/views/routes/user/new/body.gohtml
@@ -82,7 +82,7 @@
 				<div
 					class="col-span-3 border-2 border-transparent focus-within:border-slate-600 px-2 py-1 pb-1.5
 				bg-slate-200 focus-within:bg-slate-50 rounded-md transition-all duration-100">
-					<label for="password" class="text-sm text-gray-700 font-bold">
+					<label for="password_repeat" class="text-sm text-gray-700 font-bold">
 						Passwort wiederholen <i class="ri-key-2-line"></i>
 					</label>
 					<input