Beispiel #1
0
// PUT /developers/{token}/reset, Edit password
func PasswordEditHandler(rw http.ResponseWriter, req *http.Request) {
	if err := req.ParseForm(); err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	id := req.FormValue("id")
	u, err := db.GetDeveloperById(id)
	if err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	query := map[string]interface{}{"token": mux.Vars(req)["token"]}
	update := map[string]interface{}{"password": util.HashPassword(req.FormValue("new"), u.Salt)}
	if err := db.UpdateDeveloper(query, update); err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	renderer.JSON(rw, http.StatusOK, map[string]interface{}{
		"status": requests.StatusSuccess,
		"user":   u,
	})
}
Beispiel #2
0
// POST /developer/token, logs in a user by creating a new token
func CreateTokenHandler(rw http.ResponseWriter, req *http.Request) {
	var body requests.LoginReq
	decoder := json.NewDecoder(req.Body)
	err := decoder.Decode(&body)
	if err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	email := body.Email
	password := body.Password
	if email == "" || password == "" {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  "Email and Password Required.",
		})
		return
	}

	query := map[string]interface{}{"email": email}
	u, err := db.GetDeveloper(query)
	if err != nil {
		renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
			"status": requests.StatusFailed,
			"error":  "No such developer with email " + email + ".",
		})
		return
	}

	if util.HashPassword(password, u.Salt) != u.Password {
		renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
			"status": requests.StatusFailed,
			"error":  "Incorrect Password",
		})
		return
	}

	token := util.HashToken()

	update := map[string]interface{}{"token": token}
	if err := db.UpdateDeveloper(query, update); err != nil {
		renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	renderer.JSON(rw, http.StatusOK, map[string]interface{}{
		"status": requests.StatusCreated,
		"token":  token,
	})
}
Beispiel #3
0
func CheckAdminHandler(rw http.ResponseWriter, req *http.Request) {
	var body requests.LoginReq
	decoder := json.NewDecoder(req.Body)
	err := decoder.Decode(&body)
	if err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	email := body.Email
	password := body.Password
	if email == "" || password == "" {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  "Email and Password Required.",
		})
		return
	}

	query := map[string]interface{}{"email": email}
	u, err := db.GetDeveloper(query)
	if err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  "not admin",
		})
		return
	}

	if util.HashPassword(password, u.Salt) != u.Password {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  "not admin",
		})
		return
	}

	if !u.IsAdmin {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  "not admin",
		})
		return
	}

	renderer.JSON(rw, http.StatusOK, map[string]string{
		"status": requests.StatusSuccess,
	})
}
Beispiel #4
0
func AuthHandler(req *http.Request, user, pass string) (bool, error) {
	query := bson.M{}
	if pass == "" {
		query["token"] = user
	} else {
		query["email"] = user
	}

	dev, err := db.GetDeveloper(query)
	if err != nil || dev.ID == "" {
		return false, err
	}

	if pass != "" && dev.Password != util.HashPassword(pass, dev.Salt) {
		return false, nil
	}

	return true, nil
}
Beispiel #5
0
func Save(d *schemas.Developer) error {
	if d.Salt == "" {
		d.Salt = uuid.New()
		d.Password = util.HashPassword(d.Password, d.Salt)
	}

	var err error
	b := backoff.NewTicker(backoff.NewExponentialBackOff()).C

	for _ = range b {
		if err = devs.Insert(d); err != nil {
			continue
		}

		break
	}

	return err
}
Beispiel #6
0
// PUT /developers/{token}, edits a developer
func UpdateDeveloperHandler(rw http.ResponseWriter, req *http.Request) {
	token := mux.Vars(req)["token"]
	if token == "" {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  "missing token",
		})
		return
	}

	if err := req.ParseForm(); err != nil {
		renderer.JSON(rw, http.StatusBadRequest, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	query := map[string]interface{}{"token": token}
	update := map[string]interface{}{}

	u, err := db.GetDeveloper(query)
	if err != nil {
		renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	if password := req.FormValue("password"); password != "" {
		oldpass := req.FormValue("oldpassword")
		if oldpass == "" || util.HashPassword(oldpass, u.Salt) != u.Password {
			renderer.JSON(rw, http.StatusBadRequest, map[string]string{
				"status": requests.StatusFailed,
				"error":  "Old password is incorrect.",
			})
			return
		}

		update["password"] = util.HashPassword(password, u.Salt)
	}

	if nextPaymentTime := req.FormValue("nextPaymentTime"); nextPaymentTime != "" {
		update["nextPaymentTime"], err = time.Parse(time.RFC3339, nextPaymentTime)
	}

	if isAdmin := req.FormValue("isAdmin"); isAdmin != "" {
		update["isAdmin"] = isAdmin == "on" || isAdmin == "true"
	}

	if isPaid := req.FormValue("isPaid"); isPaid != "" {
		update["isPaid"] = isPaid == "on" || isPaid == "true"
	}

	// TODO add datetime parsing
	for _, field := range []string{"name", "email", "integrationEngineer"} {
		val := req.FormValue(field)
		if val != "" {
			update[field] = val
		}
	}

	if err := db.UpdateDeveloper(query, update); err != nil {
		renderer.JSON(rw, http.StatusInternalServerError, map[string]string{
			"status": requests.StatusFailed,
			"error":  err.Error(),
		})
		return
	}

	renderer.JSON(rw, http.StatusOK, map[string]interface{}{
		"status": requests.StatusUpdated,
		"update": update,
	})
}