Beispiel #1
0
func (lilo *basicLoginLogout) HandleLogout(request shared.IRequest) (shared.IResponse, error) {
	//request.Session.shared.IUser = nil
	log.Println("LOGOUT")
	request.ResetSession()
	request.Session().AddFlash("success", "Logged Out")
	return getRedirectResponse("/")
}
Beispiel #2
0
func (th *simpleTemplateHandler) Handle(request shared.IRequest) (shared.IResponse, error) {
	writer, err := th.manager.GetHTMLTemplateWriter(th.name, request.Session())
	if err != nil {
		return nil, err
	}
	writer.Data = th.data

	return writer, nil
}
Beispiel #3
0
func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) {
	doErr := func(err error) (shared.IResponse, error) {
		log.Println(err)
		r.Session().AddFlash("error", "Something went wrong...")
		return getRedirectResponse("/set_password")

	}
	currentPassword := r.PostValueString("current_password")
	newPassword1 := r.PostValueString("new_password_1")
	newPassword2 := r.PostValueString("new_password_2")

	if newPassword1 != newPassword2 {
		r.Session().AddFlash("error", "Passwords didn't match")
		return getRedirectResponse("/set_password")
	}

	if len(currentPassword) < 1 {
		// Is user exempt?
		//if !r.Session().shared.IUser().SetOnNextLogin {
		//	r.Session.AddFlash("error", "Incorrect current password")
		//	r.Redirect("/set_password")
		//	return
		//}
	} else {
		//Check Current Password
		matches, err := r.Session().User().CheckPassword(currentPassword)
		if err != nil {
			return doErr(err)
		}
		if !matches {
			r.Session().AddFlash("error", "Incorrect current password")
			return getRedirectResponse("/set_password")
		}
	}

	/// Is it secure enough?
	// TODO:... something useful.
	if len(newPassword1) < 5 {
		r.Session().AddFlash("error", "Password must be at least 5 characters long")

		return getRedirectResponse("/set_password")
	}

	hashed := HashPassword(newPassword1)

	db := lilo.db
	_, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID())
	if err != nil {
		return doErr(err)
	}
	return getRedirectResponse("/app.html")

}
Beispiel #4
0
func (lilo *basicLoginLogout) doLogin(request shared.IRequest, noPassword bool, usernameCol string, username interface{}, password string) {

	doError := func(verboseMessage string, err error) {
		log.Printf("Issue loggin in (not error): %s, U:%s", verboseMessage, username)

		if err != nil {
			log.Printf("Error loading user '%s' from database: %s\n", username, err.Error())
		}
		if noPassword {
			request.Session().AddFlash("error", verboseMessage)
		} else {
			request.Session().AddFlash("error", "The presented credentials were not matched. Please try again.")
		}
		request.Redirect("/login")
	}

	db := lilo.db

	rows, err := db.Query(`SELECT `+lilo.userColString()+` FROM `+lilo.usersTable+` WHERE `+usernameCol+` = ?`, username)
	if err != nil {
		panic(err)
		log.Fatal(err)
		return
	}

	defer rows.Close()

	canHaz := rows.Next()
	if !canHaz {
		if noPassword {
			doError(fmt.Sprintf("Could not find %s", username), nil)
		} else {
			doError("", nil)
		}
		return
	}

	user, err := lilo.LoadUser(rows)
	if err != nil {
		doError("Invalid user identifier", err)
		return
	}

	if !noPassword {
		log.Printf("Check Password")
		res, err := user.CheckPassword(password)
		if err != nil {
			doError("", err)
			return
		}
		if !res {
			doError("", err)
			return
		}
	}

	target := "/app.html"
	//if request.Session.LoginTarget != nil {
	//		target = *request.Session.LoginTarget
	//	}

	request.ResetSession()

	request.Session().SetUser(user)
	if user.SetOnNextLogin() {
		request.Redirect("/set_password")
	} else {
		request.Redirect(target)
	}

	log.Printf("Done Check Password")
}