Beispiel #1
0
func (c SigninPost) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	t := c.App.Templates.Lookup("signin.html")

	// read parameters
	// ----------------------

	r.ParseForm()
	email := r.Form.Get("email")
	password := r.Form.Get("password")

	// check parameters
	// ----------------------
	ok, user, err := c.checkUserPassword(c.App, email, password)
	if err != nil || !ok {
		w.WriteHeader(403)
		t.Execute(w, signinParams{
			Email: email,
			Error: "Wrong password.",
		})
		return
	}

	// create the session and send the cookies.
	// ----------------------
	session, err := app.CreateSession(c.App.DB(), user, time.Now())
	if err != nil {
		w.WriteHeader(500)
		t.Execute(w, signinParams{
			Email: email,
			Error: "An error occurred.",
		})
		log.Printf("err: while creating a session for email '%s': %s", email, err.Error())
		return
	}

	// set cookie
	app.SetSessionCookie(w, session)

	http.Redirect(w, r, "/", 302)
}
Beispiel #2
0
func (c RegisterPost) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	t := c.App.Templates.Lookup("register.html")
	t_end := c.App.Templates.Lookup("register_end.html")

	// read parameters
	// ----------------------

	r.ParseForm()
	email := r.Form.Get("email")
	password := r.Form.Get("password")
	passwordconfirm := r.Form.Get("passwordconfirm")

	// check parameters
	// ----------------------

	if len(email) == 0 ||
		!strings.Contains(email, ".") ||
		!strings.Contains(email, "@") {
		w.WriteHeader(400)
		t.Execute(w, registerParams{
			Email: email,
			Error: "Please fill a valid email.",
		})
		return
	}

	if len(password) == 0 {
		w.WriteHeader(400)
		t.Execute(w, registerParams{
			Email: email,
			Error: "Please fill a password.",
		})
		return
	}

	if len(passwordconfirm) == 0 {
		w.WriteHeader(400)
		t.Execute(w, registerParams{
			Email: email,
			Error: "Please confirm your password.",
		})
		return
	}

	if password != passwordconfirm {
		w.WriteHeader(400)
		t.Execute(w, registerParams{
			Email: email,
			Error: "Password confirmation doesn't match.",
		})
		return
	}

	if !app.IsPasswordSecure(password) {
		w.WriteHeader(400)
		t.Execute(w, registerParams{
			Email: email,
			Error: "The given password isn't strong enough.",
		})
		return
	}

	if exists, err := c.App.DB().ExistingEmail(email); err != nil {
		w.WriteHeader(500)
		t.Execute(w, registerParams{
			Email: email,
			Error: "An error occurred.",
		})
		log.Println("err: while crypting a password:"******"Existing email.",
		})
		return
	}

	// crypt the password
	// ----------------------

	cryptedPassword, err := app.CryptPassword(password)
	if err != nil {
		w.WriteHeader(500)
		t.Execute(w, registerParams{
			Email: email,
			Error: "An error occurred.",
		})
		log.Println("err: while crypting a password:"******"An error occurred.",
		})
		log.Printf("err: while creating an account for email '%s': %s", email, err.Error())
		return
	}

	// create the session and send the cookies.
	// ----------------------
	session, err := app.CreateSession(c.App.DB(), user, now)
	if err != nil {
		w.WriteHeader(500)
		t.Execute(w, registerParams{
			Email: email,
			Error: "An error occurred.",
		})
		log.Printf("err: while creating a session for email '%s': %s", email, err.Error())
		return
	}

	// set cookie
	app.SetSessionCookie(w, session)

	p := registerParams{
		Params: app.Params{
			LoggedIn: true,
			User:     app.ParamsUser{Email: email},
		},
	}

	t_end.Execute(w, p)
}