func authPhonePassword(ctx *gin.Context, querylValues url.Values) {
phone := querylValues.Get("phone")
if phone == "" {
ctx.JSON(200, errors.ErrBadRequest)
return
}
if !check.IsChinaMobileString(phone) {
ctx.JSON(200, errors.ErrBadRequest)
return
}
password := querylValues.Get("password")
if password == "" {
ctx.JSON(200, errors.ErrBadRequest)
return
}
user, err := model.GetByPhone(phone)
switch err {
case nil:
cipherPassword := model.EncryptPassword([]byte(password), user.Salt)
if !security.SecureCompare(cipherPassword, user.Password) {
ctx.JSON(200, errors.ErrAuthFailed)
return
}
authSuccess(ctx, AuthTypePhonePassword, user)
return
case model.ErrNotFound:
cipherPassword := model.EncryptPassword([]byte(password), model.PasswordSalt)
if !security.SecureCompare(cipherPassword, cipherPassword) {
ctx.JSON(200, errors.ErrAuthFailed)
return
}
ctx.JSON(200, errors.ErrAuthFailed)
return
default:
glog.Errorln(err)
ctx.JSON(200, errors.ErrInternalServerError)
return
}
}
// 申请发送一个校验码到手机.
// uri?phone=XXX
func RequestForPhoneHandler(ctx *gin.Context) {
// MustAuthHandler(ctx)
queryValues := ctx.Request.URL.Query()
phone := queryValues.Get("phone")
if phone == "" {
ctx.JSON(200, errors.ErrBadRequest)
return
}
if !check.IsChinaMobileString(phone) {
ctx.JSON(200, errors.ErrBadRequest)
return
}
tk := ctx.MustGet("sso_token").(*token.Token)
ss := ctx.MustGet("sso_session").(*session.Session)
code := generateCode()
checkcode := session.CheckCode{
Key: phone,
Code: code,
Times: 0,
}
ss.PhoneCheckCode = &checkcode
if err := session.Set(tk.SessionId, ss); err != nil {
glog.Errorln(err)
ctx.JSON(200, errors.ErrInternalServerError)
return
}
if err := sendCodeToPhone(phone, code); err != nil {
glog.Errorln(err)
ctx.JSON(200, errors.ErrInternalServerError)
return
}
ctx.JSON(200, errors.ErrOK)
return
}