Ejemplo n.º 1
0
func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) {
	doErr := func(err error) (shared.IResponse, error) {
		log.Println(err)
		r.Session().AddFlash("error", "Something went wrong...")
		return getRedirectResponse("/set_password")

	}
	currentPassword := r.PostValueString("current_password")
	newPassword1 := r.PostValueString("new_password_1")
	newPassword2 := r.PostValueString("new_password_2")

	if newPassword1 != newPassword2 {
		r.Session().AddFlash("error", "Passwords didn't match")
		return getRedirectResponse("/set_password")
	}

	if len(currentPassword) < 1 {
		// Is user exempt?
		//if !r.Session().shared.IUser().SetOnNextLogin {
		//	r.Session.AddFlash("error", "Incorrect current password")
		//	r.Redirect("/set_password")
		//	return
		//}
	} else {
		//Check Current Password
		matches, err := r.Session().User().CheckPassword(currentPassword)
		if err != nil {
			return doErr(err)
		}
		if !matches {
			r.Session().AddFlash("error", "Incorrect current password")
			return getRedirectResponse("/set_password")
		}
	}

	/// Is it secure enough?
	// TODO:... something useful.
	if len(newPassword1) < 5 {
		r.Session().AddFlash("error", "Password must be at least 5 characters long")

		return getRedirectResponse("/set_password")
	}

	hashed := HashPassword(newPassword1)

	db := lilo.db
	_, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID())
	if err != nil {
		return doErr(err)
	}
	return getRedirectResponse("/app.html")

}
Ejemplo n.º 2
0
func (lilo *basicLoginLogout) HandleLogin(request shared.IRequest) (shared.IResponse, error) {
	username := request.PostValueString("username")
	password := request.PostValueString("password")
	lilo.doLogin(request, false, lilo.ColUsername, username, password)
	return nil, nil
}