Ejemplo n.º 1
0
func userContextHandler(handler webapp.Handler) webapp.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) *webapp.Error {
		c := appengine.NewContext(r)
		u := user.Current(c)
		if u == nil {
			webapp.RedirectToLogin(w, r, r.URL.Path)
			return nil
		}
		switch acct, err := maybeOldAccount(c, u); err {
		case nil:
			setUserContext(r, acct)
			return handler.Serve(w, r)
		case account.ErrUserNotFound:
			http.Redirect(w, r, "/login/new", http.StatusSeeOther)
			return nil
		default:
			return webapp.InternalError(fmt.Errorf("failed to look up current user: %s", err))
		}
	}
}
Ejemplo n.º 2
0
func newAccount(w http.ResponseWriter, r *http.Request) *webapp.Error {
	target := continueTarget(r)
	c := appengine.NewContext(r)
	u := user.Current(c)
	if u == nil {
		webapp.RedirectToLogin(w, r, "/")
		return nil
	}
	if _, err := account.ForUser(c, u); err != account.ErrUserNotFound {
		if err != nil {
			return webapp.InternalError(fmt.Errorf("failed to account for current user: %s", err))
		}
		http.Redirect(w, r, "/", http.StatusFound)
		return nil
	}
	id, err := account.ID(u)
	if err != nil {
		return webapp.InternalError(err)
	}
	if r.Method == "POST" {
		token, err := auth.TokenForRequest(c, id, r.URL.Path)
		if err != nil {
			return webapp.UnauthorizedError(fmt.Errorf("no stored token for request"))
		}
		if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
			return webapp.UnauthorizedError(fmt.Errorf("invalid XSRF token"))
		}
		fields, err := webapp.ParseRequiredValues(r, "email", "firstname", "lastname")
		if err != nil {
			// TODO(rwsims): Clean up this error reporting.
			w.WriteHeader(http.StatusBadRequest)
			fmt.Fprintf(w, "Please go back and enter all required data.")
			return nil
		}
		claim := account.NewClaimedEmail(c, id, fields["email"])
		switch err := claim.Claim(c); {
		case err == nil:
			break
		case err == account.ErrEmailAlreadyClaimed:
			// TODO(rwsims): Clean up this error reporting.
			w.WriteHeader(http.StatusBadRequest)
			fmt.Fprintf(w, "That email is already in use; please use a different email")
			return nil
		default:
			return webapp.InternalError(fmt.Errorf("failed to claim email %q: %s", claim.Email, err))
		}
		info := account.Info{
			FirstName: fields["firstname"],
			LastName:  fields["lastname"],
			Email:     fields["email"],
		}
		if phone := r.FormValue("phone"); phone != "" {
			info.Phone = phone
		}
		acct, err := account.New(u, info)
		if err != nil {
			return webapp.InternalError(fmt.Errorf("failed to create user account: %s", err))
		}
		if err := acct.Put(c); err != nil {
			return webapp.InternalError(fmt.Errorf("failed to write new user account: %s", err))
		}
		if err := acct.SendConfirmation(c); err != nil {
			c.Errorf("Failed to send confirmation email to %q: %s", acct.Email, err)
		}
		http.Redirect(w, r, target, http.StatusSeeOther)
		token.Delete(c)
		return nil
	}
	token, err := auth.NewToken(id, r.URL.Path, time.Now())
	if err != nil {
		return webapp.InternalError(fmt.Errorf("failed to create auth token: %s", err))
	}
	if err := token.Store(c); err != nil {
		return webapp.InternalError(fmt.Errorf("failed to store token: %s", err))
	}
	data := map[string]interface{}{
		"Target": target,
		"Token":  token.Encode(),
	}
	if err := newAccountPage.Execute(w, data); err != nil {
		return webapp.InternalError(err)
	}
	return nil
}