Ejemplo n.º 1
0
func forgotpw(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
	if req.Method != "POST" {
		return &forgotpwTpldata{}, user
	}

	if err := req.ParseForm(); err != nil {
		return &forgotpwTpldata{Error: "Form data corrupted."}, user
	}

	email := req.FormValue("Mail")
	if email == "" {
		return &forgotpwTpldata{Error: "E-Mail must not be empty."}, user
	}

	user, err := dbcon.UserByMail(email)
	if err != nil {
		return &forgotpwTpldata{Error: "E-Mail not found."}, user
	}

	key := genAcCode()
	if err := user.SetActivationCode(key); err != nil {
		log.Printf("Could not store pwreset key: %s", err)
		return &forgotpwTpldata{Error: "Could not generate a keyword reset code."}, user
	}

	if !SendPwresetLink(user.Email(), key, user.ID()) {
		return &forgotpwTpldata{Error: "Could not send reset E-Mail."}, user
	}

	return &forgotpwTpldata{Success: "We sent you an E-Mail with further instructions."}, user
}
Ejemplo n.º 2
0
func login(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
	outdata := &loginTpldata{}

	if user != nil {
		outdata.Success = "You are already logged in"
		return outdata, user
	}

	if req.Method != "POST" {
		return outdata, user
	}

	if err := req.ParseForm(); err != nil {
		outdata.Error = "Formdata corrupted. Please try again."
		return outdata, user
	}

	indata := new(loginFormdata)
	if err := formdec.Decode(indata, req.Form); (err != nil) || (indata.Mail == "") || (indata.Password == "") {
		outdata.Error = "Input data wrong or missing. Please fill in all values."
		return outdata, user
	}

	user, err := dbcon.UserByMail(indata.Mail)
	switch err {
	case nil:
	case model.NotFound:
		outdata.Error = "E-Mail or password was wrong."
		return outdata, nil
	default:
		log.Printf("Error while loding user data (login): %s", err)
		outdata.Error = "User data could not be loaded."
		return outdata, nil
	}

	if bcrypt.CompareHashAndPassword(user.PWHash(), []byte(indata.Password)) != nil {
		outdata.Error = "E-Mail or password was wrong."
		return outdata, nil
	}

	sess.Values["uid"] = user.ID().String()
	outdata.Success = "Login successful"
	return outdata, user
}
Ejemplo n.º 3
0
func register(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
	outdata := &registerData{Timezones: &timeLocs}

	if user != nil {
		outdata.Success = "You are already logged in. To register a new account, first log out."
		return outdata, user
	}

	if req.Method != "POST" {
		return outdata, user
	}

	if err := req.ParseForm(); err != nil {
		outdata.Error = "Form data corrupted."
		return outdata, user
	}

	indata := new(registerFormdata)
	if err := formdec.Decode(indata, req.Form); (err != nil) || (indata.Mail == "") || (indata.Timezone.Loc == nil) {
		outdata.Error = "Input data wrong or missing. Please fill in all values and make sure to provide a valid E-Mail address."
		return outdata, user
	}

	if indata.Password == "" {
		outdata.Error = "Empty passwords are not allowed."
		return outdata, user
	}

	if indata.Password != indata.RetypePassword {
		outdata.Error = "Passwords are not identical."
		return outdata, user
	}

	mail := string(indata.Mail)

	switch _, err := dbcon.UserByMail(mail); err {
	case nil:
		outdata.Error = "This E-Mail address is already used."
		return outdata, user
	case model.NotFound:
	default:
		log.Printf("Error while checking, if mail is used: %s", err)
		outdata.Error = "Internal error, sorry."
		return outdata, user
	}

	acCode := genAcCode()
	pwhash, err := bcrypt.GenerateFromPassword([]byte(indata.Password), bcrypt.DefaultCost)
	if err != nil {
		log.Printf("Error while hashing password: %s", err)
		outdata.Error = "Internal error, sorry."
		return outdata, user
	}

	user, err = dbcon.AddUser(mail, pwhash, indata.Timezone.Loc, false, acCode)
	if err != nil {
		log.Printf("Could not create user (%s): %s", indata.Mail, err)
		outdata.Error = "Internal error, sorry."
		return outdata, user
	}

	if !SendActivationcode(mail, acCode, user.ID()) {
		outdata.Error = "We could not send you a mail with your confirmation code."
		return outdata, user
	}

	outdata.Success = "Account created successfully! We sent you an E-Mail that contains a link to activate your account."
	return outdata, user
}