func forgotpw(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
if req.Method != "POST" {
return &forgotpwTpldata{}, user
}
if err := req.ParseForm(); err != nil {
return &forgotpwTpldata{Error: "Form data corrupted."}, user
}
email := req.FormValue("Mail")
if email == "" {
return &forgotpwTpldata{Error: "E-Mail must not be empty."}, user
}
user, err := dbcon.UserByMail(email)
if err != nil {
return &forgotpwTpldata{Error: "E-Mail not found."}, user
}
key := genAcCode()
if err := user.SetActivationCode(key); err != nil {
log.Printf("Could not store pwreset key: %s", err)
return &forgotpwTpldata{Error: "Could not generate a keyword reset code."}, user
}
if !SendPwresetLink(user.Email(), key, user.ID()) {
return &forgotpwTpldata{Error: "Could not send reset E-Mail."}, user
}
return &forgotpwTpldata{Success: "We sent you an E-Mail with further instructions."}, user
}
func login(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
outdata := &loginTpldata{}
if user != nil {
outdata.Success = "You are already logged in"
return outdata, user
}
if req.Method != "POST" {
return outdata, user
}
if err := req.ParseForm(); err != nil {
outdata.Error = "Formdata corrupted. Please try again."
return outdata, user
}
indata := new(loginFormdata)
if err := formdec.Decode(indata, req.Form); (err != nil) || (indata.Mail == "") || (indata.Password == "") {
outdata.Error = "Input data wrong or missing. Please fill in all values."
return outdata, user
}
user, err := dbcon.UserByMail(indata.Mail)
switch err {
case nil:
case model.NotFound:
outdata.Error = "E-Mail or password was wrong."
return outdata, nil
default:
log.Printf("Error while loding user data (login): %s", err)
outdata.Error = "User data could not be loaded."
return outdata, nil
}
if bcrypt.CompareHashAndPassword(user.PWHash(), []byte(indata.Password)) != nil {
outdata.Error = "E-Mail or password was wrong."
return outdata, nil
}
sess.Values["uid"] = user.ID().String()
outdata.Success = "Login successful"
return outdata, user
}
func register(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
outdata := ®isterData{Timezones: &timeLocs}
if user != nil {
outdata.Success = "You are already logged in. To register a new account, first log out."
return outdata, user
}
if req.Method != "POST" {
return outdata, user
}
if err := req.ParseForm(); err != nil {
outdata.Error = "Form data corrupted."
return outdata, user
}
indata := new(registerFormdata)
if err := formdec.Decode(indata, req.Form); (err != nil) || (indata.Mail == "") || (indata.Timezone.Loc == nil) {
outdata.Error = "Input data wrong or missing. Please fill in all values and make sure to provide a valid E-Mail address."
return outdata, user
}
if indata.Password == "" {
outdata.Error = "Empty passwords are not allowed."
return outdata, user
}
if indata.Password != indata.RetypePassword {
outdata.Error = "Passwords are not identical."
return outdata, user
}
mail := string(indata.Mail)
switch _, err := dbcon.UserByMail(mail); err {
case nil:
outdata.Error = "This E-Mail address is already used."
return outdata, user
case model.NotFound:
default:
log.Printf("Error while checking, if mail is used: %s", err)
outdata.Error = "Internal error, sorry."
return outdata, user
}
acCode := genAcCode()
pwhash, err := bcrypt.GenerateFromPassword([]byte(indata.Password), bcrypt.DefaultCost)
if err != nil {
log.Printf("Error while hashing password: %s", err)
outdata.Error = "Internal error, sorry."
return outdata, user
}
user, err = dbcon.AddUser(mail, pwhash, indata.Timezone.Loc, false, acCode)
if err != nil {
log.Printf("Could not create user (%s): %s", indata.Mail, err)
outdata.Error = "Internal error, sorry."
return outdata, user
}
if !SendActivationcode(mail, acCode, user.ID()) {
outdata.Error = "We could not send you a mail with your confirmation code."
return outdata, user
}
outdata.Success = "Account created successfully! We sent you an E-Mail that contains a link to activate your account."
return outdata, user
}