Ejemplo n.º 1
0
func settings(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
	if user == nil {
		return &settingsTpldata{Error: "You need to be logged in to do that.", Fatal: true}, nil
	}

	outdata := &settingsTpldata{Timezones: make(map[string]bool)}
	tznow := user.Location().String()
	for _, tz := range timeLocs {
		outdata.Timezones[tz] = (tz == tznow)
	}

	if req.Method != "POST" {
		return outdata, user
	}

	if err := req.ParseForm(); err != nil {
		outdata.Error = "Could not parse form"
		return outdata, user
	}

	switch req.FormValue("M") {
	case "setpasswd":
		if req.FormValue("Password") == "" {
			outdata.Error = "Password must not be empty."
			return outdata, user
		}

		if req.FormValue("Password") != req.FormValue("RepeatPassword") {
			outdata.Error = "Passwords must be equal."
			return outdata, user
		}

		hash, err := bcrypt.GenerateFromPassword([]byte(req.FormValue("Password")), bcrypt.DefaultCost)
		if err != nil {
			log.Printf("Error hashing password: %s", err)
			outdata.Error = "Error while saving password."
			return outdata.Error, user
		}

		if err := user.SetPWHash(hash); err != nil {
			log.Printf("Error setting pwhash: %s", err)
			outdata.Error = "Could not save new password."
		} else {
			outdata.Success = "Password changed"
		}
	case "settimezone":
		loc, err := time.LoadLocation(req.FormValue("Timezone"))
		if err != nil {
			outdata.Error = "Unknown Timezone"
			return outdata, user
		}

		if err := user.SetLocation(loc); err != nil {
			log.Printf("Error setting location: %s", err)
			outdata.Error = "Could not save new timezone."
		} else {
			outdata.Success = "New timezone saved."
		}
	}

	return outdata, user
}
Ejemplo n.º 2
0
func pwreset(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
	if err := req.ParseForm(); err != nil {
		return &pwresetTpldata{Error: "Form data corrupted."}, user
	}

	code := req.FormValue("Code")
	_uid := req.FormValue("U")
	pw1 := req.FormValue("Password")
	pw2 := req.FormValue("PasswordAgain")

	if code == "" {
		return &pwresetTpldata{Error: "Wrong password reset code"}, user
	}

	uid, err := db.ParseDBID(_uid)
	if err != nil {
		return &pwresetTpldata{Error: "Invalid user ID"}, user
	}

	if user, err = dbcon.UserByID(uid); err != nil {
		return &pwresetTpldata{Error: "User not found"}, user
	}

	if user.ActivationCode() != code {
		return &pwresetTpldata{Error: "Wrong activation code"}, user
	}

	outdata := &pwresetTpldata{UID: _uid, Code: code}

	if req.Method != "POST" {
		return outdata, user
	}

	if pw1 == "" {
		outdata.Error = "Password must not be empty."
		return outdata, user
	}

	if pw1 != pw2 {
		outdata.Error = "Passwords are not identical."
		return outdata, user
	}

	hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost)
	if err != nil {
		log.Printf("Could not has password: %s", err)
		outdata.Error = "Could not save password."
		return outdata, user
	}

	if err := user.SetPWHash(hash); err != nil {
		log.Printf("Error while hashing password: %s", err)
		outdata.Error = "Could not save password."
		return outdata, user
	}

	if err := user.SetActivationCode(""); err != nil {
		log.Printf("Error resetting acCode: %s", err)
	}

	outdata.Success = "Password was changed"
	return outdata, user
}