// UserLogin Check Login
func UserLogin(w http.ResponseWriter, r *http.Request, proute routes.Proute) {
time.Sleep(1 * time.Second) // limit rate
l := proute.Json.(*Userlogin)
tx, err := db.DB.Beginx()
if err != nil {
log.Panicln("Can't start transaction for creating a new user")
return
}
user := model.User{
Username: l.Username,
}
err = user.Get(tx)
if err != nil {
log.Println("Login failed for user :"******"(can't find this username)")
tx.Rollback()
ArkeoError(w, 401, "Bad Username/Password")
return
}
// test login
ok := user.Login(l.Password)
if !ok {
log.Println("Login failed for user :"******"(password mismatch)")
tx.Rollback()
ArkeoError(w, 401, "Bad Username/Password")
return
}
user.Password = "" // immediatly erase password field
log.Println("Login ", user.Username, " => ", ok)
token, s := session.NewSession()
s.Values["user_id"] = user.Id
s.Values["user"] = user
a, err := loginAnswer(w, tx, user, token)
if err != nil {
log.Println("Login answer build failed : ", err)
tx.Rollback()
return
}
err = tx.Commit()
if err != nil {
userSqlError(w, err)
return
}
j, err := json.Marshal(a)
w.Write(j)
}
// UserLogout will destroy it's session
func UserLogout(w http.ResponseWriter, r *http.Request, proute routes.Proute) {
time.Sleep(1 * time.Second) // limit rate
u, ok := proute.Session.Get("user")
if ok {
user, ok := u.(model.User)
log.Println("Logout ", user.Username, " => ", ok)
}
token := r.Header.Get("Authorization")
session.DestroySession(token)
tx, err := db.DB.Beginx()
if err != nil {
log.Panicln("Can't start transaction for creating a new user")
return
}
user := model.User{
Id: 0,
}
err = user.Get(tx)
user.Password = "" // immediatly erase password field
if err != nil {
log.Println("Failed to load anonymous user ")
tx.Rollback()
ArkeoError(w, 401, "Bad thing appned")
return
}
log.Println("Logout ", user.Username)
token, s := session.NewSession()
s.Values["user_id"] = user.Id
s.Values["user"] = user
a, err := loginAnswer(w, tx, user, token)
if err != nil {
log.Println("Login answer build failed : ", err)
tx.Rollback()
return
}
err = tx.Commit()
if err != nil {
userSqlError(w, err)
return
}
j, err := json.Marshal(a)
w.Write(j)
}
// userSet is for UserCreate or UserUpdate
func userSet(w http.ResponseWriter, r *http.Request, proute routes.Proute, create bool) {
u := proute.Json.(*Usercreate)
// hack overrides
//u.User.Password = u.Password
// hack for city
u.City_geonameid = u.CityAndCountry.City.Geonameid
log.Println("city : ", u.City_geonameid)
tx, err := db.DB.Beginx()
if err != nil {
log.Println("1")
userSqlError(w, err)
return
}
_me, ok := proute.Session.Get("user")
if !ok {
log.Println("userSet: can't get user in session...", _me)
_ = tx.Rollback()
return
}
me, ok := _me.(model.User)
if !ok {
log.Println("userSet: can't cast user...", _me)
_ = tx.Rollback()
return
}
permAdminUsers, err := me.HavePermissions(tx, "adminusers")
if err != nil {
tx.Rollback()
userSqlError(w, err)
return
}
if create || u.User.Id != me.Id {
if !permAdminUsers {
tx.Rollback()
routes.ServerError(w, 403, "unauthorized")
return
}
}
// password
if len(u.Password) > 0 {
if len(u.Password) < 7 {
tx.Rollback()
routes.FieldError(w, "json.password", "password", "USER.FIELD_PASSWORD.T_CHECK_LENGTH")
return
}
err = u.User.MakeNewPassword(u.Password)
if err != nil {
fmt.Println("password generate failed")
tx.Rollback()
userSqlError(w, err)
return
}
}
// photo...
if u.File != nil {
photo := model.Photo{
Photo: string(u.File.Content),
}
err = photo.Create(tx)
if err != nil {
log.Println("1")
userSqlError(w, err)
tx.Rollback()
return
}
u.Photo_id = photo.Id
}
// save the user
if create {
err = u.Create(tx)
} else {
tmpuser := model.User{
Id: u.Id,
}
err = tmpuser.Get(tx)
if err != nil {
log.Println("can't get user for update", err)
userSqlError(w, err)
tx.Rollback()
return
}
if !permAdminUsers { // in this case, we update tmpuser with only authorized fields
// if we set a new password
if len(u.User.Password) != 0 {
tmpuser.Password = u.User.Password
}
// authorized self modified user field
tmpuser.Username = u.User.Username
tmpuser.Firstname = u.User.Firstname
tmpuser.Lastname = u.User.Lastname
tmpuser.First_lang_isocode = u.User.First_lang_isocode
tmpuser.Second_lang_isocode = u.User.Second_lang_isocode
tmpuser.Description = u.User.Description
tmpuser.Email = u.User.Email
tmpuser.City_geonameid = u.User.City_geonameid
err = tmpuser.Update(tx)
} else {
// if we don't set a new password, we take it back from the db
if len(u.User.Password) == 0 {
u.User.Password = tmpuser.Password
}
log.Println("updating user id : ", u.Id, u)
err = u.Update(tx)
}
}
if err != nil {
log.Println("2")
userSqlError(w, err)
tx.Rollback()
return
}
// save the companies
var companies []model.Company
for _, form_company := range u.Companies {
if form_company.Id > 0 {
form_company.City_geonameid = form_company.CityAndCountry.City.Geonameid
log.Println("updating company : ", form_company.Company)
err = form_company.Update(tx)
if err != nil {
log.Println("error while updating a company", err)
tx.Rollback()
userSqlError(w, err)
return
}
companies = append(companies, form_company.Company)
} else if len(form_company.Name) > 0 {
form_company.City_geonameid = form_company.CityAndCountry.City.Geonameid
log.Println("creating company : ", form_company.Company)
err = form_company.Create(tx)
if err != nil {
log.Println("error while adding a company", err)
tx.Rollback()
userSqlError(w, err)
return
}
companies = append(companies, form_company.Company)
}
}
err = u.SetCompanies(tx, companies)
if err != nil {
log.Println("7")
tx.Rollback()
userSqlError(w, err)
return
}
if permAdminUsers {
// save the groups
err = u.SetGroups(tx, u.Groups)
if err != nil {
log.Println("set groups")
tx.Rollback()
userSqlError(w, err)
return
}
}
err = tx.Commit()
if err != nil {
log.Println("8")
userSqlError(w, err)
return
}
j, err := json.Marshal("ok")
w.Write(j)
}