Example #1
0
// UserLogin Check Login
func UserLogin(w http.ResponseWriter, r *http.Request, proute routes.Proute) {

	time.Sleep(1 * time.Second) // limit rate

	l := proute.Json.(*Userlogin)

	tx, err := db.DB.Beginx()
	if err != nil {
		log.Panicln("Can't start transaction for creating a new user")
		return
	}

	user := model.User{
		Username: l.Username,
	}

	err = user.Get(tx)
	if err != nil {
		log.Println("Login failed for user :"******"(can't find this username)")
		tx.Rollback()
		ArkeoError(w, 401, "Bad Username/Password")
		return
	}

	// test login
	ok := user.Login(l.Password)
	if !ok {
		log.Println("Login failed for user :"******"(password mismatch)")
		tx.Rollback()
		ArkeoError(w, 401, "Bad Username/Password")
		return
	}

	user.Password = "" // immediatly erase password field

	log.Println("Login ", user.Username, " => ", ok)

	token, s := session.NewSession()
	s.Values["user_id"] = user.Id
	s.Values["user"] = user

	a, err := loginAnswer(w, tx, user, token)
	if err != nil {
		log.Println("Login answer build failed : ", err)
		tx.Rollback()
		return
	}

	err = tx.Commit()
	if err != nil {
		userSqlError(w, err)
		return
	}

	j, err := json.Marshal(a)
	w.Write(j)
}
Example #2
0
// UserLogout will destroy it's session
func UserLogout(w http.ResponseWriter, r *http.Request, proute routes.Proute) {
	time.Sleep(1 * time.Second) // limit rate

	u, ok := proute.Session.Get("user")
	if ok {
		user, ok := u.(model.User)
		log.Println("Logout ", user.Username, " => ", ok)
	}

	token := r.Header.Get("Authorization")
	session.DestroySession(token)

	tx, err := db.DB.Beginx()
	if err != nil {
		log.Panicln("Can't start transaction for creating a new user")
		return
	}

	user := model.User{
		Id: 0,
	}

	err = user.Get(tx)
	user.Password = "" // immediatly erase password field

	if err != nil {
		log.Println("Failed to load anonymous user ")
		tx.Rollback()
		ArkeoError(w, 401, "Bad thing appned")
		return
	}

	log.Println("Logout ", user.Username)

	token, s := session.NewSession()
	s.Values["user_id"] = user.Id
	s.Values["user"] = user

	a, err := loginAnswer(w, tx, user, token)
	if err != nil {
		log.Println("Login answer build failed : ", err)
		tx.Rollback()
		return
	}

	err = tx.Commit()
	if err != nil {
		userSqlError(w, err)
		return
	}

	j, err := json.Marshal(a)
	w.Write(j)
}
Example #3
0
// userSet is for UserCreate or UserUpdate
func userSet(w http.ResponseWriter, r *http.Request, proute routes.Proute, create bool) {

	u := proute.Json.(*Usercreate)

	// hack overrides
	//u.User.Password = u.Password

	// hack for city
	u.City_geonameid = u.CityAndCountry.City.Geonameid
	log.Println("city : ", u.City_geonameid)

	tx, err := db.DB.Beginx()
	if err != nil {
		log.Println("1")
		userSqlError(w, err)
		return
	}

	_me, ok := proute.Session.Get("user")
	if !ok {
		log.Println("userSet: can't get user in session...", _me)
		_ = tx.Rollback()
		return
	}

	me, ok := _me.(model.User)
	if !ok {
		log.Println("userSet: can't cast user...", _me)
		_ = tx.Rollback()
		return
	}

	permAdminUsers, err := me.HavePermissions(tx, "adminusers")
	if err != nil {
		tx.Rollback()
		userSqlError(w, err)
		return
	}

	if create || u.User.Id != me.Id {
		if !permAdminUsers {
			tx.Rollback()
			routes.ServerError(w, 403, "unauthorized")
			return
		}
	}

	// password
	if len(u.Password) > 0 {

		if len(u.Password) < 7 {
			tx.Rollback()
			routes.FieldError(w, "json.password", "password", "USER.FIELD_PASSWORD.T_CHECK_LENGTH")
			return
		}

		err = u.User.MakeNewPassword(u.Password)
		if err != nil {
			fmt.Println("password generate failed")
			tx.Rollback()
			userSqlError(w, err)
			return
		}
	}

	// photo...
	if u.File != nil {
		photo := model.Photo{
			Photo: string(u.File.Content),
		}
		err = photo.Create(tx)
		if err != nil {
			log.Println("1")
			userSqlError(w, err)
			tx.Rollback()
			return
		}
		u.Photo_id = photo.Id
	}

	// save the user
	if create {
		err = u.Create(tx)
	} else {
		tmpuser := model.User{
			Id: u.Id,
		}
		err = tmpuser.Get(tx)
		if err != nil {
			log.Println("can't get user for update", err)
			userSqlError(w, err)
			tx.Rollback()
			return
		}

		if !permAdminUsers { // in this case, we update tmpuser with only authorized fields
			// if we set a new password
			if len(u.User.Password) != 0 {
				tmpuser.Password = u.User.Password
			}

			// authorized self modified user field
			tmpuser.Username = u.User.Username
			tmpuser.Firstname = u.User.Firstname
			tmpuser.Lastname = u.User.Lastname
			tmpuser.First_lang_isocode = u.User.First_lang_isocode
			tmpuser.Second_lang_isocode = u.User.Second_lang_isocode
			tmpuser.Description = u.User.Description
			tmpuser.Email = u.User.Email
			tmpuser.City_geonameid = u.User.City_geonameid

			err = tmpuser.Update(tx)
		} else {
			// if we don't set a new password, we take it back from the db
			if len(u.User.Password) == 0 {
				u.User.Password = tmpuser.Password
			}

			log.Println("updating user id : ", u.Id, u)
			err = u.Update(tx)
		}
	}
	if err != nil {
		log.Println("2")
		userSqlError(w, err)
		tx.Rollback()
		return
	}

	// save the companies
	var companies []model.Company
	for _, form_company := range u.Companies {
		if form_company.Id > 0 {
			form_company.City_geonameid = form_company.CityAndCountry.City.Geonameid
			log.Println("updating company : ", form_company.Company)
			err = form_company.Update(tx)
			if err != nil {
				log.Println("error while updating a company", err)
				tx.Rollback()
				userSqlError(w, err)
				return
			}
			companies = append(companies, form_company.Company)
		} else if len(form_company.Name) > 0 {
			form_company.City_geonameid = form_company.CityAndCountry.City.Geonameid
			log.Println("creating company : ", form_company.Company)
			err = form_company.Create(tx)
			if err != nil {
				log.Println("error while adding a company", err)
				tx.Rollback()
				userSqlError(w, err)
				return
			}
			companies = append(companies, form_company.Company)
		}
	}

	err = u.SetCompanies(tx, companies)
	if err != nil {
		log.Println("7")
		tx.Rollback()
		userSqlError(w, err)
		return
	}

	if permAdminUsers {
		// save the groups
		err = u.SetGroups(tx, u.Groups)
		if err != nil {
			log.Println("set groups")
			tx.Rollback()
			userSqlError(w, err)
			return
		}
	}

	err = tx.Commit()
	if err != nil {
		log.Println("8")
		userSqlError(w, err)
		return
	}

	j, err := json.Marshal("ok")
	w.Write(j)
}