func (lilo *basicLoginLogout) HandleLogout(request shared.IRequest) (shared.IResponse, error) {
//request.Session.shared.IUser = nil
log.Println("LOGOUT")
request.ResetSession()
request.Session().AddFlash("success", "Logged Out")
return getRedirectResponse("/")
}
func (th *simpleTemplateHandler) Handle(request shared.IRequest) (shared.IResponse, error) {
writer, err := th.manager.GetHTMLTemplateWriter(th.name, request.Session())
if err != nil {
return nil, err
}
writer.Data = th.data
return writer, nil
}
func (lilo *basicLoginLogout) HandleSetPassword(r shared.IRequest) (shared.IResponse, error) {
doErr := func(err error) (shared.IResponse, error) {
log.Println(err)
r.Session().AddFlash("error", "Something went wrong...")
return getRedirectResponse("/set_password")
}
currentPassword := r.PostValueString("current_password")
newPassword1 := r.PostValueString("new_password_1")
newPassword2 := r.PostValueString("new_password_2")
if newPassword1 != newPassword2 {
r.Session().AddFlash("error", "Passwords didn't match")
return getRedirectResponse("/set_password")
}
if len(currentPassword) < 1 {
// Is user exempt?
//if !r.Session().shared.IUser().SetOnNextLogin {
// r.Session.AddFlash("error", "Incorrect current password")
// r.Redirect("/set_password")
// return
//}
} else {
//Check Current Password
matches, err := r.Session().User().CheckPassword(currentPassword)
if err != nil {
return doErr(err)
}
if !matches {
r.Session().AddFlash("error", "Incorrect current password")
return getRedirectResponse("/set_password")
}
}
/// Is it secure enough?
// TODO:... something useful.
if len(newPassword1) < 5 {
r.Session().AddFlash("error", "Password must be at least 5 characters long")
return getRedirectResponse("/set_password")
}
hashed := HashPassword(newPassword1)
db := lilo.db
_, err := db.Exec(`UPDATE `+lilo.usersTable+` SET `+lilo.ColPassword+` = ?, `+lilo.ColSetOnNextLogin+` = 0 WHERE `+lilo.ColId+` = ?`, hashed, r.Session().UserID())
if err != nil {
return doErr(err)
}
return getRedirectResponse("/app.html")
}
func (lilo *basicLoginLogout) doLogin(request shared.IRequest, noPassword bool, usernameCol string, username interface{}, password string) {
doError := func(verboseMessage string, err error) {
log.Printf("Issue loggin in (not error): %s, U:%s", verboseMessage, username)
if err != nil {
log.Printf("Error loading user '%s' from database: %s\n", username, err.Error())
}
if noPassword {
request.Session().AddFlash("error", verboseMessage)
} else {
request.Session().AddFlash("error", "The presented credentials were not matched. Please try again.")
}
request.Redirect("/login")
}
db := lilo.db
rows, err := db.Query(`SELECT `+lilo.userColString()+` FROM `+lilo.usersTable+` WHERE `+usernameCol+` = ?`, username)
if err != nil {
panic(err)
log.Fatal(err)
return
}
defer rows.Close()
canHaz := rows.Next()
if !canHaz {
if noPassword {
doError(fmt.Sprintf("Could not find %s", username), nil)
} else {
doError("", nil)
}
return
}
user, err := lilo.LoadUser(rows)
if err != nil {
doError("Invalid user identifier", err)
return
}
if !noPassword {
log.Printf("Check Password")
res, err := user.CheckPassword(password)
if err != nil {
doError("", err)
return
}
if !res {
doError("", err)
return
}
}
target := "/app.html"
//if request.Session.LoginTarget != nil {
// target = *request.Session.LoginTarget
// }
request.ResetSession()
request.Session().SetUser(user)
if user.SetOnNextLogin() {
request.Redirect("/set_password")
} else {
request.Redirect(target)
}
log.Printf("Done Check Password")
}