// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Find the user with this email
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
q = users.Where("name=?", params.Get("email")) // NB use of email field
user, err = users.First(q)
}
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the fact user is logged in to session cookie
err = loginUser(context, user)
if err != nil {
return router.InternalError(err)
}
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Need something neater than this - how best to do it?
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Now save the user details in a secure cookie, so that we remember the next request
session, err := auth.Session(context, context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
}
context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Check users against their username - we could also check against the email later?
name := params.Get("name")
q := users.Where("name=?", name)
user, err := users.FindFirst(q)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_name")
}
err = auth.CheckPassword(params.Get("password"), user.Password)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info LOGIN for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
