Example #1
0
// POST /users/password/reset
func HandlePasswordResetSend(context router.Context) error {

	// Find the user by email (if not found let them know)
	// Find the user by hex token in the db
	email := context.Param("email")
	user, err := users.First(users.Where("email=?", email))
	if err != nil {
		return router.Redirect(context, "/users/password/reset?message=invalid_email")
	}

	// Generate a random token and url for the email
	token := auth.BytesToHex(auth.RandomToken())

	// Generate the url to use in our email
	base := fmt.Sprintf("%s://%s", context.Request().URL.Scheme, context.Request().URL.Host)
	url := fmt.Sprintf("%s/users/password?token=%s", base, token)

	context.Logf("#info sending reset email:%s url:%s", email, url)

	// Update the user record with with this token
	p := map[string]string{"reset_token": token}
	user.Update(p)

	// Send a password reset email out
	//mail.Send("mymail")

	// Tell the user what we have done
	return router.Redirect(context, "/users/password/sent")
}
Example #2
0
// POST /users/password?token=DEADFISH - handle password reset link
func HandlePasswordReset(context router.Context) error {

	token := context.Param("token")
	if len(token) == 0 {
		return router.InternalError(fmt.Errorf("Blank reset token"))
	}

	// Find the user by hex token in the db
	user, err := users.First(users.Where("token=?", token))
	if err != nil {
		return router.InternalError(err)
	}

	// If we found a user with this token, log the sender in as them
	// and remove the token from the user so that it can't be used twice
	// we should possibly add a time limit to tokens too?

	// Redirect to the user update page so that they can change their password
	return router.Redirect(context, fmt.Sprintf("/users/%d/update", user.Id))
}
Example #3
0
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {

	// Check we're not already logged in, if so redirect

	// Get the user details from the database
	params, err := context.Params()
	if err != nil {
		return router.NotFoundError(err)
	}

	// Need something neater than this - how best to do it?
	q := users.Where("email=?", params.Get("email"))
	user, err := users.First(q)
	if err != nil {
		context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_email")

	}

	err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)

	if err != nil {
		context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
		return router.Redirect(context, "/users/login?error=failed_password")
	}

	// Now save the user details in a secure cookie, so that we remember the next request
	session, err := auth.Session(context, context.Request())
	if err != nil {
		context.Logf("#error problem retrieving session")

	}
	context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
	session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
	session.Save(context)

	// Redirect to whatever page the user tried to visit before (if any)
	// For now send them to root
	return router.Redirect(context, "/")

}