Example #1
0
func (h *Handler) doPost(w http.ResponseWriter, r *http.Request, id int64) {
	var err error
	session := common.GetUserSession(r)
	if !common.VerifyXsrfToken(r, kSingle) {
		err = common.ErrXsrf
	} else if http_util.HasParam(r.Form, "delete") {
		if isIdValid(id) {
			err = h.Store.RemoveEntry(nil, id, session.User.GetOwner())
		}
	} else if http_util.HasParam(r.Form, "cancel") {
		// Do nothing
	} else {
		var mutation functional.Filterer
		mutation, err = toEntry(r.Form)
		if err == nil {
			if isIdValid(id) {
				tag, _ := strconv.ParseUint(r.Form.Get("etag"), 10, 64)
				err = h.Doer.Do(func(t db.Transaction) error {
					return vsafedb.UpdateEntryWithEtag(
						h.Store, t, id, tag, session.Key(), mutation)
				})
			} else {
				var newId int64
				var entry vsafe.Entry
				mutation.Filter(&entry)
				newId, err = vsafedb.AddEntry(h.Store, nil, session.Key(), &entry)
				if err == nil {
					id = newId
				}
			}
		}
	}
	if err == vsafedb.ErrConcurrentModification {
		err = errors.New("Someone else updated this entry after you started. Click cancel and try again.")
	}
	if err != nil {
		http_util.WriteTemplate(
			w,
			kTemplate,
			newView(
				r.Form,
				isIdValid(id),
				session.Key().Id,
				common.NewXsrfToken(r, kSingle),
				err))
	} else {
		goBack(w, r, id)
	}
}
Example #2
0
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	session := common.GetUserSession(r)
	if r.Method == "GET" {
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name: session.User.Name,
				Xsrf: common.NewXsrfToken(r, kChPasswd)})
	} else {
		r.ParseForm()
		if !common.VerifyXsrfToken(r, kChPasswd) {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: common.ErrXsrf.Error()})
			return
		}
		old := r.Form.Get("old")
		new := r.Form.Get("new")
		verify := r.Form.Get("verify")
		if new != verify {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Password re-typed incorrectly."})
			return
		}
		if len(new) < kMinPasswordLength {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name: session.User.Name,
					Xsrf: common.NewXsrfToken(r, kChPasswd),
					Message: fmt.Sprintf(
						"Password must be at least %d characters.",
						kMinPasswordLength)})
			return
		}
		err := h.Doer.Do(func(t db.Transaction) error {
			user, err := vsafedb.ChangePassword(
				h.Store, t, session.User.Id, old, new)
			if err != nil {
				return err
			}
			session.User = user
			return nil
		})
		if err == vsafe.ErrWrongPassword {
			http_util.WriteTemplate(
				w,
				kTemplate,
				&view{
					Name:    session.User.Name,
					Xsrf:    common.NewXsrfToken(r, kChPasswd),
					Message: "Old password wrong."})
			return
		}
		if err != nil {
			http_util.ReportError(w, "Error updating database", err)
			return
		}
		http_util.WriteTemplate(
			w,
			kTemplate,
			&view{
				Name:    session.User.Name,
				Message: "Password changed successfully.",
				Xsrf:    common.NewXsrfToken(r, kChPasswd),
				Success: true})
	}
}