Example #1
0
//like AuthenticateUserByKey, but does not update the timestamp - seems REDUNDANT
func GetCustomerUserFromKey(key string) (u CustomerUser, err error) {
	db, err := sql.Open("mysql", database.ConnectionString())
	if err != nil {
		return u, err
	}
	defer db.Close()

	stmt, err := db.Prepare(customerUserFromKey)
	if err != nil {
		return u, err
	}
	defer stmt.Close()

	res := stmt.QueryRow(api_helpers.AUTH_KEY_TYPE, key)
	user, err := ScanUser(res)
	if err != nil {
		err = fmt.Errorf("error: %s", "user does not exist")
		return
	}

	u = *user
	locChan := make(chan error)
	go func() {
		locChan <- u.GetLocation()
	}()

	u.GetKeys()

	u.Brands, err = brand.GetUserBrands(u.CustID)
	if err != nil {
		close(locChan)
		return
	}

	<-locChan
	return
}
Example #2
0
//registers an inactive user; emails user and webdev that a new inactive user exists - used by dealers site
func RegisterUser(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder) string {
	var err error

	name := r.FormValue("name")
	email := r.FormValue("email")
	pass := r.FormValue("pass")
	customerID, err := strconv.Atoi(r.FormValue("customerID"))
	// isActive, err := strconv.ParseBool(r.FormValue("isActive"))
	locationID, err := strconv.Atoi(r.FormValue("locationID"))
	// isSudo, err := strconv.ParseBool(r.FormValue("isSudo"))
	cust_ID, err := strconv.Atoi(r.FormValue("cust_ID"))
	notCustomer, err := strconv.ParseBool(r.FormValue("notCustomer"))

	if email == "" || pass == "" {
		err = errors.New("Email and password are required.")
		apierror.GenerateError("Email and password are required", err, rw, r)
		return ""
	}

	var user customer.CustomerUser
	user.Email = email
	user.Password = pass
	if name != "" {
		user.Name = name
	}
	if customerID != 0 {
		user.OldCustomerID = customerID
	}
	if locationID != 0 {
		user.Location.Id = locationID
	}
	if cust_ID != 0 {
		user.CustomerID = cust_ID
	}
	user.Active = false
	user.Sudo = false
	user.Current = notCustomer

	//check for existence of user
	err = user.FindByEmail()
	if err == nil {
		apierror.GenerateError("A user with that email address already exists.", err, rw, r)
		return ""
	}
	err = nil

	user.Brands, err = brand.GetUserBrands(cust_ID)
	if err != nil {
		apierror.GenerateError("Trouble getting user brands.", err, rw, r)
		return ""
	}
	var brandIds []int
	for _, brand := range user.Brands {
		brandIds = append(brandIds, brand.ID)
	}

	if err = user.Create(brandIds); err != nil {
		apierror.GenerateError("Trouble registering new customer user", err, rw, r)
		return ""
	}

	//email
	if err = user.SendRegistrationEmail(); err != nil {
		apierror.GenerateError("Trouble emailing new customer user", err, rw, r)
		return ""
	}

	if err = user.SendRegistrationRequestEmail(); err != nil {
		apierror.GenerateError("Trouble emailing webdevelopment regarding new customer user", err, rw, r)
		return ""
	}

	return encoding.Must(enc.Encode(user))
}
Example #3
0
func (u CustomerUser) GetCustomer(key string) (c Customer, err error) {
	db, err := sql.Open("mysql", database.ConnectionString())
	if err != nil {
		return c, err
	}
	defer db.Close()

	stmt, err := db.Prepare(userCustomer)
	if err != nil {
		return c, err
	}
	defer stmt.Close()

	res := stmt.QueryRow(u.Id)
	if err := c.ScanCustomer(res, key); err != nil {

		if err == sql.ErrNoRows {
			err = fmt.Errorf("error: %s", "user not bound to customer")
		}
		return c, err
	}
	shippingInfoChan := make(chan error)
	accountsChan := make(chan error)
	locChan := make(chan error)
	brandChan := make(chan error)
	go func() {
		locChan <- c.GetLocations()
	}()
	timeout := make(chan bool, 1)
	go func() {
		time.Sleep(5 * time.Second)
		timeout <- true
	}()
	go func() {
		shippingInfoChan <- c.GetAndCompareCustomerShippingInfo()
	}()
	go func() {
		accountsChan <- c.GetAccounts()
	}()
	go func() {
		brands, err := brand.GetUserBrands(c.Id)
		if err != nil {
			brandChan <- err
			return
		}
		for _, b := range brands {
			c.BrandIDs = append(c.BrandIDs, b.ID)
		}
		brandChan <- nil
	}()

	if u.Sudo {
		c.GetUsers(key)
	} else {
		c.Users = append(c.Users, u)
	}

	<-locChan
	<-accountsChan
	select {
	case <-shippingInfoChan:

	case <-timeout:
	}
	<-brandChan

	return
}
Example #4
0
func (u *CustomerUser) AuthenticateUser() error {
	db, err := sql.Open("mysql", database.ConnectionString())
	if err != nil {
		return AuthError
	}
	defer db.Close()

	stmt, err := db.Prepare(customerUserAuth)
	if err != nil {
		return AuthError
	}
	defer stmt.Close()

	var dbPass string
	var passConversionByte []byte
	var passConversion bool
	var sudo, active *bool
	var id, name, email *string
	var dateAdded *time.Time
	var oldId, locId, custId *int
	err = stmt.QueryRow(u.Email).Scan(
		&id,
		&name,
		&email,
		&dbPass,
		&oldId,
		&dateAdded,
		&active,
		&locId,
		&sudo,
		&custId,
		&passConversionByte,
	)
	if err != nil {
		return err
	}
	if id != nil {
		u.Id = *id
	}
	if name != nil {
		u.Name = *name
	}
	if email != nil {
		u.Email = *email
	}
	if oldId != nil {
		u.CustomerID = *oldId
	}
	if dateAdded != nil {
		u.DateAdded = *dateAdded
	}
	if active != nil {
		u.Active = *active
	}
	if locId != nil {
		u.Location.Id = *locId
	}
	if sudo != nil {
		u.Sudo = *sudo
	}
	if custId != nil {
		u.CustID = *custId
	}
	if passConversionByte != nil {
		passConversion, err = strconv.ParseBool(string(passConversionByte))
	}
	pass := u.Password

	// Attempt to compare bcrypt strings
	err = bcrypt.CompareHashAndPassword([]byte(dbPass), []byte(pass))
	if err != nil {
		// Compare unsuccessful

		var encPass string
		encPass, err = api_helpers.Md5Encrypt(pass)
		if err != nil {
			return err
		}
		if len(encPass) != len(dbPass) || passConversion { //bool
			return errors.New("Invalid password")
		}

		hashedPass, _ := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
		if err != nil {
			return errors.New("Failed to encode the password")
		}

		var stmtPass *sql.Stmt
		stmtPass, err = db.Prepare(updateCustomerUserPass)
		if err != nil {
			return err
		}
		_, err = stmtPass.Exec(hashedPass, u.Id)
		return errors.New("Incorrect password.")
	}

	u.Brands, err = brand.GetUserBrands(u.CustID)
	if err != nil {
		return err
	}

	var brandIds []int
	for _, brand := range u.Brands {
		brandIds = append(brandIds, brand.ID)
	}
	if resetErr := u.ResetAuthentication(brandIds); resetErr != nil {
		err = resetErr
	}

	u.Current = true

	return nil
}