//like AuthenticateUserByKey, but does not update the timestamp - seems REDUNDANT
func GetCustomerUserFromKey(key string) (u CustomerUser, err error) {
db, err := sql.Open("mysql", database.ConnectionString())
if err != nil {
return u, err
}
defer db.Close()
stmt, err := db.Prepare(customerUserFromKey)
if err != nil {
return u, err
}
defer stmt.Close()
res := stmt.QueryRow(api_helpers.AUTH_KEY_TYPE, key)
user, err := ScanUser(res)
if err != nil {
err = fmt.Errorf("error: %s", "user does not exist")
return
}
u = *user
locChan := make(chan error)
go func() {
locChan <- u.GetLocation()
}()
u.GetKeys()
u.Brands, err = brand.GetUserBrands(u.CustID)
if err != nil {
close(locChan)
return
}
<-locChan
return
}
//registers an inactive user; emails user and webdev that a new inactive user exists - used by dealers site
func RegisterUser(rw http.ResponseWriter, r *http.Request, enc encoding.Encoder) string {
var err error
name := r.FormValue("name")
email := r.FormValue("email")
pass := r.FormValue("pass")
customerID, err := strconv.Atoi(r.FormValue("customerID"))
// isActive, err := strconv.ParseBool(r.FormValue("isActive"))
locationID, err := strconv.Atoi(r.FormValue("locationID"))
// isSudo, err := strconv.ParseBool(r.FormValue("isSudo"))
cust_ID, err := strconv.Atoi(r.FormValue("cust_ID"))
notCustomer, err := strconv.ParseBool(r.FormValue("notCustomer"))
if email == "" || pass == "" {
err = errors.New("Email and password are required.")
apierror.GenerateError("Email and password are required", err, rw, r)
return ""
}
var user customer.CustomerUser
user.Email = email
user.Password = pass
if name != "" {
user.Name = name
}
if customerID != 0 {
user.OldCustomerID = customerID
}
if locationID != 0 {
user.Location.Id = locationID
}
if cust_ID != 0 {
user.CustomerID = cust_ID
}
user.Active = false
user.Sudo = false
user.Current = notCustomer
//check for existence of user
err = user.FindByEmail()
if err == nil {
apierror.GenerateError("A user with that email address already exists.", err, rw, r)
return ""
}
err = nil
user.Brands, err = brand.GetUserBrands(cust_ID)
if err != nil {
apierror.GenerateError("Trouble getting user brands.", err, rw, r)
return ""
}
var brandIds []int
for _, brand := range user.Brands {
brandIds = append(brandIds, brand.ID)
}
if err = user.Create(brandIds); err != nil {
apierror.GenerateError("Trouble registering new customer user", err, rw, r)
return ""
}
//email
if err = user.SendRegistrationEmail(); err != nil {
apierror.GenerateError("Trouble emailing new customer user", err, rw, r)
return ""
}
if err = user.SendRegistrationRequestEmail(); err != nil {
apierror.GenerateError("Trouble emailing webdevelopment regarding new customer user", err, rw, r)
return ""
}
return encoding.Must(enc.Encode(user))
}
func (u CustomerUser) GetCustomer(key string) (c Customer, err error) {
db, err := sql.Open("mysql", database.ConnectionString())
if err != nil {
return c, err
}
defer db.Close()
stmt, err := db.Prepare(userCustomer)
if err != nil {
return c, err
}
defer stmt.Close()
res := stmt.QueryRow(u.Id)
if err := c.ScanCustomer(res, key); err != nil {
if err == sql.ErrNoRows {
err = fmt.Errorf("error: %s", "user not bound to customer")
}
return c, err
}
shippingInfoChan := make(chan error)
accountsChan := make(chan error)
locChan := make(chan error)
brandChan := make(chan error)
go func() {
locChan <- c.GetLocations()
}()
timeout := make(chan bool, 1)
go func() {
time.Sleep(5 * time.Second)
timeout <- true
}()
go func() {
shippingInfoChan <- c.GetAndCompareCustomerShippingInfo()
}()
go func() {
accountsChan <- c.GetAccounts()
}()
go func() {
brands, err := brand.GetUserBrands(c.Id)
if err != nil {
brandChan <- err
return
}
for _, b := range brands {
c.BrandIDs = append(c.BrandIDs, b.ID)
}
brandChan <- nil
}()
if u.Sudo {
c.GetUsers(key)
} else {
c.Users = append(c.Users, u)
}
<-locChan
<-accountsChan
select {
case <-shippingInfoChan:
case <-timeout:
}
<-brandChan
return
}
func (u *CustomerUser) AuthenticateUser() error {
db, err := sql.Open("mysql", database.ConnectionString())
if err != nil {
return AuthError
}
defer db.Close()
stmt, err := db.Prepare(customerUserAuth)
if err != nil {
return AuthError
}
defer stmt.Close()
var dbPass string
var passConversionByte []byte
var passConversion bool
var sudo, active *bool
var id, name, email *string
var dateAdded *time.Time
var oldId, locId, custId *int
err = stmt.QueryRow(u.Email).Scan(
&id,
&name,
&email,
&dbPass,
&oldId,
&dateAdded,
&active,
&locId,
&sudo,
&custId,
&passConversionByte,
)
if err != nil {
return err
}
if id != nil {
u.Id = *id
}
if name != nil {
u.Name = *name
}
if email != nil {
u.Email = *email
}
if oldId != nil {
u.CustomerID = *oldId
}
if dateAdded != nil {
u.DateAdded = *dateAdded
}
if active != nil {
u.Active = *active
}
if locId != nil {
u.Location.Id = *locId
}
if sudo != nil {
u.Sudo = *sudo
}
if custId != nil {
u.CustID = *custId
}
if passConversionByte != nil {
passConversion, err = strconv.ParseBool(string(passConversionByte))
}
pass := u.Password
// Attempt to compare bcrypt strings
err = bcrypt.CompareHashAndPassword([]byte(dbPass), []byte(pass))
if err != nil {
// Compare unsuccessful
var encPass string
encPass, err = api_helpers.Md5Encrypt(pass)
if err != nil {
return err
}
if len(encPass) != len(dbPass) || passConversion { //bool
return errors.New("Invalid password")
}
hashedPass, _ := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
if err != nil {
return errors.New("Failed to encode the password")
}
var stmtPass *sql.Stmt
stmtPass, err = db.Prepare(updateCustomerUserPass)
if err != nil {
return err
}
_, err = stmtPass.Exec(hashedPass, u.Id)
return errors.New("Incorrect password.")
}
u.Brands, err = brand.GetUserBrands(u.CustID)
if err != nil {
return err
}
var brandIds []int
for _, brand := range u.Brands {
brandIds = append(brandIds, brand.ID)
}
if resetErr := u.ResetAuthentication(brandIds); resetErr != nil {
err = resetErr
}
u.Current = true
return nil
}