// PUT /api/user/pwd/:uid/ func ModifyPassword(ctx *macaron.Context, as rest.AuthService, ut *rest.UserToken) { // 1.0 var mpwd rest.ModifyPasswordReq uid, ok := getUidAndBodyWithAuth(ctx, as, ut, rest.DummyOptId, &mpwd) if !ok { return } // 2.0 u := &models.User{Id: uid} if err := u.ReadOneOnly("Salt", "Password"); err == orm.ErrNoRows { ctx.JSON(http.StatusNotFound, rest.INVALID_USER) return } else if err != nil { ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR) return } if !tkits.CmpPasswd(mpwd.OldPasswd, u.Salt, u.Password) { ctx.JSON(http.StatusNotFound, rest.INVALID_USER) return } valid := validation.Validation{} valid.Match(mpwd.NewPasswd, rest.ValidPasswd, "NewPasswd").Message(rest.PasswdPrompt) if !validMember(ctx, &valid) { return } // 3.0 pwd, salt := tkits.GenPasswd(mpwd.NewPasswd, 8) u.Salt = salt u.Password = pwd u.Updated = time.Now() if row, _ := u.Update("Salt", "Password", "Updated"); row != 1 { ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR) return } ctx.Status(http.StatusOK) }
// POST /api/user/signup func AddUser(ctx *macaron.Context, as rest.AuthService, cpt *captcha.Captcha) { var uar rest.UserAddReq ok := getBody(ctx, &uar) if !ok { return } log.Debugf("retrive CaptchaId = %s, CaptchaValue= %s", uar.CaptchaId, uar.CaptchaValue) if !cpt.Verify(uar.CaptchaId, uar.CaptchaValue) { ctx.JSON(http.StatusBadRequest, rest.INVALID_CAPTCHA) return } valid := validation.Validation{} valid.Email(uar.Email, "Email") valid.Match(uar.Username, rest.ValidPasswd, "Username").Message(rest.UsernamePrompt) valid.Match(uar.Passwd, rest.ValidPasswd, "Passwd").Message(rest.PasswdPrompt) if !validMember(ctx, &valid) { return } // check user whether existed u := &models.User{} if err := u.Find(uar.Email, uar.Username, ""); err != orm.ErrNoRows { ctx.JSON(http.StatusBadRequest, rest.INVALID_SIGNUP) return } // check reserve users if _, ok := rest.ReserveUsers[uar.Username]; ok { ctx.JSON(http.StatusBadRequest, rest.INVALID_SIGNUP) return } // generate password mask pwd, salt := tkits.GenPasswd(uar.Passwd, 8) u.Salt = salt u.Password = pwd u.Updated = time.Now() u.Username = uar.Username u.Email = uar.Email if id, err := u.Insert(); err != nil { ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR) return } else { u.Id = id } // generate a token if token, err := as.GenUserToken(ctx.RemoteAddr(), u.Id, 15, rest.TokenUser); err != nil { ctx.JSON(http.StatusInternalServerError, tkits.SYS_ERROR) return } else { rsp := &rest.UserAddRsp{u.Id, u.Username, token} // set some cookies if uar.CookieMaxAge == 0 { uar.CookieMaxAge = 60 * 60 * 12 //half of one day } suid := fmt.Sprintf("%v", u.Id) ctx.SetCookie("token", token, uar.CookieMaxAge) ctx.SetCookie("uid", suid, uar.CookieMaxAge) ctx.JSON(http.StatusOK, rsp) } }