Exemple #1
0
func (l loginForm) authenticate(request *http.Request) (string, error) {
	err := request.ParseForm()

	if err != nil {
		return "", err
	}

	decoder := schema.NewDecoder()
	form := new(loginForm)

	err = decoder.Decode(form, request.PostForm)

	if err != nil {
		return "", err
	}

	user, err := database.GetUser(form.Email)

	if err != nil {
		return "", err
	}

	auth := database.ComparePassword(form.Password, user.Password)

	if auth == false {
		return "", errors.New("Username and password do not match.")
	}

	return user.NewSession(), nil
}
Exemple #2
0
// update updates an existing user account. The admin flag passed is taken from
// the user that was fetched from the DB, it cannot be edited through the form.
func (u userSettingsForm) update(request *http.Request) error {
	err := request.ParseForm()

	if err != nil {
		return err
	}

	decoder := schema.NewDecoder()
	form := new(userSettingsForm)

	err = decoder.Decode(form, request.PostForm)

	if err != nil {
		return err
	}

	user := context.Get(request, contextUser).(*database.User)

	auth := database.ComparePassword(form.Password, user.Password)

	if auth == false {
		return errors.New("Username and password do not match.")
	}

	_, err = user.Update(
		form.Email,
		form.FirstName,
		form.LastName,
		form.NewPassword,
		user.Admin,
	)

	return err
}