func (l loginForm) authenticate(request *http.Request) (string, error) {
err := request.ParseForm()
if err != nil {
return "", err
}
decoder := schema.NewDecoder()
form := new(loginForm)
err = decoder.Decode(form, request.PostForm)
if err != nil {
return "", err
}
user, err := database.GetUser(form.Email)
if err != nil {
return "", err
}
auth := database.ComparePassword(form.Password, user.Password)
if auth == false {
return "", errors.New("Username and password do not match.")
}
return user.NewSession(), nil
}
// update updates an existing user account. The admin flag passed is taken from
// the user that was fetched from the DB, it cannot be edited through the form.
func (u userSettingsForm) update(request *http.Request) error {
err := request.ParseForm()
if err != nil {
return err
}
decoder := schema.NewDecoder()
form := new(userSettingsForm)
err = decoder.Decode(form, request.PostForm)
if err != nil {
return err
}
user := context.Get(request, contextUser).(*database.User)
auth := database.ComparePassword(form.Password, user.Password)
if auth == false {
return errors.New("Username and password do not match.")
}
_, err = user.Update(
form.Email,
form.FirstName,
form.LastName,
form.NewPassword,
user.Admin,
)
return err
}