Exemple #1
0
// Redirects to LoginURL unless session value "user_id" is a nonzero integer.
//
// If "must_change_password" is set to true, any request for a path other than
// ChangePasswordPath is redirected to that path.
func MustLogin(h http.Handler) http.Handler {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		userID := session.Int(req, "user_id", 0)
		if userID == 0 {
			session.AddFlash(req, session.Flash{
				Severity: "error",
				Msg:      "You must log in to access this resource.",
			})
			RedirectWithReturn(req, 302, LoginURL)
			return
		}

		mustChangePassword := session.Bool(req, "must_change_password", false)
		if mustChangePassword && req.URL.Path != ChangePasswordPath {
			session.AddFlash(req, session.Flash{
				Severity: "success",
				Msg:      "You must change your password before proceeding.",
			})
			RedirectWithReturn(req, 302, ChangePasswordPath)
			return
		}

		h.ServeHTTP(rw, req)
	})
}
Exemple #2
0
// Ensures that "user_is_admin" is set to true.
func MustAdmin(h, notFound http.Handler) http.Handler {
	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
		isAdmin := session.Bool(req, "user_is_admin", false)
		if !isAdmin {
			weberror.ShowRW(rw, req, 404)
			return
		}

		MustLogin(h).ServeHTTP(rw, req)
	})
}
Exemple #3
0
func Auth_ChangePassword_GET(rw http.ResponseWriter, req *http.Request) {
	tpl.MustShow(req, "auth/chpw", map[string]interface{}{
		"must_change_password": session.Bool(req, "must_change_password", false),
	})
}
Exemple #4
0
func Auth_ChangePassword_POST(rw http.ResponseWriter, req *http.Request) {
	userID := session.Int(req, "user_id", 0)
	curPassword := req.PostFormValue("cur_password")
	password := req.PostFormValue("password")
	passwordConfirm := req.PostFormValue("password_confirm")

	if password == passwordConfirm {
		if len(password) >= 8 {
			mustChangePassword := session.Bool(req, "must_change_password", false)

			var err error
			var passwordPlain string
			if !mustChangePassword {
				err = GetBackend(req).GetDatabase().QueryRow("SELECT password_plain FROM \"n_user\" WHERE node_id=$1", userID).Scan(&passwordPlain)
				log.Panice(err)

				_, err = passlib.Verify(curPassword, passwordPlain)
			}

			if err == nil {
				newHash, err := passlib.Hash(password)
				log.Panice(err)

				newAK := make([]byte, 32)
				rand.Read(newAK)

				_, err = GetBackend(req).GetDatabase().Exec("UPDATE \"n_user\" SET password_plain=$1, ak=$2 WHERE node_id=$3", newHash, newAK, userID)
				log.Panice(err)

				session.Set(req, "user_ak", newAK)

				if mustChangePassword {
					session.Set(req, "must_change_password", false)
				}

				session.AddFlash(req, session.Flash{
					Severity: "success",
					Msg:      "Password changed.",
				})
				miscctx.SeeOther(req, "/")
				return
			} else {
				session.AddFlash(req, session.Flash{
					Severity: "error",
					Msg:      "Password incorrect.",
				})
			}
		} else {
			session.AddFlash(req, session.Flash{
				Severity: "error",
				Msg:      "Password must be at least 8 characters long.",
			})
		}
	} else {
		session.AddFlash(req, session.Flash{
			Severity: "error",
			Msg:      "Passwords do not match.",
		})
	}

	Auth_ChangePassword_GET(rw, req)
}
Exemple #5
0
// Returns true iff user is an administrator.
func (c *Ctx) IsAdmin() bool {
	return session.Bool(c.Req, "user_is_admin", false)
}