// Authenticate authenticates and returns a user object
func Authenticate(email string, password string, w http.ResponseWriter, r *http.Request) (*User, error) {
hash := crypto.PasswordHash(password)
user, err := repo.GetWithPassword(email, hash)
if err != nil {
return nil, err
}
// Update session
// TODO: Should just save the entire User object here
if w != nil && r != nil {
session, _ := store.Get(r, "authenticated-user")
session.Values["key"] = user.Key
session.Save(r, w)
}
return user, nil
}
// RegisterHandler registers a new user
func RegisterHandler(w http.ResponseWriter, r *http.Request) {
if r.Method == "POST" {
name := strings.TrimSpace(r.FormValue("name"))
email := strings.TrimSpace(r.FormValue("email"))
password := r.FormValue("password")
// If email or password are blank then redirect to register page
// TODO: provide a sensible error to people so they understand what
// they did wrong.
if email == "" || password == "" {
render.Redirect(w, r, "/register")
return
}
// Check to see if person already exists by attempting to log them in.
passwordHash := crypto.PasswordHash(password)
user, err := Authenticate(email, password, w, r)
// If they do exist, redirect them home else create a new user and
// log them into the site.
if user != nil {
render.Redirect(w, r, "/")
return
}
key := crypto.UniqueHash(name)
user = &User{Key: key, Name: name, Email: email, Password: passwordHash}
err = repo.Insert(user)
render.Check(err, w)
// Auth user and redirect them
user, _ = Authenticate(email, password, w, r)
render.Redirect(w, r, "/")
return
}
render.Render(w, r, "auth_register", nil)
}