Exemple #1
0
func (c User) SaveNewUser(user *models.User, password models.Password) revel.Result {
	if exists := user.GetByEmail(c.MongoSession, user.Email); exists.Email == user.Email {
		msg := fmt.Sprint("Account with ", user.Email, " already exists.")
		c.Validation.Required(user.Email != exists.Email).
			Message(msg)
	} else {
		user.Id = bson.NewObjectId()
	}

	user.Validate(c.Validation)
	user.ValidatePassword(c.Validation, password)

	if c.Validation.HasErrors() {
		c.Validation.Keep()
		c.FlashParams()
		c.Flash.Error("Please correct the errors below.")
		return c.Redirect(User.RegisterForm)
	}

	user.Save(c.MongoSession, password)

	c.Session["user"] = user.Email
	c.Flash.Success("Welcome, " + user.String())
	return c.Redirect(Application.Index)
}
Exemple #2
0
func (c User) SaveExistingUser(user *models.User, password models.Password, ObjectId string) revel.Result {
	// Weak access control (only let users change their own account)
	if c.User.Id == bson.ObjectIdHex(ObjectId) {
		// Don't trust user submitted id... load from session.
		user.Id = c.User.Id
		user.Validate(c.Validation)

		// Only validate the password if either is non-empty
		if password.Pass != "" || password.PassConfirm != "" {
			user.ValidatePassword(c.Validation, password)
		}

		if c.Validation.HasErrors() {
			c.Validation.Keep()
			c.FlashParams()
			c.Flash.Error("Please correct the errors below.")
			return c.Redirect(User.Index)
		}

		user.Save(c.MongoSession, password)

		// Refresh the session in case the email address was changed.
		c.Session["user"] = user.Email

		c.Flash.Success("Successfully updated account")
		return c.Redirect(Application.Index)
	}
	return c.Forbidden("You can only edit your own account. ")
}