Exemple #1
0
// POST /api/user/login
func LoginUser(ctx *macaron.Context, as rest.AuthService, cpt *captcha.Captcha) {
	var ulr rest.UserLoginReq
	ok := getBody(ctx, &ulr)
	if !ok {
		return
	}

	if !cpt.Verify(ulr.CaptchaId, ulr.CaptchaValue) {
		ctx.JSON(http.StatusBadRequest, rest.INVALID_CAPTCHA)
		return
	}

	// check user whether existed
	u := &models.User{}
	if err := u.Find(ulr.Email, ulr.Username, ulr.Mobile); err != nil {
		ctx.JSON(http.StatusNotFound, rest.INVALID_USER)
		return
	}

	// check user password
	if !tkits.CmpPasswd(ulr.Passwd, u.Salt, u.Password) {
		ctx.JSON(http.StatusNotFound, rest.INVALID_USER)
		return
	}

	// update ip, time and count for login
	cip := ctx.RemoteAddr()
	u.LastLoginTime = time.Now()
	u.LastLoginIp = cip
	u.LoginCount += 1
	if _, err := u.Update("LastLoginTime", "LastLoginIp", "LoginCount"); err != nil {
		ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR)
		return
	}

	// generate a token

	if token, err := as.GenUserToken(cip, u.Id, 15, rest.TokenUser); err != nil {
		ctx.JSON(http.StatusInternalServerError, tkits.SYS_ERROR)
		return
	} else {
		rsp := &rest.UserLoginRsp{}
		rsp.Uid = u.Id
		rsp.Username = u.Username
		rsp.Token = token

		if ulr.CookieMaxAge == 0 {
			ulr.CookieMaxAge = 60 * 60 * 12 //half of one day
		}

		suid := fmt.Sprintf("%v", u.Id)
		ctx.SetCookie("token", token, ulr.CookieMaxAge)
		ctx.SetCookie("uid", suid, ulr.CookieMaxAge)

		ctx.JSON(http.StatusOK, rsp)
	}
}
Exemple #2
0
// PUT /api/user/pwd/:uid/
func ModifyPassword(ctx *macaron.Context, as rest.AuthService, ut *rest.UserToken) {
	// 1.0
	var mpwd rest.ModifyPasswordReq
	uid, ok := getUidAndBodyWithAuth(ctx, as, ut, rest.DummyOptId, &mpwd)
	if !ok {
		return
	}

	// 2.0
	u := &models.User{Id: uid}
	if err := u.ReadOneOnly("Salt", "Password"); err == orm.ErrNoRows {
		ctx.JSON(http.StatusNotFound, rest.INVALID_USER)
		return
	} else if err != nil {
		ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR)
		return
	}

	if !tkits.CmpPasswd(mpwd.OldPasswd, u.Salt, u.Password) {
		ctx.JSON(http.StatusNotFound, rest.INVALID_USER)
		return
	}

	valid := validation.Validation{}
	valid.Match(mpwd.NewPasswd, rest.ValidPasswd,
		"NewPasswd").Message(rest.PasswdPrompt)
	if !validMember(ctx, &valid) {
		return
	}

	// 3.0
	pwd, salt := tkits.GenPasswd(mpwd.NewPasswd, 8)
	u.Salt = salt
	u.Password = pwd
	u.Updated = time.Now()

	if row, _ := u.Update("Salt", "Password", "Updated"); row != 1 {
		ctx.JSON(http.StatusInternalServerError, tkits.DB_ERROR)
		return
	}

	ctx.Status(http.StatusOK)
}