Exemple #1
0
func (app *App) handleUserSetPass(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case "GET":
		app.serveFile("404.html").ServeHTTP(w, r)
	case "POST":
		username := r.PostFormValue("username")
		password := r.PostFormValue("password")

		if username == "" || password == "" {
			http.Error(w, "must provide username and password fields", http.StatusBadRequest)
			return
		}
		tx, err := app.db.Begin()
		if err != nil {
			app.dbError(w, r, err)
			return
		}
		if err := db.SetPass(tx, username, phash.Gen(password)); err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		defer tx.Rollback()
		if err := tx.Commit(); err != nil {
			app.dbError(w, r, err)
			return
		}
		w.WriteHeader(http.StatusOK)

	default:
		http.Error(w, "I only respond to POSTs", http.StatusNotImplemented)
	}
}
Exemple #2
0
func (app *App) handleUsersCreate(w http.ResponseWriter, r *http.Request) {
	if r.Method != "POST" {
		http.Error(w, "I only respond to GETs", http.StatusNotImplemented)
		return
	}

	username := r.PostFormValue("username")
	pass := r.PostFormValue("password")
	email := r.PostFormValue("email")
	admin := r.PostFormValue("admin") == "true"

	if username == "" {
		http.Error(w, "No username provided", http.StatusBadRequest)
		return
	}

	if pass == "" {
		http.Error(w, "Empty password provided", http.StatusBadRequest)
		return
	}
	hashedPass := phash.Gen(pass)

	tx, err := app.db.Begin()
	if err != nil {
		app.dbError(w, r, err)
		return
	}
	defer tx.Rollback()

	if _, err := db.NewUser(tx, username, hashedPass, email, admin); err != nil {
		http.Error(w, "Could not save user to database: "+err.Error(),
			http.StatusInternalServerError)
		return
	}
	if err := tx.Commit(); err != nil {
		app.dbError(w, r, err)
		return
	}

	w.WriteHeader(http.StatusOK)
}
Exemple #3
0
func (app *App) handleRegister(w http.ResponseWriter, r *http.Request) {
	// Register is only displayed if there are no users on the system.
	// It is only for the inital login.
	tx, err := app.db.Begin()
	if err != nil {
		app.dbError(w, r, err)
		return
	}
	defer tx.Rollback()

	users, err := db.AllUsers(tx)
	if err != nil {
		app.dbError(w, r, err)
		return
	}
	if len(users) != 0 {
		if r.Method == "GET" {
			http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
		} else {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
		}
		return
	}

	if r.Method == "GET" {
		app.serveFile("register.html").ServeHTTP(w, r)
		return
	} else if r.Method != "POST" {
		http.Error(w, "I only respond to GET and POSTs", http.StatusNotImplemented)
		return
	}

	username := r.PostFormValue("username")
	pass := r.PostFormValue("password")
	email := r.PostFormValue("email")

	if username == "" {
		http.Error(w, "No username provided", http.StatusBadRequest)
		return
	}

	if pass == "" {
		http.Error(w, "Empty password provided", http.StatusBadRequest)
		return
	}
	hashedPass := phash.Gen(pass)

	user, err := db.NewUser(tx, username, hashedPass, email, true)
	if err != nil {
		http.Error(w, "Could not save user to database: "+err.Error(),
			http.StatusInternalServerError)
		return
	}
	if err := tx.Commit(); err != nil {
		app.dbError(w, r, err)
		return
	}

	u := &User{Id: user.Id, Name: user.Name}
	if err := app.setUser(r, w, u); err != nil {
		http.Error(w, "Failed to set session cookie: "+err.Error(),
			http.StatusInternalServerError)
		return
	}
	w.WriteHeader(http.StatusOK)
}