func UserForm(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
err := req.ParseForm()
if err != nil {
context.Set(req, "error", err)
return
}
username := args.Vars["username"]
var u *quimby.User
if username == "new-user" {
u = quimby.NewUser(req.PostFormValue("username"), quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
u.Password = req.PostFormValue("password")
pw := req.PostFormValue("password_confirm")
if pw != u.Password {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
} else {
u = quimby.NewUser(username, quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
if err := u.Fetch(); err != nil {
context.Set(req, "error", ErrPasswordsDoNotMatch)
return
}
}
u.Permission = req.PostFormValue("permission")
qrData, err := u.Save()
if err != nil {
context.Set(req, "error", err)
return
}
if username == "new-user" {
qr := qrPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
Links: []link{
{"quimby", "/"},
{"admin", "/admin.html"},
},
},
QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
}
templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
} else {
w.Header().Set("Location", "/admin.html")
w.WriteHeader(http.StatusFound)
}
}
func UserTFAPage(w http.ResponseWriter, req *http.Request) {
args := handlers.GetArgs(req)
u := quimby.NewUser(args.Vars["username"], quimby.UserDB(args.DB), quimby.UserTFA(handlers.TFA))
if err := u.Fetch(); err != nil {
context.Set(req, "error", err)
return
}
qrData, err := u.UpdateTFA()
if err != nil {
context.Set(req, "error", err)
return
}
if _, err := u.Save(); err != nil {
context.Set(req, "error", err)
return
}
qr := qrPage{
userPage: userPage{
User: args.User.Username,
Admin: handlers.Admin(args),
Links: []link{
{"quimby", "/"},
{"admin", "/admin.html"},
},
},
QR: template.HTMLAttr(base64.StdEncoding.EncodeToString(qrData)),
}
templates["qr-code.html"].template.ExecuteTemplate(w, "base", qr)
}
func LoginForm(w http.ResponseWriter, req *http.Request) {
user := quimby.NewUser("", quimby.UserDB(handlers.DB), quimby.UserTFA(handlers.TFA))
user.Username = req.PostFormValue("username")
user.Password = req.PostFormValue("password")
user.TFA = req.PostFormValue("tfa")
if err := handlers.DoLogin(user, w, req); err != nil {
w.Header().Set("Location", "/login.html?error=invalidlogin")
} else {
w.Header().Set("Location", "/index.html")
}
w.WriteHeader(http.StatusFound)
}
func Login(w http.ResponseWriter, r *http.Request) {
user := quimby.NewUser("", quimby.UserDB(DB), quimby.UserTFA(TFA))
dec := json.NewDecoder(r.Body)
err := dec.Decode(user)
if err != nil {
http.Error(w, "bad request", http.StatusBadRequest)
return
}
if err := DoLogin(user, w, r); err != nil {
http.Error(w, "bad request", http.StatusBadRequest)
}
}
func AddUser(w http.ResponseWriter, req *http.Request) {
args := GetArgs(req)
u := quimby.NewUser("", quimby.UserDB(args.DB), quimby.UserTFA(TFA))
dec := json.NewDecoder(req.Body)
if err := dec.Decode(&u); err != nil {
context.Set(req, "error", err)
return
}
qr, err := u.Save()
if err != nil {
context.Set(req, "error", err)
return
}
str := base64.StdEncoding.EncodeToString(qr)
w.Header().Set("Content-Type", "image/png")
w.Write([]byte(str))
}
