// POST /users/password/reset
func HandlePasswordResetSend(context router.Context) error {
// Find the user by email (if not found let them know)
// Find the user by hex token in the db
email := context.Param("email")
user, err := users.First(users.Where("email=?", email))
if err != nil {
return router.Redirect(context, "/users/password/reset?message=invalid_email")
}
// Generate a random token and url for the email
token := auth.BytesToHex(auth.RandomToken())
// Generate the url to use in our email
base := fmt.Sprintf("%s://%s", context.Request().URL.Scheme, context.Request().URL.Host)
url := fmt.Sprintf("%s/users/password?token=%s", base, token)
context.Logf("#info sending reset email:%s url:%s", email, url)
// Update the user record with with this token
p := map[string]string{"reset_token": token}
user.Update(p)
// Send a password reset email out
//mail.Send("mymail")
// Tell the user what we have done
return router.Redirect(context, "/users/password/sent")
}
// POST /users/password?token=DEADFISH - handle password reset link
func HandlePasswordReset(context router.Context) error {
token := context.Param("token")
if len(token) == 0 {
return router.InternalError(fmt.Errorf("Blank reset token"))
}
// Find the user by hex token in the db
user, err := users.First(users.Where("token=?", token))
if err != nil {
return router.InternalError(err)
}
// If we found a user with this token, log the sender in as them
// and remove the token from the user so that it can't be used twice
// we should possibly add a time limit to tokens too?
// Redirect to the user update page so that they can change their password
return router.Redirect(context, fmt.Sprintf("/users/%d/update", user.Id))
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Need something neater than this - how best to do it?
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Now save the user details in a secure cookie, so that we remember the next request
session, err := auth.Session(context, context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
}
context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}