Esempio n. 1
0
func postLogin(w *web, routes martini.Routes) {
	var form formLogin
	w.decode(&form)

	user := findUserByEmail(form.Email)
	if !user.valid() {
		panic(ae("User **%s** does not exist.", form.Email))
	}

	// If the user doesn't have a password in the database, then they need
	// to set a password.
	newPassUrl := routes.URLFor("newpassword", user.Id)
	_, err := uauth.Get(user.Id)
	if err != nil {
		panic(ae("Account has no password. Please [set a new password]"+
			"(%s).", newPassUrl))
	}

	ok, err := uauth.Authenticate(user.Id, form.Password)
	if err != nil || !ok {
		panic(ae("Invalid password."))
	}

	w.s.Values[sessionUserId] = user.Id
	assert(w.s.Save(w.r, w.w))
	http.Redirect(w.w, w.r, form.BackTo, 302)
}
Esempio n. 2
0
// MethodNotAllowed writes a 405 Method Not Allowed response when applicable.
// It also sets the Accept header to the list of methods that are acceptable.
func MethodNotAllowed(routes martini.Routes, w http.ResponseWriter, r *http.Request) {
	if methods := routes.MethodsFor(r.URL.Path); len(methods) != 0 {
		w.Header().Set("Allow", strings.Join(methods, ","))
		w.WriteHeader(http.StatusMethodNotAllowed)
	}
}