// CheckLoginCredentials returns true if customer with email exists and password matches with the hash stores in customers Crypto. // Email is not case-sensitive to avoid user frustration func CheckLoginCredentials(email, password string) (bool, error) { if password == "" { log.Println("INFO: No access granted, because password is empty. (Empty password is used for guest users)") return false, nil } credentials, err := GetCredentials(lc(email)) if err != nil { return false, err } return crypto.VerifyPassword(credentials.Crypto, password), nil }
// ChangePassword changes the password of the user. // If force, passworldOld is irrelevant and the password is changed in any case. func ChangePassword(email, password, passwordNew string, force bool) error { credentials, err := GetCredentials(lc(email)) if err != nil { return err } auth := force || crypto.VerifyPassword(credentials.Crypto, password) if auth { newCrypto, err := crypto.HashPassword(passwordNew) if err != nil { return err } credentials.Crypto = newCrypto credentials.Version.Increment() _, err = GetCredentialsPersistor().GetCollection().UpsertId(credentials.BsonId, credentials) return err } return errors.New("Authorization Error: Could not change password.") }