func (l loginForm) authenticate(request *http.Request) (string, error) { err := request.ParseForm() if err != nil { return "", err } decoder := schema.NewDecoder() form := new(loginForm) err = decoder.Decode(form, request.PostForm) if err != nil { return "", err } user, err := database.GetUser(form.Email) if err != nil { return "", err } auth := database.ComparePassword(form.Password, user.Password) if auth == false { return "", errors.New("Username and password do not match.") } return user.NewSession(), nil }
// update updates an existing user account. The admin flag passed is taken from // the user that was fetched from the DB, it cannot be edited through the form. func (u userSettingsForm) update(request *http.Request) error { err := request.ParseForm() if err != nil { return err } decoder := schema.NewDecoder() form := new(userSettingsForm) err = decoder.Decode(form, request.PostForm) if err != nil { return err } user := context.Get(request, contextUser).(*database.User) auth := database.ComparePassword(form.Password, user.Password) if auth == false { return errors.New("Username and password do not match.") } _, err = user.Update( form.Email, form.FirstName, form.LastName, form.NewPassword, user.Admin, ) return err }