func Login(w http.ResponseWriter, r *http.Request) error { var pass map[string]string err := json.NewDecoder(r.Body).Decode(&pass) if err != nil { return &errors.Http{Code: http.StatusBadRequest, Message: "Invalid JSON"} } password, ok := pass["password"] if !ok { msg := "You must provide a password to login" return &errors.Http{Code: http.StatusBadRequest, Message: msg} } if !validation.ValidateLength(password, passwordMinLen, passwordMaxLen) { return &errors.Http{Code: http.StatusPreconditionFailed, Message: passwordError} } u := auth.User{Email: r.URL.Query().Get(":email")} if !validation.ValidateEmail(u.Email) { return &errors.Http{Code: http.StatusPreconditionFailed, Message: emailError} } err = u.Get() if err != nil { return &errors.Http{Code: http.StatusNotFound, Message: "User not found"} } if u.Login(password) { t, _ := u.CreateToken() fmt.Fprintf(w, `{"token":"%s"}`, t.Token) return nil } msg := "Authentication failed, wrong password" return &errors.Http{Code: http.StatusUnauthorized, Message: msg} }
func removeUserFromTeam(email, teamName string, u *auth.User) error { conn, err := db.Conn() if err != nil { return err } defer conn.Close() team := new(auth.Team) err = conn.Teams().FindId(teamName).One(team) if err != nil { return &errors.Http{Code: http.StatusNotFound, Message: "Team not found"} } if !team.ContainsUser(u) { msg := fmt.Sprintf("You are not authorized to remove a member from the team %s", team.Name) return &errors.Http{Code: http.StatusUnauthorized, Message: msg} } if len(team.Users) == 1 { msg := "You can not remove this user from this team, because it is the last user within the team, and a team can not be orphaned" return &errors.Http{Code: http.StatusForbidden, Message: msg} } user := auth.User{Email: email} err = user.Get() if err != nil { return &errors.Http{Code: http.StatusNotFound, Message: err.Error()} } err = removeUserFromTeamInGandalf(&user, team.Name) if err != nil { return nil } return removeUserFromTeamInDatabase(&user, team) }
func CreateUser(w http.ResponseWriter, r *http.Request) error { var u auth.User err := json.NewDecoder(r.Body).Decode(&u) if err != nil { return &errors.Http{Code: http.StatusBadRequest, Message: err.Error()} } if !validation.ValidateEmail(u.Email) { return &errors.Http{Code: http.StatusPreconditionFailed, Message: emailError} } if !validation.ValidateLength(u.Password, passwordMinLen, passwordMaxLen) { return &errors.Http{Code: http.StatusPreconditionFailed, Message: passwordError} } gUrl := repository.GitServerUri() c := gandalf.Client{Endpoint: gUrl} if _, err := c.NewUser(u.Email, keyToMap(u.Keys)); err != nil { return fmt.Errorf("Failed to create user in the git server: %s", err) } if err := u.Create(); err == nil { w.WriteHeader(http.StatusCreated) return nil } if u.Get() == nil { err = &errors.Http{Code: http.StatusConflict, Message: "This email is already registered"} } return err }
func (s *AuthSuite) TestCreateUserHandlerSavesTheUserInTheDatabase(c *gocheck.C) { h := testHandler{} ts := s.startGandalfTestServer(&h) defer ts.Close() b := bytes.NewBufferString(`{"email":"*****@*****.**","password":"******"}`) request, err := http.NewRequest("POST", "/users", b) c.Assert(err, gocheck.IsNil) request.Header.Set("Content-type", "application/json") recorder := httptest.NewRecorder() err = CreateUser(recorder, request) c.Assert(err, gocheck.IsNil) u := auth.User{Email: "*****@*****.**"} err = u.Get() c.Assert(err, gocheck.IsNil) }