func TestKey(t *testing.T) { userSession := common.CreateUserSession( &sessions.Session{Values: make(map[interface{}]interface{})}) if out := userSession.Key(); out != nil { t.Error("Expected nil") } userSession.SetKey(&vsafe.Key{Id: 17}) if out := userSession.Key().Id; out != 17 { t.Errorf("Expected 17, got %d", out) } userSession.SetKey(nil) if out := userSession.Key(); out != nil { t.Error("Expected nil again") } }
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { if r.Method == "GET" { http_util.WriteTemplate(w, kTemplate, nil) } else { r.ParseForm() userName := r.Form.Get("name") password := r.Form.Get("password") var user vsafe.User err := h.Store.UserByName(nil, userName, &user) if err == vsafedb.ErrNoSuchId { http_util.WriteTemplate(w, kTemplate, "Login incorrect.") return } if err != nil { http_util.ReportError(w, "Database error", err) return } key, err := user.VerifyPassword(password) if err == vsafe.ErrWrongPassword { http_util.WriteTemplate(w, kTemplate, "Login incorrect.") return } if err != nil { http_util.ReportError(w, "Error verifying password", err) return } gs, err := common.NewGorillaSession(h.SessionStore, r) if err != nil { http_util.ReportError(w, "Error creating session", err) return } session := common.CreateUserSession(gs) session.SetUserId(user.Id) session.SetKey(key) session.ID = "" // For added security, force a new session ID session.Save(r, w) http_util.Redirect(w, r, r.Form.Get("prev")) } }