// LoginUser tries to login a user using given credentials
func LoginUser(sess *sessions.Session, uR *UserRepository, username string, password string) (bool, error) {
err := ValidateLogin(username, password)
// Check if we have the needed values for login
if err != nil {
return false, err
}
// Get the username object that has this username
user := uR.ByUsername(username)
// Check if the username exists
if user.ID == 0 {
return false, errBadCredentials
}
// If we have a username, check if passwords are matching
passMatch := hash.CompareWithHash([]byte(user.Password), password)
if passMatch == false {
return false, errBadCredentials
}
// Login successful, clear all session variables and add the user details in session
// Need to thing more of this if it's really necessary
session.Empty(sess)
sess.Values["user_id"] = user.ID
sess.Values["username"] = user.Username
return true, nil
}
// ValidatePasswordChange validates a password change given current password, new password and confirmed password
func ValidatePasswordChange(
uR *UserRepository,
user User,
currentPassword string,
newPassword string,
passwordConfirmation string) error {
// Check if passwords are matching
passMatch := hash.CompareWithHash([]byte(user.Password), currentPassword)
if passMatch == false {
return errCurrPasswordDoesntMatch
}
//Current password is true, check if new passwords match"
if strings.Compare(newPassword, passwordConfirmation) != 0 {
return errPasswordDoesntMatch
}
return nil
}