// @router /login [post] func (c *LoginController) Login() { var usr models.User err := c.ParseForm(&usr) beego.Debug("login user:"******"curUser"] = &usr if err != nil { c.Abort("403") } uid := usr.Check() if uid <= 0 { c.Redirect("/", 302) } c.LoginSetSession(uid) c.Redirect("/user", 302) }
// @router /register [post] func (c *RegistController) Register() { var usr models.User c.ParseForm(&usr) beego.Notice(usr) valid := validation.Validation{} usr.Valid(&valid) if valid.HasErrors() { c.Redirect("/", 302) } n := models.RegisterUser(&usr) if n <= 0 { c.Redirect("/", 302) } c.LoginSetSession(n) c.Redirect("/", 302) }
// @router /callback [get] func (c *RegistController) Callback() { req := c.Ctx.Request fmt.Printf("%s\n", req.RemoteAddr) b, token, err := OA.NextStepWithToken(req) if nil != err { usr := models.User{Name: "Anonymous", Passwd: "Anonymous"} //存在安全漏洞 n := models.RegisterUser(&usr) if n <= 0 { usr := models.UserByName(usr.Name) n = usr.Id } c.LoginSetSession(n) c.Redirect("/", 302) return } jv := jsnm.BytesFmt(b) name := jv.Get("login").RawData().String() usr := models.User{} usr.Name = name usr.Passwd = token n := models.RegisterUser(&usr) if n <= 0 { usr := models.UserByName(usr.Name) n = usr.Id go func() { usr.Passwd = token _, err := models.ORM.Update(usr) goutils.CheckErr(err) }() c.LoginSetSession(n) c.Redirect("/user", 302) return } c.LoginSetSession(n) c.Redirect("/", 302) }