// Register is used for user to register, the password is encrypted before the record is inserted into database. func Register(user models.User) (int64, error) { o := GetOrmer() p, err := o.Raw("insert into user (username, password, realname, email, comment, salt, sysadmin_flag, creation_time, update_time) values (?, ?, ?, ?, ?, ?, ?, ?, ?)").Prepare() if err != nil { return 0, err } defer p.Close() salt, err := GenerateRandomString() if err != nil { return 0, err } now := time.Now() r, err := p.Exec(user.Username, utils.Encrypt(user.Password, salt), user.Realname, user.Email, user.Comment, salt, user.HasAdminRole, now, now) if err != nil { return 0, err } userID, err := r.LastInsertId() if err != nil { return 0, err } return userID, nil }
// ChangeUserPassword ... func ChangeUserPassword(u models.User, oldPassword ...string) (err error) { if len(oldPassword) > 1 { return errors.New("Wrong numbers of params.") } o := GetOrmer() var r sql.Result if len(oldPassword) == 0 { //In some cases, it may no need to check old password, just as Linux change password policies. r, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID).Exec() } else { r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserID, utils.Encrypt(oldPassword[0], u.Salt)).Exec() } if err != nil { return err } c, err := r.RowsAffected() if err != nil { return err } if c == 0 { return errors.New("No record has been modified, change password failed.") } return nil }
// CheckUserPassword checks whether the password is correct. func CheckUserPassword(query models.User) (*models.User, error) { currentUser, err := GetUser(query) if err != nil { return nil, err } if currentUser == nil { return nil, nil } sql := `select user_id, username, salt from user where deleted = 0` queryParam := make([]interface{}, 1) if query.UserID != 0 { sql += ` and password = ? and user_id = ?` queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt)) queryParam = append(queryParam, query.UserID) } else { sql += ` and username = ? and password = ?` queryParam = append(queryParam, currentUser.Username) queryParam = append(queryParam, utils.Encrypt(query.Password, currentUser.Salt)) } o := GetOrmer() var user []models.User n, err := o.Raw(sql, queryParam).QueryRows(&user) if err != nil { return nil, err } if n == 0 { log.Warning("User principal does not match password. Current:", currentUser) return nil, nil } return &user[0], nil }
// ResetUserPassword ... func ResetUserPassword(u models.User) error { o := GetOrmer() r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUUID).Exec() if err != nil { return err } count, err := r.RowsAffected() if err != nil { return err } if count == 0 { return errors.New("No record be changed, reset password failed.") } return nil }
// LoginByDb is used for user to login with database auth mode. func LoginByDb(auth models.AuthModel) (*models.User, error) { o := GetOrmer() var users []models.User n, err := o.Raw(`select * from user where (username = ? or email = ?) and deleted = 0`, auth.Principal, auth.Principal).QueryRows(&users) if err != nil { return nil, err } if n == 0 { return nil, nil } user := users[0] if user.Password != utils.Encrypt(auth.Password, user.Salt) { return nil, nil } user.Password = "" //do not return the password return &user, nil }