func TestKey(t *testing.T) {
userSession := common.CreateUserSession(
&sessions.Session{Values: make(map[interface{}]interface{})})
if out := userSession.Key(); out != nil {
t.Error("Expected nil")
}
userSession.SetKey(&vsafe.Key{Id: 17})
if out := userSession.Key().Id; out != 17 {
t.Errorf("Expected 17, got %d", out)
}
userSession.SetKey(nil)
if out := userSession.Key(); out != nil {
t.Error("Expected nil again")
}
}
func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == "GET" {
http_util.WriteTemplate(w, kTemplate, nil)
} else {
r.ParseForm()
userName := r.Form.Get("name")
password := r.Form.Get("password")
var user vsafe.User
err := h.Store.UserByName(nil, userName, &user)
if err == vsafedb.ErrNoSuchId {
http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
return
}
if err != nil {
http_util.ReportError(w, "Database error", err)
return
}
key, err := user.VerifyPassword(password)
if err == vsafe.ErrWrongPassword {
http_util.WriteTemplate(w, kTemplate, "Login incorrect.")
return
}
if err != nil {
http_util.ReportError(w, "Error verifying password", err)
return
}
gs, err := common.NewGorillaSession(h.SessionStore, r)
if err != nil {
http_util.ReportError(w, "Error creating session", err)
return
}
session := common.CreateUserSession(gs)
session.SetUserId(user.Id)
session.SetKey(key)
session.ID = "" // For added security, force a new session ID
session.Save(r, w)
http_util.Redirect(w, r, r.Form.Get("prev"))
}
}