Пример #1
0
// CheckLoginCredentials returns true if  customer with email exists and password matches with the hash stores in customers Crypto.
// Email is not case-sensitive to avoid user frustration
func CheckLoginCredentials(email, password string) (bool, error) {
	if password == "" {
		log.Println("INFO: No access granted, because password is empty. (Empty password is used for guest users)")
		return false, nil
	}
	credentials, err := GetCredentials(lc(email))
	if err != nil {
		return false, err
	}
	return crypto.VerifyPassword(credentials.Crypto, password), nil
}
Пример #2
0
// ChangePassword changes the password of the user.
// If force, passworldOld is irrelevant and the password is changed in any case.
func ChangePassword(email, password, passwordNew string, force bool) error {
	credentials, err := GetCredentials(lc(email))
	if err != nil {
		return err
	}

	auth := force || crypto.VerifyPassword(credentials.Crypto, password)
	if auth {
		newCrypto, err := crypto.HashPassword(passwordNew)
		if err != nil {
			return err
		}
		credentials.Crypto = newCrypto
		credentials.Version.Increment()
		_, err = GetCredentialsPersistor().GetCollection().UpsertId(credentials.BsonId, credentials)
		return err
	}

	return errors.New("Authorization Error: Could not change password.")
}