// CheckLoginCredentials returns true if customer with email exists and password matches with the hash stores in customers Crypto.
// Email is not case-sensitive to avoid user frustration
func CheckLoginCredentials(email, password string) (bool, error) {
if password == "" {
log.Println("INFO: No access granted, because password is empty. (Empty password is used for guest users)")
return false, nil
}
credentials, err := GetCredentials(lc(email))
if err != nil {
return false, err
}
return crypto.VerifyPassword(credentials.Crypto, password), nil
}
// ChangePassword changes the password of the user.
// If force, passworldOld is irrelevant and the password is changed in any case.
func ChangePassword(email, password, passwordNew string, force bool) error {
credentials, err := GetCredentials(lc(email))
if err != nil {
return err
}
auth := force || crypto.VerifyPassword(credentials.Crypto, password)
if auth {
newCrypto, err := crypto.HashPassword(passwordNew)
if err != nil {
return err
}
credentials.Crypto = newCrypto
credentials.Version.Increment()
_, err = GetCredentialsPersistor().GetCollection().UpsertId(credentials.BsonId, credentials)
return err
}
return errors.New("Authorization Error: Could not change password.")
}