func loginUser(context router.Context, user *users.User) error {
// Now save the user details in a secure cookie, so that we remember the next request
session, err := auth.Session(context, context.Request())
if err != nil {
return err
}
context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
return nil
}
// HandleCreate handles the POST of the create form for users
func HandleCreate(context router.Context) error {
// Authorise
err := authorise.Resource(context, nil)
if err != nil {
return router.NotAuthorizedError(err)
}
// Setup context
params, err := context.Params()
if err != nil {
return router.InternalError(err)
}
// Default to customer role etc - admins will have to promote afterwards
params.Set("role", fmt.Sprintf("%d", users.RoleCustomer))
params.Set("status", fmt.Sprintf("%d", status.Published))
id, err := users.Create(params.Map())
if err != nil {
return err
}
// Log creation
context.Logf("#info Created user id,%d", id)
// Redirect to the new user
user, err := users.Find(id)
if err != nil {
return router.InternalError(err)
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info CREATE for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
// Check we're not already logged in, if so redirect
// Get the user details from the database
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Need something neater than this - how best to do it?
q := users.Where("email=?", params.Get("email"))
user, err := users.First(q)
if err != nil {
context.Logf("#error Login failed for user no such user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_email")
}
err = auth.CheckPassword(params.Get("password"), user.EncryptedPassword)
if err != nil {
context.Logf("#error Login failed for user : %s %s", params.Get("email"), err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Now save the user details in a secure cookie, so that we remember the next request
session, err := auth.Session(context, context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
}
context.Logf("#info Login success for user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Redirect to whatever page the user tried to visit before (if any)
// For now send them to root
return router.Redirect(context, "/")
}
// CurrentUser returns the saved user (or an empty anon user) for the current session cookie
// Strictly speaking this should be authenticate.User
func CurrentUser(context router.Context) *users.User {
// First check if the user has already been set on context, if so return it
if context.Get("current_user") != nil {
return context.Get("current_user").(*users.User)
}
// Start with an anon user by default (role 0, id 0)
user := &users.User{}
// Build the session from the secure cookie, or create a new one
session, err := auth.Session(context.Writer(), context.Request())
if err != nil {
context.Logf("#error problem retrieving session")
return user
}
// Fetch the current user record if we have one recorded in the session
var id int64
ids := session.Get(auth.SessionUserKey)
if len(ids) > 0 {
id, err = strconv.ParseInt(ids, 10, 64)
if err != nil {
context.Logf("#error Error decoding session user key:%s\n", err)
return user
}
}
if id != 0 {
u, err := users.Find(id)
if err != nil {
context.Logf("#info User not found from session id:%d\n", id)
return user
}
user = u
}
return user
}
// HandleLogin handles a post to /users/login
func HandleLogin(context router.Context) error {
params, err := context.Params()
if err != nil {
return router.NotFoundError(err)
}
// Check users against their username - we could also check against the email later?
name := params.Get("name")
q := users.Where("name=?", name)
user, err := users.FindFirst(q)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_name")
}
err = auth.CheckPassword(params.Get("password"), user.Password)
if err != nil {
context.Logf("#error Login failed for user : %s %s", name, err)
return router.Redirect(context, "/users/login?error=failed_password")
}
// Save the details in a secure cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info LOGIN for user: %d", user.Id)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Send them to their user profile page
return router.Redirect(context, user.URLShow())
}
// HandleSetup responds to a POST at /fragmenta/setup
// by creating our first user and page
func HandleSetup(context router.Context) error {
// If we have pages or users already, do not proceed
if !missingUsersAndPages() {
return router.NotAuthorizedError(nil)
}
// Take the details given and create the first user
params := map[string]string{
"email": context.Param("email"),
"password": context.Param("password"),
"name": nameFromEmail(context.Param("email")),
"status": "100",
"role": "100",
"title": "Administrator",
}
uid, err := users.Create(params)
if err != nil {
return router.InternalError(err)
}
context.Logf("#info Created user #%d", uid)
user, err := users.Find(uid)
if err != nil {
return router.InternalError(err)
}
// Login this user automatically - save cookie
session, err := auth.Session(context, context.Request())
if err != nil {
return router.InternalError(err)
}
context.Logf("#info Automatic login for first user: %d %s", user.Id, user.Email)
session.Set(auth.SessionUserKey, fmt.Sprintf("%d", user.Id))
session.Save(context)
// Load our welcomepage template html
// and put it into the text field of a new page with id 1
welcomeText, err := ioutil.ReadFile("src/pages/views/welcome.html.got")
if err != nil {
return router.InternalError(err)
}
params = map[string]string{
"status": "100",
"name": "Fragmenta",
"url": "/",
"text": string(welcomeText),
}
_, err = pages.Create(params)
if err != nil {
return router.InternalError(err)
}
// Create another couple of simple pages as examples (about and privacy)
params = map[string]string{
"status": "100",
"name": "About Us",
"url": "/about",
"text": "<section class=\"narrow\"><h1>About us</h1><p>About us</p></section>",
}
_, err = pages.Create(params)
if err != nil {
return router.InternalError(err)
}
params = map[string]string{
"status": "100",
"name": "Privacy Policy",
"url": "/privacy",
"text": "<section class=\"narrow\"><h1>Privacy Policy</h1><p>We respect your privacy.</p></section>",
}
_, err = pages.Create(params)
if err != nil {
return router.InternalError(err)
}
// Redirect back to the newly populated home page
return router.Redirect(context, "/")
}