示例#1
0
文件: auth.go 项目: rnorth/drone
// Create the User session.
func Authorize(w http.ResponseWriter, r *http.Request) error {
	// extract form data
	username := r.FormValue("username")
	password := r.FormValue("password")
	returnTo := r.FormValue("return_to")

	// get the user from the database
	user, err := database.GetUserEmail(username)
	if err != nil {
		return RenderTemplate(w, "login_error.html", nil)
	}

	// verify the password
	if err := user.ComparePassword(password); err != nil {
		return RenderTemplate(w, "login_error.html", nil)
	}

	// add the user to the session object
	SetCookie(w, r, "_sess", username)

	// where should we send the user to?
	if len(returnTo) == 0 {
		returnTo = "/dashboard"
	}

	// redirect to the homepage
	http.Redirect(w, r, returnTo, http.StatusSeeOther)
	return nil
}
示例#2
0
文件: app.go 项目: Jyggafey/drone
func ForgotPost(w http.ResponseWriter, r *http.Request) error {
	email := r.FormValue("email")

	// attempt to retrieve the user by email address
	user, err := database.GetUserEmail(email)
	if err != nil {
		log.Printf("could not find user %s to reset password. %s", email, err)
		// if we can't find the email, we still display
		// the template to the user. This prevents someone
		// from trying to guess passwords through trial & error
		return RenderTemplate(w, "forgot_sent.html", nil)
	}

	// hostname from settings
	hostname := database.SettingsMust().URL().String()

	// generate the password reset token
	token := passwordreset.NewToken(user.Email, 12*time.Hour, []byte(user.Password), secret)
	data := struct {
		Host  string
		User  *User
		Token string
	}{hostname, user, token}

	// send the email message async
	go func() {
		if err := mail.SendPassword(email, data); err != nil {
			log.Printf("error sending password reset email to %s. %s", email, err)
		}
	}()

	// render the template indicating a success
	return RenderTemplate(w, "forgot_sent.html", nil)
}
示例#3
0
文件: app.go 项目: Jyggafey/drone
func ResetPost(w http.ResponseWriter, r *http.Request) error {
	// verify the token and extract the username
	token := r.FormValue("token")
	email, err := passwordreset.VerifyToken(token, database.GetPassEmail, secret)
	if err != nil {
		return RenderTemplate(w, "reset.html", &struct{ Error string }{"Your password reset request is expired."})
	}

	// get the user from the database
	user, err := database.GetUserEmail(email)
	if err != nil {
		return RenderTemplate(w, "reset.html", &struct{ Error string }{"Unable to locate user account."})
	}

	// get the new password
	password := r.FormValue("password")
	if err := user.SetPassword(password); err != nil {
		return RenderTemplate(w, "reset.html", &struct{ Error string }{err.Error()})
	}

	// save to the database
	if err := database.SaveUser(user); err != nil {
		return RenderTemplate(w, "reset.html", &struct{ Error string }{"Unable to update password. Please try again"})
	}

	// add the user to the session object
	SetCookie(w, r, "_sess", user.Email)

	http.Redirect(w, r, "/dashboard", http.StatusSeeOther)
	return nil
}
示例#4
0
// TestGetUseEmail tests the ability to retrieve a User
// from the database by Email address.
func TestGetUserEmail(t *testing.T) {
	Setup()
	defer Teardown()

	u, err := database.GetUserEmail("*****@*****.**")
	if err != nil {
		t.Error(err)
	}

	if u.ID != 1 {
		t.Errorf("Exepected ID %d, got %d", 1, u.ID)
	}

	if u.Password != "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS" {
		t.Errorf("Exepected Password %s, got %s", "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS", u.Password)
	}

	if u.Token != "123" {
		t.Errorf("Exepected Token %s, got %s", "123", u.Token)
	}

	if u.Name != "Brad Rydzewski" {
		t.Errorf("Exepected Name %s, got %s", "Brad Rydzewski", u.Name)
	}

	if u.Email != "*****@*****.**" {
		t.Errorf("Exepected Email %s, got %s", "*****@*****.**", u.Email)
	}

	if u.Gravatar != "8c58a0be77ee441bb8f8595b7f1b4e87" {
		t.Errorf("Exepected Gravatar %s, got %s", "8c58a0be77ee441bb8f8595b7f1b4e87", u.Gravatar)
	}
}
示例#5
0
文件: handler.go 项目: jro7/drone
// helper function that reads the currently authenticated
// user from the given http.Request.
func readUser(r *http.Request) (*User, error) {
	username := GetCookie(r, "_sess")
	if len(username) == 0 {
		return nil, fmt.Errorf("No user session")
	}

	// get the user from the database
	user, err := database.GetUserEmail(username)
	if err != nil || user == nil || user.ID == 0 {
		return nil, err
	}

	return user, nil
}
示例#6
0
文件: gogs.go 项目: kvattikuti/drone
func setupRepo(urlParts []string, payload *Payload) (*Repo, error) {
	println("urlParts: ", urlParts)
	repo, err := database.GetRepoSlug(fmt.Sprintf("%s/%s/%s", urlParts[2], urlParts[3], urlParts[4]))
	if err != nil {
		if err != sql.ErrNoRows {
			return nil, fmt.Errorf("error fetching repo: %s", err)
		}
		fmt.Errorf("Repo does not exist in database. %s", err)

		// urlParts[2] will stay as-is (git.interior.vesseler as it used in url)
		// need to modify payload.Repo.Url so that git clone works
		repo_url := payload.Repo.Url
		if os.Getenv("GOGS_URL") != "" {
			repo_url = fmt.Sprintf("http://%s/%s/%s", os.Getenv("GOGS_URL"), urlParts[3], urlParts[4])
		}

		repo, err = NewRepo(urlParts[2], urlParts[3], urlParts[4], ScmGit, repo_url)
		if err != nil {
			println(err.Error())
			return nil, fmt.Errorf("Repo object could not be created %s", err)
		}
		fmt.Printf("repo struct created\n")
		user, err := database.GetUserEmail(payload.Repo.Owner.Email)
		if err != nil {
			return repo, fmt.Errorf("Repo could not find user with email %s, err= %s", payload.Repo.Owner.Email, err)
		}
		repo.UserID = user.ID
		repo.Private = payload.Repo.Private

		err = database.SaveRepo(repo)
		if err != nil {
			return repo, fmt.Errorf("Repo could not be saved to database. %s", err)
		} else {
			fmt.Printf("repo saved in database\n")
			return repo, nil
		}
	}
	fmt.Printf("repo exists in database\n")
	return repo, nil
}