func (c Account) RetrieveAccount(email string) r.Result { models.ValidateUserEmail(c.Validation, email).Key("email") if c.Validation.HasErrors() { c.Validation.Keep() c.FlashParams() c.Flash.Error("Account recovery failed.") return c.Redirect(routes.Account.Recover()) } profile := c.getProfileByEmailAddress(email) if profile == nil { // Return a false positive response to requestors at this point c.Flash.Success("A password reset request has been sent to " + email + ".") return c.Redirect(routes.Application.Index()) } err := c.sendAccountRecoverEmail(profile.User) if err != nil { panic(err) } c.Flash.Success("A password reset request has been sent to " + email + ".") return c.Redirect(routes.Account.Login()) }
func (c Account) LoginAccount(account, password string, remember bool) r.Result { var profile *models.Profile // If account is a valid email address, retrieve account by email // otherwise, retrieve account by username models.ValidateUserEmail(c.Validation, account).Key("account") if c.Validation.HasErrors() { c.Validation.Clear() profile = c.getProfileByUserName(account) } else { profile = c.getProfileByEmailAddress(account) } if profile != nil { err := bcrypt.CompareHashAndPassword(profile.User.HashedPassword, []byte(password)) if err == nil { c.DoLogin(profile.User, remember) c.Flash.Success("Welcome back, " + profile.Name) return c.Redirect(routes.Profile.Show(profile.UserName)) } } c.Flash.Error("Sign In failed.") return c.Redirect(routes.Account.Login()) }
func (c Profile) UpdateSettings(username string, profile *models.Profile, verifyPassword string) r.Result { existingProfile := c.connected() if existingProfile == nil || existingProfile.UserName != username { c.Flash.Error("You must log in to access your account") return c.Redirect(routes.Account.Logout()) } email := profile.User.Email // Step 1: Validate data if email != existingProfile.User.Email { // Validate email models.ValidateUserEmail(c.Validation, profile.User.Email).Key("profile.User.Email") } if profile.User.Password != "" || verifyPassword != "" { models.ValidateUserPassword(c.Validation, profile.User.Password).Key("profile.User.Password") // Additional password verification c.Validation.Required(profile.User.Password != profile.User.Email).Message("Password cannot be the same as your email address").Key("profile.User.Password") c.Validation.Required(verifyPassword).Message("Password verification required").Key("verifyPassword") c.Validation.Required(verifyPassword == profile.User.Password).Message("Provided passwords do not match").Key("verifyPassword") } // Validate profile components models.ValidateProfileUserName(c.Validation, profile.UserName).Key("profile.UserName") models.ValidateProfileName(c.Validation, profile.Name).Key("profile.Name") models.ValidateProfileSummary(c.Validation, profile.Summary).Key("profile.Summary") models.ValidateProfileDescription(c.Validation, profile.Description).Key("profile.Description") if c.Validation.HasErrors() { c.Validation.Keep() c.FlashParams() c.Flash.Error("Profile could not be updated") return c.Redirect(routes.Profile.Settings(username)) } // Step 2: Commit data if email != existingProfile.User.Email { userExists := c.getProfileByEmailAddress(email) if userExists != nil { c.Flash.Error("Email address is already registered to another account") return c.Redirect(routes.Profile.Settings(username)) } // Re-send email confirmation existingProfile.User.Email = email existingProfile.User.Confirmed = false // FIXME /*// Send out confirmation email eErr := c.sendAccountConfirmEmail(existingProfile.User) if eErr != nil { c.Flash.Error("Could not send confirmation email") } else {*/ // Update email address in database _, err := c.Txn.Exec("update User set Email = ?, Confirmed = ? where UserId = ?", email, 0, existingProfile.User.UserId) if err != nil { panic(err) } // Update session value c.Session["userEmail"] = email //} } profile.UserName = strings.ToLower(profile.UserName) // Update username? if profile.UserName != existingProfile.UserName { userExists := c.getProfileByUserName(profile.UserName) if userExists != nil { c.Flash.Error("User name is already registered to another account") return c.Redirect(routes.Profile.Settings(username)) } // Change username existingProfile.UserName = profile.UserName } // Update password? if profile.User.Password != "" || verifyPassword != "" { c.CommitPassword(existingProfile.User, profile.User.Password) } // Update other profile components existingProfile.Name = profile.Name existingProfile.Summary = profile.Summary existingProfile.Description = profile.Description _, err := c.Txn.Update(existingProfile) if err != nil { c.Flash.Error("Profile could not be updated") return c.Redirect(routes.Profile.Settings(username)) } c.Flash.Success("Profile has been updated") return c.Redirect(routes.Profile.Show(existingProfile.UserName)) }
func (c Account) SaveUser(user models.User, username, name string) r.Result { // Lower case username username = strings.ToLower(username) lcPass := strings.ToLower(user.Password) // Validate User components models.ValidateUserEmail(c.Validation, user.Email).Key("user.Email") models.ValidateUserPassword(c.Validation, user.Password).Key("user.Password") // Additional user components verification c.Validation.Required(user.Password != user.Email).Message("Password cannot be the same as your email address").Key("user.Password") c.Validation.Required(lcPass != username).Message("Password cannot be the same as your user name").Key("user.Password") // Validate Profile components models.ValidateProfileUserName(c.Validation, username).Key("username") models.ValidateProfileName(c.Validation, name).Key("name") if c.Validation.HasErrors() { c.Validation.Keep() c.FlashParams() c.Flash.Error("Registration failed.") return c.Redirect(routes.Account.Register()) } userExists := c.getProfileByEmailAddress(user.Email) if userExists != nil { c.Validation.Keep() c.FlashParams() c.Flash.Error("Email '" + user.Email + "' is already registered.") return c.Redirect(routes.Account.Register()) } userExists = c.getProfileByUserName(username) if userExists != nil { c.Validation.Keep() c.FlashParams() c.Flash.Error("User name '" + username + "' is already taken.") return c.Redirect(routes.Account.Register()) } user.HashedPassword, _ = bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost) user.Created = time.Now() user.Confirmed = false err := c.Txn.Insert(&user) if err != nil { panic(err) } // Create profile (and assign correct UserId) profile := &models.Profile{0, user.UserId, username, name, "", "", "", 0, 0, &user} // Get Gravatar Icon emailHash := gr.EmailHash(user.Email) gravatarUrl := gr.GetAvatarURL("https", emailHash, gr.DefaultIdentIcon, 128) if gravatarUrl != nil { profile.PhotoUrl = gravatarUrl.String() } err = c.Txn.Insert(profile) if err != nil { panic(err) } // Send out confirmation email err = c.sendAccountConfirmEmail(&user) if err != nil { c.Flash.Error("Could not send confirmation email") fmt.Println(err.Error()) } c.Session["userEmail"] = string(user.Email) c.Flash.Success("Welcome, " + profile.Name) return c.Redirect(routes.Profile.Show(profile.UserName)) }