1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
package main
import (
"code.google.com/p/go.crypto/bcrypt"
"github.com/gorilla/sessions"
"github.com/kch42/mailremind/model"
"log"
"net/http"
)
type pwresetTpldata struct {
Error, Success, Code, UID string
}
func pwreset(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
if err := req.ParseForm(); err != nil {
return &pwresetTpldata{Error: "Form data corrupted."}, user
}
code := req.FormValue("Code")
_uid := req.FormValue("U")
pw1 := req.FormValue("Password")
pw2 := req.FormValue("PasswordAgain")
if code == "" {
return &pwresetTpldata{Error: "Wrong password reset code"}, user
}
uid, err := db.ParseDBID(_uid)
if err != nil {
return &pwresetTpldata{Error: "Invalid user ID"}, user
}
if user, err = dbcon.UserByID(uid); err != nil {
return &pwresetTpldata{Error: "User not found"}, user
}
if user.ActivationCode() != code {
return &pwresetTpldata{Error: "Wrong activation code"}, user
}
outdata := &pwresetTpldata{UID: _uid, Code: code}
if req.Method != "POST" {
return outdata, user
}
if pw1 == "" {
outdata.Error = "Password must not be empty."
return outdata, user
}
if pw1 != pw2 {
outdata.Error = "Passwords are not identical."
return outdata, user
}
hash, err := bcrypt.GenerateFromPassword([]byte(pw1), bcrypt.DefaultCost)
if err != nil {
log.Printf("Could not has password: %s", err)
outdata.Error = "Could not save password."
return outdata, user
}
if err := user.SetPWHash(hash); err != nil {
log.Printf("Error while hashing password: %s", err)
outdata.Error = "Could not save password."
return outdata, user
}
if err := user.SetActivationCode(""); err != nil {
log.Printf("Error resetting acCode: %s", err)
}
outdata.Success = "Password was changed"
return outdata, user
}
type forgotpwTpldata struct {
Error, Success string
}
func forgotpw(user model.User, sess *sessions.Session, req *http.Request) (interface{}, model.User) {
if req.Method != "POST" {
return &forgotpwTpldata{}, user
}
if err := req.ParseForm(); err != nil {
return &forgotpwTpldata{Error: "Form data corrupted."}, user
}
email := req.FormValue("Mail")
if email == "" {
return &forgotpwTpldata{Error: "E-Mail must not be empty."}, user
}
user, err := dbcon.UserByMail(email)
if err != nil {
return &forgotpwTpldata{Error: "E-Mail not found."}, user
}
key := genAcCode()
if err := user.SetActivationCode(key); err != nil {
log.Printf("Could not store pwreset key: %s", err)
return &forgotpwTpldata{Error: "Could not generate a keyword reset code."}, user
}
if !SendPwresetLink(user.Email(), key, user.ID()) {
return &forgotpwTpldata{Error: "Could not send reset E-Mail."}, user
}
return &forgotpwTpldata{Success: "We sent you an E-Mail with further instructions."}, user
}
|