|
@@ -1,5 +1,7 @@
|
|
|
package usermanager
|
|
package usermanager
|
|
|
|
|
|
|
|
|
|
+/** provides user management utilities and iris handlers **/
|
|
|
|
|
+
|
|
|
import (
|
|
import (
|
|
|
"errors"
|
|
"errors"
|
|
|
"time"
|
|
"time"
|
|
@@ -71,6 +73,18 @@ func (user *User) Login(username string, password string) (string, error) {
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+func LoginHandler(ctx *iris.Context) {
|
|
|
|
|
+ username := ctx.FormValueString("username") // POST values from login form
|
|
|
|
|
+ password := ctx.FormValueString("password")
|
|
|
|
|
+
|
|
|
|
|
+ user := User{} // new user
|
|
|
|
|
+ tokenString, err := user.Login(username, password) // try to login
|
|
|
|
|
+ ctx.SetCookieKV("token", tokenString)
|
|
|
|
|
+ ctx.Set("token", tokenString) // set tokenstring as ctx-param as cookie can't be read in next context(s)
|
|
|
|
|
+
|
|
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
func (user *User) Logout(userID string) {
|
|
func (user *User) Logout(userID string) {
|
|
|
userArrayID := SearchUser(userID) // get logged in users list index
|
|
userArrayID := SearchUser(userID) // get logged in users list index
|
|
|
|
|
|
|
@@ -109,11 +123,19 @@ func (user *User) Update() error {
|
|
|
|
|
|
|
|
err := databaseutils.DBUtil.UpdateRow("users", "id", string(user.ID), colsVals)
|
|
err := databaseutils.DBUtil.UpdateRow("users", "id", string(user.ID), colsVals)
|
|
|
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- fmt.Println("ERROOR UPDATING: " + err.Error()) // TODO error habndling
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ return err
|
|
|
|
|
+}
|
|
|
|
|
|
|
|
- return nil
|
|
|
|
|
|
|
+func AccountUpdateHandler(ctx *iris.Context) {
|
|
|
|
|
+ username := ctx.FormValueString("username") // POST values
|
|
|
|
|
+ password := ctx.FormValueString("password")
|
|
|
|
|
+ userID := ctx.GetString("userID")
|
|
|
|
|
+
|
|
|
|
|
+ err := UserUpdateProcessor(username, password, userID)
|
|
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
|
|
+
|
|
|
|
|
+ err = errors.New(errorhelpers.SUCCESS_UPDATE)
|
|
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func SearchUser(userID string) int {
|
|
func SearchUser(userID string) int {
|
|
@@ -165,18 +187,26 @@ func VerifyUserLoggedIn(tokenString string) (bool, string, error) { // TODO rene
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func AuthHandler(ctx *iris.Context) {
|
|
func AuthHandler(ctx *iris.Context) {
|
|
|
|
|
+ inLogin := false
|
|
|
tokenString := ctx.GetCookie("token")
|
|
tokenString := ctx.GetCookie("token")
|
|
|
if tokenString == "" { // when coming from login form cookie doesn't work yet
|
|
if tokenString == "" { // when coming from login form cookie doesn't work yet
|
|
|
tokenString = ctx.GetString("token")
|
|
tokenString = ctx.GetString("token")
|
|
|
|
|
+ if tokenString != "" {
|
|
|
|
|
+ inLogin = true
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
isAuthed, userID, err := VerifyUserLoggedIn(tokenString)
|
|
isAuthed, userID, err := VerifyUserLoggedIn(tokenString)
|
|
|
|
|
|
|
|
if isAuthed {
|
|
if isAuthed {
|
|
|
|
|
+ params := ctx.Get("params").(map[string]string)
|
|
|
|
|
+
|
|
|
|
|
+ if inLogin {
|
|
|
|
|
+ err = errors.New(errorhelpers.SUCCESS_LOGIN)
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
ctx.Set("userID", userID) // save userID for in-context use
|
|
ctx.Set("userID", userID) // save userID for in-context use
|
|
|
userArrayID := SearchUser(userID)
|
|
userArrayID := SearchUser(userID)
|
|
|
-
|
|
|
|
|
- params := ctx.Get("params").(map[string]string)
|
|
|
|
|
params["username"] = (*Users)[userArrayID].Username
|
|
params["username"] = (*Users)[userArrayID].Username
|
|
|
params["admin"] = (*Users)[userArrayID].Admin // TODO rename to isAdmin ?
|
|
params["admin"] = (*Users)[userArrayID].Admin // TODO rename to isAdmin ?
|
|
|
ctx.Set("params", params)
|
|
ctx.Set("params", params)
|
|
@@ -187,10 +217,20 @@ func AuthHandler(ctx *iris.Context) {
|
|
|
|
|
|
|
|
func CanBeAuthedHandler(ctx *iris.Context) {
|
|
func CanBeAuthedHandler(ctx *iris.Context) {
|
|
|
tokenString := ctx.GetCookie("token")
|
|
tokenString := ctx.GetCookie("token")
|
|
|
|
|
+ if tokenString == "" { // when coming from login form cookie doesn't work yet
|
|
|
|
|
+ tokenString = ctx.GetString("token")
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
isAuthed, userID, err := VerifyUserLoggedIn(tokenString)
|
|
isAuthed, userID, err := VerifyUserLoggedIn(tokenString)
|
|
|
|
|
|
|
|
if isAuthed {
|
|
if isAuthed {
|
|
|
ctx.Set("userID", userID) // save userID for in-context use
|
|
ctx.Set("userID", userID) // save userID for in-context use
|
|
|
|
|
+ userArrayID := SearchUser(userID)
|
|
|
|
|
+
|
|
|
|
|
+ params := ctx.Get("params").(map[string]string)
|
|
|
|
|
+ params["username"] = (*Users)[userArrayID].Username
|
|
|
|
|
+ params["admin"] = (*Users)[userArrayID].Admin // TODO rename to isAdmin ?
|
|
|
|
|
+ ctx.Set("params", params)
|
|
|
} else if err != nil {
|
|
} else if err != nil {
|
|
|
if !((err.Error() != "ERR_SESSION_TIMED_OUT") || (err.Error() != "ERR_INVALID_TOKEN")) { // ignore ERR_SESSION_TIMED_OUT and ERR_INVALID_TOKEN
|
|
if !((err.Error() != "ERR_SESSION_TIMED_OUT") || (err.Error() != "ERR_INVALID_TOKEN")) { // ignore ERR_SESSION_TIMED_OUT and ERR_INVALID_TOKEN
|
|
|
errorhelpers.HandleError(err, ctx)
|
|
errorhelpers.HandleError(err, ctx)
|
|
@@ -201,7 +241,7 @@ func CanBeAuthedHandler(ctx *iris.Context) {
|
|
|
ctx.Next() // authed users can now use their accounts, next handler
|
|
ctx.Next() // authed users can now use their accounts, next handler
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func AdminHandler(ctx *iris.Context) {
|
|
|
|
|
|
|
+func AdminHandler(ctx *iris.Context) { // TODO remake this
|
|
|
userID := ctx.GetString("userID")
|
|
userID := ctx.GetString("userID")
|
|
|
user, err := GetUser(userID)
|
|
user, err := GetUser(userID)
|
|
|
|
|
|
|
@@ -217,33 +257,33 @@ func AdminHandler(ctx *iris.Context) {
|
|
|
|
|
|
|
|
func GenerateTokens(numTokens int) ([]string, error) {
|
|
func GenerateTokens(numTokens int) ([]string, error) {
|
|
|
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
|
- tokens := make([]string, 0)
|
|
|
|
|
- dbTokens := make([][]string, 0)
|
|
|
|
|
|
|
+ tokens := make([]string, 0)
|
|
|
|
|
+ dbTokens := make([][]string, 0)
|
|
|
|
|
|
|
|
- for i := 0; i < numTokens; i++ {
|
|
|
|
|
- b := make([]byte, 16)
|
|
|
|
|
- for i := range b {
|
|
|
|
|
- b[i] = letterBytes[rand.Intn(len(letterBytes))]
|
|
|
|
|
- }
|
|
|
|
|
- tokens = append(tokens, string(b))
|
|
|
|
|
- dbTokens = [][]string{[]string{"value", string(b)}, []string{"used", "0"}}
|
|
|
|
|
- err := databaseutils.DBUtil.InsertRow("tokens", dbTokens)
|
|
|
|
|
- if err != nil {
|
|
|
|
|
- return []string{""}, err
|
|
|
|
|
- }
|
|
|
|
|
|
|
+ for i := 0; i < numTokens; i++ {
|
|
|
|
|
+ b := make([]byte, 16)
|
|
|
|
|
+ for i := range b {
|
|
|
|
|
+ b[i] = letterBytes[rand.Intn(len(letterBytes))]
|
|
|
}
|
|
}
|
|
|
|
|
+ tokens = append(tokens, string(b))
|
|
|
|
|
+ dbTokens = [][]string{[]string{"value", string(b)}, []string{"used", "0"}}
|
|
|
|
|
+ err := databaseutils.DBUtil.InsertRow("tokens", dbTokens)
|
|
|
|
|
+ if err != nil {
|
|
|
|
|
+ return []string{""}, err
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- return tokens, nil
|
|
|
|
|
|
|
+ return tokens, nil
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func GetTokens(used bool) []string {
|
|
|
|
|
|
|
+func GetTokens(used bool) ([]string, error) {
|
|
|
dbTokens, err := databaseutils.DBUtil.GetRows("*", "tokens", "used", "0") // get unused tokens
|
|
dbTokens, err := databaseutils.DBUtil.GetRows("*", "tokens", "used", "0") // get unused tokens
|
|
|
if used {
|
|
if used {
|
|
|
dbTokens, err = databaseutils.DBUtil.GetRows("*", "tokens", "used", "1") // get used tokens
|
|
dbTokens, err = databaseutils.DBUtil.GetRows("*", "tokens", "used", "1") // get used tokens
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
- fmt.Println(err.Error()) // TODO: nicer / outsource
|
|
|
|
|
|
|
+ return []string{}, err
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
tokens := make([]string, 0)
|
|
tokens := make([]string, 0)
|
|
@@ -252,18 +292,18 @@ func GetTokens(used bool) []string {
|
|
|
tokens = append(tokens, dbTokens[i][1])
|
|
tokens = append(tokens, dbTokens[i][1])
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- return tokens
|
|
|
|
|
|
|
+ return tokens, nil
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
-func GetTokensAsString(used bool) string {
|
|
|
|
|
- tokens := GetTokens(used)
|
|
|
|
|
|
|
+func GetTokensAsString(used bool) (string, error) {
|
|
|
|
|
+ tokens, err := GetTokens(used)
|
|
|
ret := ""
|
|
ret := ""
|
|
|
|
|
|
|
|
for i := range tokens {
|
|
for i := range tokens {
|
|
|
ret += fmt.Sprintf("%s\n", tokens[i])
|
|
ret += fmt.Sprintf("%s\n", tokens[i])
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
- return ret
|
|
|
|
|
|
|
+ return ret, err
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func GetUser(userID string) (User, error) {
|
|
func GetUser(userID string) (User, error) {
|
|
@@ -414,8 +454,10 @@ func RegisterHandler(ctx *iris.Context) {
|
|
|
username := ctx.FormValueString("username")
|
|
username := ctx.FormValueString("username")
|
|
|
password := ctx.FormValueString("password")
|
|
password := ctx.FormValueString("password")
|
|
|
|
|
|
|
|
- unusedTokens := GetTokens(false) // get all unused tokens
|
|
|
|
|
- usedTokens := GetTokens(true) // get all used tokens
|
|
|
|
|
|
|
+ unusedTokens, err := GetTokens(false) // get all unused tokens
|
|
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
|
|
+ usedTokens, err := GetTokens(true) // get all used tokens
|
|
|
|
|
+ errorhelpers.HandleError(err, ctx)
|
|
|
unusedToken := IsTokenUsed(unusedTokens, token) // check if token is unused
|
|
unusedToken := IsTokenUsed(unusedTokens, token) // check if token is unused
|
|
|
usedToken := IsTokenUsed(usedTokens, token) // check if token is used
|
|
usedToken := IsTokenUsed(usedTokens, token) // check if token is used
|
|
|
|
|
|
