added userLogout fixes #15, #10

2025-05-01 19:42:33 +02:00
parent 35ec575a05
commit 9a88397bb2
11 changed files with 151 additions and 89 deletions
--- a/Backend/endpoints/user.go
+++ b/Backend/endpoints/user.go
@@ -1,128 +0,0 @@
-package endpoints
-
-import (
-	"arbeitszeitmessung/helper"
-	"arbeitszeitmessung/models"
-	"arbeitszeitmessung/templates"
-	"log"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/alexedwards/scs/v2"
-)
-
-var Session *scs.SessionManager
-
-func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
-	Session = scs.New()
-	Session.Lifetime = lifetime
-	return Session
-}
-
-func LoginHandler(w http.ResponseWriter, r *http.Request) {
-	switch r.Method {
-	case http.MethodGet:
-		showLoginPage(w, r, false)
-		break
-	case http.MethodPost:
-		loginUser(w, r)
-		break
-	default:
-		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
-		break
-	}
-}
-
-func UserSettingsHandler(w http.ResponseWriter, r *http.Request) {
-	helper.RequiresLogin(Session, w, r)
-	switch r.Method {
-	case http.MethodGet:
-		showUserPage(w, r, 0)
-		break
-	case http.MethodPost:
-		changePassword(w, r)
-		break
-	default:
-		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
-		break
-	}
-}
-
-func showLoginPage(w http.ResponseWriter, r *http.Request, failed bool) {
-	templates.LoginPage(failed).Render(r.Context(), w)
-}
-
-func loginUser(w http.ResponseWriter, r *http.Request) {
-	err := r.ParseForm()
-	if err != nil {
-		log.Println("Error parsing form!", err)
-		http.Error(w, "Internal error", http.StatusBadRequest)
-		return
-	}
-	_personal_nummer := r.FormValue("personal_nummer")
-	if _personal_nummer == "" {
-		log.Println("No personal_nummer provided!")
-		http.Error(w, "No personal_nummer provided", http.StatusBadRequest)
-		return
-	}
-	personal_nummer, err := strconv.Atoi(_personal_nummer)
-	if err != nil {
-		log.Println("Cannot parse personal nubmer!")
-		http.Error(w, "Cannot parse number", http.StatusBadRequest)
-		return
-	}
-
-	user, err := (*models.User).GetByPersonalNummer(nil, personal_nummer)
-	if err != nil {
-		log.Println("No user found under this personal number!")
-		http.Error(w, "No user found!", http.StatusNotFound)
-	}
-
-	password := r.FormValue("password")
-	if user.Login(password) {
-		log.Printf("New succesfull user login from %s %s!\n", user.Vorname, user.Name)
-		Session.Put(r.Context(), "user", user.PersonalNummer)
-		http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
-	} else {
-		showLoginPage(w, r, true)
-		return
-	}
-	showLoginPage(w, r, false)
-	return
-}
-
-// change user password and store salted hash in db
-func changePassword(w http.ResponseWriter, r *http.Request) {
-	err := r.ParseForm()
-	if err != nil {
-		log.Println("Error parsing form!", err)
-		http.Error(w, "Error parsing form error", http.StatusBadRequest)
-		return
-	}
-	password := r.FormValue("password")
-	newPassword := r.FormValue("new_password")
-	if password == "" || newPassword == "" || newPassword != r.FormValue("new_password_repeat") {
-		showUserPage(w, r, http.StatusBadRequest)
-		return
-	}
-	user, err := (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
-	if err != nil {
-		log.Println("Error getting user!", err)
-		showUserPage(w, r, http.StatusBadRequest)
-	}
-	auth, err := user.ChangePass(password, newPassword)
-	if err != nil {
-		log.Println("Error when changing password!", err)
-	}
-	if auth {
-		showUserPage(w, r, http.StatusOK)
-		return
-	}
-	showUserPage(w, r, http.StatusUnauthorized)
-}
-
-func showUserPage(w http.ResponseWriter, r *http.Request, status int) {
-	templates.UserPage(status).Render(r.Context(), w)
-	return
-}