129 lines
3.3 KiB
Go
129 lines
3.3 KiB
Go
package endpoints
|
|
|
|
import (
|
|
"arbeitszeitmessung/models"
|
|
"arbeitszeitmessung/templates"
|
|
"log"
|
|
"net/http"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/alexedwards/scs/v2"
|
|
)
|
|
|
|
var Session *scs.SessionManager
|
|
|
|
func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
|
|
Session = scs.New()
|
|
Session.Lifetime = lifetime
|
|
return Session
|
|
}
|
|
func LoginHandler(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
showLoginForm(w, r, false)
|
|
break
|
|
case http.MethodPost:
|
|
loginUser(w, r)
|
|
break
|
|
default:
|
|
showLoginForm(w, r, false)
|
|
break
|
|
}
|
|
}
|
|
|
|
func UserHandler(w http.ResponseWriter, r *http.Request) {
|
|
if !Session.Exists(r.Context(), "user") {
|
|
http.Redirect(w, r, "/user/login", http.StatusSeeOther)
|
|
}
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
showPWForm(w, r, 0)
|
|
break
|
|
case http.MethodPost:
|
|
changePassword(w, r)
|
|
break
|
|
default:
|
|
http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
|
|
break
|
|
}
|
|
}
|
|
|
|
func showLoginForm(w http.ResponseWriter, r *http.Request, failed bool) {
|
|
templates.LoginPage(failed).Render(r.Context(), w)
|
|
}
|
|
|
|
func loginUser(w http.ResponseWriter, r *http.Request) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
log.Println("Error parsing form!", err)
|
|
http.Error(w, "Internal error", http.StatusBadRequest)
|
|
return
|
|
}
|
|
_personal_nummer := r.FormValue("personal_nummer")
|
|
if _personal_nummer == "" {
|
|
log.Println("No personal_nummer provided!")
|
|
http.Error(w, "No personal_nummer provided", http.StatusBadRequest)
|
|
return
|
|
}
|
|
personal_nummer, err := strconv.Atoi(_personal_nummer)
|
|
if err != nil {
|
|
log.Println("Cannot parse personal nubmer!")
|
|
http.Error(w, "Cannot parse number", http.StatusBadRequest)
|
|
return
|
|
}
|
|
|
|
user, err := (*models.User).GetByPersonalNummer(nil, personal_nummer)
|
|
if err != nil {
|
|
log.Println("No user found under this personal number!")
|
|
http.Error(w, "No user found!", http.StatusNotFound)
|
|
}
|
|
|
|
password := r.FormValue("password")
|
|
if user.Login(password) {
|
|
log.Printf("New succesfull user login from %s %s!\n", user.Vorname, user.Name)
|
|
Session.Put(r.Context(), "user", user.PersonalNummer)
|
|
http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
|
|
} else {
|
|
showLoginForm(w, r, true)
|
|
return
|
|
}
|
|
showLoginForm(w, r, false)
|
|
return
|
|
}
|
|
|
|
// change user password and store salted hash in db
|
|
func changePassword(w http.ResponseWriter, r *http.Request) {
|
|
err := r.ParseForm()
|
|
if err != nil {
|
|
log.Println("Error parsing form!", err)
|
|
http.Error(w, "Error parsing form error", http.StatusBadRequest)
|
|
return
|
|
}
|
|
password := r.FormValue("password")
|
|
newPassword := r.FormValue("new_password")
|
|
if password == "" || newPassword == "" || newPassword != r.FormValue("new_password_repeat") {
|
|
showPWForm(w, r, http.StatusBadRequest)
|
|
return
|
|
}
|
|
user, err := (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
|
|
if err != nil {
|
|
log.Println("Error getting user!", err)
|
|
showPWForm(w, r, http.StatusBadRequest)
|
|
}
|
|
auth, err := user.ChangePass(password, newPassword)
|
|
if err != nil {
|
|
log.Println("Error when changing password!", err)
|
|
}
|
|
if auth {
|
|
showPWForm(w, r, http.StatusOK)
|
|
return
|
|
}
|
|
showPWForm(w, r, http.StatusUnauthorized)
|
|
}
|
|
|
|
func showPWForm(w http.ResponseWriter, r *http.Request, status int) {
|
|
templates.UserPage(status).Render(r.Context(), w)
|
|
return
|
|
}
|