před 5 roky · 59790f99c8
--- a/internal/forms/user.go
+++ b/internal/forms/user.go
@@ -21,8 +21,6 @@ type CreateUserForm struct {
 
				 }
			
 
				 
			
 
				 // ToUser converts a CreateUserForm to models.User
			
 
				-//
			
 
				-// TODO -- PASSWORD HASHING HERE
			
 
				 func (cuf *CreateUserForm) ToUser() (*models.User, error) {
			
 
				 	hashed, err := bcrypt.GenerateFromPassword([]byte(cuf.Password), 8)
			
 
				 
			
--- a/internal/repository/gorm/user.go
+++ b/internal/repository/gorm/user.go
@@ -34,6 +34,15 @@ func (repo *UserRepository) ReadUser(id uint) (*models.User, error) {
 
				 	return user, nil
			
 
				 }
			
 
				 
			
 
				+// ReadUserByEmail finds a single user based on their Email. Used primarily for Login.
			
 
				+func (repo *UserRepository) ReadUserByEmail(email string) (*models.User, error) {
			
 
				+	u := &models.User{}
			
 
				+	if err := repo.db.Where("email = ?", email).First(&u).Error; err != nil {
			
 
				+		return nil, err
			
 
				+	}
			
 
				+	return u, nil
			
 
				+}
			
 
				+
			
 
				 // UpdateUser modifies an existing User in the database
			
 
				 func (repo *UserRepository) UpdateUser(user *models.User) (*models.User, error) {
			
 
				 	if err := repo.db.First(&models.User{}, user.ID).Updates(user).Error; err != nil {
			
--- a/internal/repository/user.go
+++ b/internal/repository/user.go
@@ -11,6 +11,7 @@ type WriteUser func(user *models.User) (*models.User, error)
 
				 type UserRepository interface {
			
 
				 	CreateUser(user *models.User) (*models.User, error)
			
 
				 	ReadUser(id uint) (*models.User, error)
			
 
				+	ReadUserByEmail(email string) (*models.User, error)
			
 
				 	UpdateUser(user *models.User) (*models.User, error)
			
 
				 	DeleteUser(user *models.User) (*models.User, error)
			
 
				 }
			
--- a/server/api/user_handler.go
+++ b/server/api/user_handler.go
@@ -9,6 +9,7 @@ import (
 
				 	"github.com/porter-dev/porter/internal/forms"
			
 
				 	"github.com/porter-dev/porter/internal/models"
			
 
				 	"github.com/porter-dev/porter/internal/repository"
			
 
				+	"golang.org/x/crypto/bcrypt"
			
 
				 )
			
 
				 
			
 
				 // Enumeration of user API error codes, represented as int64
			
@@ -36,8 +37,26 @@ func (app *App) HandleCreateUser(w http.ResponseWriter, r *http.Request) {
 
				 func (app *App) HandleLoginUser(w http.ResponseWriter, r *http.Request) {
			
 
				 	session, _ := app.store.Get(r, "cookie-name")
			
 
				 
			
 
				+	// read in email and password from request
			
 
				+	email := chi.URLParam(r, "email")
			
 
				+	password := chi.URLParam(r, "password")
			
 
				+
			
 
				 	// Authentication goes here
			
 
				-	// ...
			
 
				+	// Select User by Username (app.repo.User.ReadUserByUsername) and return storedCreds object that has Password.
			
 
				+	storedUser, readErr := app.repo.User.ReadUserByEmail(email)
			
 
				+
			
 
				+	if readErr != nil {
			
 
				+		// You're not registered error
			
 
				+		app.logger.Warn().Err(readErr)
			
 
				+		w.WriteHeader(http.StatusUnauthorized)
			
 
				+		return
			
 
				+	}
			
 
				+
			
 
				+	if err := bcrypt.CompareHashAndPassword([]byte(storedUser.Password), []byte(password)); err != nil {
			
 
				+		// If the two passwords don't match, return a 401 status
			
 
				+		w.WriteHeader(http.StatusUnauthorized)
			
 
				+		return
			
 
				+	}
			
 
				 
			
 
				 	// Set user as authenticated
			
 
				 	session.Values["authenticated"] = true