camzalewski/personal-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Validate if the email address is already in use during registration.

Browse source
This commit is contained in:
mikestefanello 2021-12-16 20:58:38 -05:00
parent b383be5dac
commit bd5bbab47c
2 changed files with 25 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
auth/auth.go
View file

@ -19,6 +19,7 @@ const (
sessionName = "ua" sessionName = "ua"
sessionKeyUserID = "user_id" sessionKeyUserID = "user_id"
sessionKeyAuthenticated = "authenticated" sessionKeyAuthenticated = "authenticated"
passwordTokenLength = 64
) )
type NotAuthenticatedError struct{} type NotAuthenticatedError struct{}
@ -83,7 +84,7 @@ func (c *Client) GetAuthenticatedUser(ctx echo.Context) (*ent.User, error) {
if userID, err := c.GetAuthenticatedUserID(ctx); err == nil { if userID, err := c.GetAuthenticatedUserID(ctx); err == nil {
return c.orm.User.Query(). return c.orm.User.Query().
Where(user.ID(userID)). Where(user.ID(userID)).
First(ctx.Request().Context()) Only(ctx.Request().Context())
} }
return nil, NotAuthenticatedError{} return nil, NotAuthenticatedError{}
@ -103,7 +104,10 @@ func (c *Client) CheckPassword(password, hash string) error {
func (c *Client) GeneratePasswordResetToken(ctx echo.Context, userID int) (string, *ent.PasswordToken, error) { func (c *Client) GeneratePasswordResetToken(ctx echo.Context, userID int) (string, *ent.PasswordToken, error) {
// Generate the token, which is what will go in the URL, but not the database // Generate the token, which is what will go in the URL, but not the database
token := c.RandomToken(64) token, err := c.RandomToken(passwordTokenLength)
if err != nil {
return "", nil, err
}
// Hash the token, which is what will be stored in the database // Hash the token, which is what will be stored in the database
hash, err := c.HashPassword(token) hash, err := c.HashPassword(token)
@ -148,10 +152,10 @@ func (c *Client) GetValidPasswordToken(ctx echo.Context, token string, userID in
return nil, InvalidTokenError{} return nil, InvalidTokenError{}
} }
func (c *Client) RandomToken(length int) string { func (c *Client) RandomToken(length int) (string, error) {
b := make([]byte, length) b := make([]byte, length)
if _, err := rand.Read(b); err != nil { if _, err := rand.Read(b); err != nil {
return "" return "", err
} }
return hex.EncodeToString(b) return hex.EncodeToString(b), nil
} }

18
routes/register.go
View file

@ -3,6 +3,7 @@ package routes
import ( import (
"goweb/context" "goweb/context"
"goweb/controller" "goweb/controller"
"goweb/ent/user"
"goweb/msg" "goweb/msg"
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
@ -42,8 +43,6 @@ func (r *Register) Post(c echo.Context) error {
return r.Get(c) return r.Get(c)
} }
// TODO: Validation for dupe email addresses
// Parse the form values // Parse the form values
form := new(RegisterForm) form := new(RegisterForm)
if err := c.Bind(form); err != nil { if err := c.Bind(form); err != nil {
@ -57,6 +56,20 @@ func (r *Register) Post(c echo.Context) error {
return r.Get(c) return r.Get(c)
} }
// Check if the email address is taken
exists, err := r.Container.ORM.User.
Query().
Where(user.Email(form.Email)).
Exist(c.Request().Context())
switch {
case err != nil:
return fail("unable to query to see if email is taken", err)
case exists:
msg.Warning(c, "A user with this email address already exists. Please log in.")
return r.Redirect(c, "login")
}
// Hash the password // Hash the password
pwHash, err := r.Container.Auth.HashPassword(form.Password) pwHash, err := r.Container.Auth.HashPassword(form.Password)
if err != nil { if err != nil {
@ -77,6 +90,7 @@ func (r *Register) Post(c echo.Context) error {
c.Logger().Infof("user created: %s", u.Name) c.Logger().Infof("user created: %s", u.Name)
// Log the user in
err = r.Container.Auth.Login(c, u.ID) err = r.Container.Auth.Login(c, u.ID)
if err != nil { if err != nil {
c.Logger().Errorf("unable to log in: %v", err) c.Logger().Errorf("unable to log in: %v", err)