lets-go:11.4 login

snippetbox/cmd/web/handlers.go

@@ -63,9 +63,9 @@ func (app *application) snippetCreate(w http.ResponseWriter, r *http.Request) {
 }
 
 type snippetCreateForm struct {
-	Title       string  `form:"title"`
-	Content     string  `form:"content"`
-	Expires     int     `form:"expires"`
+	Title               string `form:"title"`
+	Content             string `form:"content"`
+	Expires             int    `form:"expires"`
 	validator.Validator `form:"-"`
 }
 
@@ -103,9 +103,9 @@ func (app *application) snippetCreatePost(w http.ResponseWriter, r *http.Request
 }
 
 type userSignupForm struct {
-	Username    string  `form:"username"`
-	Email       string  `form:"email"`
-	Password    string  `form:"password"`
+	Username            string `form:"username"`
+	Email               string `form:"email"`
+	Password            string `form:"password"`
 	validator.Validator `form:"-"`
 }
 
@@ -118,7 +118,6 @@ func (app *application) userSignup(w http.ResponseWriter, r *http.Request) {
 	app.render(w, r, http.StatusOK, "signup.tmpl", data)
 }
 
-
 // userSignupPost ...
 func (app *application) userSignupPost(w http.ResponseWriter, r *http.Request) {
 	var form userSignupForm
@@ -163,8 +162,8 @@ func (app *application) userSignupPost(w http.ResponseWriter, r *http.Request) {
 }
 
 type userLoginForm struct {
-	Username    string  `form:"username"`
-	Password    string  `form:"password"`
+	Email               string `form:"email"`
+	Password            string `form:"password"`
 	validator.Validator `form:"-"`
 }
 
@@ -187,7 +186,7 @@ func (app *application) userLoginPost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	form.CheckField(validator.NotBlank(form.Username), "username", "This field cannot be blank")
+	form.CheckField(validator.NotBlank(form.Email), "email", "This field cannot be blank")
 	form.CheckField(validator.NotBlank(form.Password), "password", "This field cannot be blank")
 
 	if !form.Valid() {
@@ -197,10 +196,27 @@ func (app *application) userLoginPost(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	userID, err := app.users.Authenticate(form.Email, form.Password)
+	if err != nil {
+		if errors.Is(err, models.ErrInvalidCredentials) {
+			form.AddNonFieldError("Email or password is incorrect")
 
-	app.sessionManager.Put(r.Context(), "authenticatedUserID", 1)
+			data := app.newTemplateData(r)
+			data.Form = form
+			app.render(w, r, http.StatusUnprocessableEntity, "login.tmpl", data)
+		} else {
+			app.serverError(w, r, err)
+		}
+		return
+	}
+	err = app.sessionManager.RenewToken(r.Context())
+	if err != nil {
+		app.serverError(w, r, err)
+		return
+	}
 
-	app.sessionManager.Put(r.Context(), "flash", fmt.Sprintf("LOGGED IN USER %s! (not really)", form.Username))
+	app.sessionManager.Put(r.Context(), "authenticatedUserID", userID)
+	app.sessionManager.Put(r.Context(), "flash", fmt.Sprintf("LOGGED IN USER %d!", userID))
 
 	http.Redirect(w, r, "/", http.StatusSeeOther)
 }

snippetbox/internal/models/users.go

@@ -47,8 +47,31 @@ func (m *UserModel) Insert(username, email, password string) error {
 }
 
 // Authenticate
-func (m *UserModel) Authenticate(email int, password string) (int, error) {
-	return 0, nil
+func (m *UserModel) Authenticate(email, password string) (int, error) {
+	var id int
+	var hashedPassword []byte
+
+	stmt := "SELECT id, hashed_password FROM users WHERE email = ?"
+
+	err := m.DB.QueryRow(stmt, email).Scan(&id, &hashedPassword)
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return 0, ErrInvalidCredentials
+		} else {
+			return 0, err
+		}
+	}
+
+	err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password))
+	if err != nil {
+		if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
+			return 0, ErrInvalidCredentials
+		} else {
+			return 0, err
+		}
+	}
+
+	return id, nil
 }
 
 // Exists

snippetbox/internal/validator/validator.go

@@ -10,12 +10,13 @@ import (
 var EmailRX = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
 
 type Validator struct {
+	NonFieldErrors []string
 	FieldErrors map[string]string
 }
 
 // Valid() ...
 func (v *Validator) Valid() bool {
-	return len(v.FieldErrors) == 0
+	return len(v.FieldErrors) == 0 && len(v.NonFieldErrors) == 0
 }
 
 // AddFieldError ...
@@ -29,6 +30,10 @@ func (v *Validator) AddFieldError(key, message string) {
 	}
 }
 
+func (v *Validator) AddNonFieldError(message string) {
+	v.NonFieldErrors = append(v.NonFieldErrors, message)
+}
+
 // CheckField ...
 func (v *Validator) CheckField(ok bool, key, message string)  {
 	if !ok {

snippetbox/ui/html/pages/login.tmpl

@@ -1,20 +1,23 @@
-{{define "title"}}User Login{{end}}
+{{define "title"}}Login{{end}}
 
 {{define "main"}}
 <form action='/user/login' method='POST'>
+  {{range .Form.NonFieldErrors}}
+  <div class="error">{{.}}</div>
+  {{end}}
   <div>
     <label>Username:</label>
-    {{with .Form.FieldErrors.username}}
+    {{with .Form.FieldErrors.email}}
     <label class='error'>{{.}}</label>
     {{end}}
-    <input type='text' name='username' value='{{.Form.Username}}'>
+    <input type='text' name='email' value='{{.Form.Email}}'>
   </div>
   <div>
     <label>Password:</label>
     {{with .Form.FieldErrors.password}}
     <label class='error'>{{.}}</label>
     {{end}}
-    <input type='text' name='password' value='{{.Form.Password}}'>
+    <input type='password' name='password'>
   </div>
   <div>
     <input type='submit' value='Login'>