diff --git a/snippetbox/cmd/web/handlers.go b/snippetbox/cmd/web/handlers.go index b73a2b1..169bd05 100644 --- a/snippetbox/cmd/web/handlers.go +++ b/snippetbox/cmd/web/handlers.go @@ -63,9 +63,9 @@ func (app *application) snippetCreate(w http.ResponseWriter, r *http.Request) { } type snippetCreateForm struct { - Title string `form:"title"` - Content string `form:"content"` - Expires int `form:"expires"` + Title string `form:"title"` + Content string `form:"content"` + Expires int `form:"expires"` validator.Validator `form:"-"` } @@ -103,9 +103,9 @@ func (app *application) snippetCreatePost(w http.ResponseWriter, r *http.Request } type userSignupForm struct { - Username string `form:"username"` - Email string `form:"email"` - Password string `form:"password"` + Username string `form:"username"` + Email string `form:"email"` + Password string `form:"password"` validator.Validator `form:"-"` } @@ -118,7 +118,6 @@ func (app *application) userSignup(w http.ResponseWriter, r *http.Request) { app.render(w, r, http.StatusOK, "signup.tmpl", data) } - // userSignupPost ... func (app *application) userSignupPost(w http.ResponseWriter, r *http.Request) { var form userSignupForm @@ -163,8 +162,8 @@ func (app *application) userSignupPost(w http.ResponseWriter, r *http.Request) { } type userLoginForm struct { - Username string `form:"username"` - Password string `form:"password"` + Email string `form:"email"` + Password string `form:"password"` validator.Validator `form:"-"` } @@ -187,7 +186,7 @@ func (app *application) userLoginPost(w http.ResponseWriter, r *http.Request) { return } - form.CheckField(validator.NotBlank(form.Username), "username", "This field cannot be blank") + form.CheckField(validator.NotBlank(form.Email), "email", "This field cannot be blank") form.CheckField(validator.NotBlank(form.Password), "password", "This field cannot be blank") if !form.Valid() { @@ -197,10 +196,27 @@ func (app *application) userLoginPost(w http.ResponseWriter, r *http.Request) { return } + userID, err := app.users.Authenticate(form.Email, form.Password) + if err != nil { + if errors.Is(err, models.ErrInvalidCredentials) { + form.AddNonFieldError("Email or password is incorrect") - app.sessionManager.Put(r.Context(), "authenticatedUserID", 1) + data := app.newTemplateData(r) + data.Form = form + app.render(w, r, http.StatusUnprocessableEntity, "login.tmpl", data) + } else { + app.serverError(w, r, err) + } + return + } + err = app.sessionManager.RenewToken(r.Context()) + if err != nil { + app.serverError(w, r, err) + return + } - app.sessionManager.Put(r.Context(), "flash", fmt.Sprintf("LOGGED IN USER %s! (not really)", form.Username)) + app.sessionManager.Put(r.Context(), "authenticatedUserID", userID) + app.sessionManager.Put(r.Context(), "flash", fmt.Sprintf("LOGGED IN USER %d!", userID)) http.Redirect(w, r, "/", http.StatusSeeOther) } diff --git a/snippetbox/internal/models/users.go b/snippetbox/internal/models/users.go index 8826b8a..494e5b0 100644 --- a/snippetbox/internal/models/users.go +++ b/snippetbox/internal/models/users.go @@ -47,8 +47,31 @@ func (m *UserModel) Insert(username, email, password string) error { } // Authenticate -func (m *UserModel) Authenticate(email int, password string) (int, error) { - return 0, nil +func (m *UserModel) Authenticate(email, password string) (int, error) { + var id int + var hashedPassword []byte + + stmt := "SELECT id, hashed_password FROM users WHERE email = ?" + + err := m.DB.QueryRow(stmt, email).Scan(&id, &hashedPassword) + if err != nil { + if errors.Is(err, sql.ErrNoRows) { + return 0, ErrInvalidCredentials + } else { + return 0, err + } + } + + err = bcrypt.CompareHashAndPassword(hashedPassword, []byte(password)) + if err != nil { + if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) { + return 0, ErrInvalidCredentials + } else { + return 0, err + } + } + + return id, nil } // Exists diff --git a/snippetbox/internal/validator/validator.go b/snippetbox/internal/validator/validator.go index 5dc7e9e..38bc8a5 100644 --- a/snippetbox/internal/validator/validator.go +++ b/snippetbox/internal/validator/validator.go @@ -10,12 +10,13 @@ import ( var EmailRX = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$") type Validator struct { + NonFieldErrors []string FieldErrors map[string]string } // Valid() ... func (v *Validator) Valid() bool { - return len(v.FieldErrors) == 0 + return len(v.FieldErrors) == 0 && len(v.NonFieldErrors) == 0 } // AddFieldError ... @@ -29,6 +30,10 @@ func (v *Validator) AddFieldError(key, message string) { } } +func (v *Validator) AddNonFieldError(message string) { + v.NonFieldErrors = append(v.NonFieldErrors, message) +} + // CheckField ... func (v *Validator) CheckField(ok bool, key, message string) { if !ok { diff --git a/snippetbox/ui/html/pages/login.tmpl b/snippetbox/ui/html/pages/login.tmpl index e9b319b..c66d36c 100644 --- a/snippetbox/ui/html/pages/login.tmpl +++ b/snippetbox/ui/html/pages/login.tmpl @@ -1,20 +1,23 @@ -{{define "title"}}User Login{{end}} +{{define "title"}}Login{{end}} {{define "main"}}
+ {{range .Form.NonFieldErrors}} +
{{.}}
+ {{end}}
- {{with .Form.FieldErrors.username}} + {{with .Form.FieldErrors.email}} {{end}} - +
{{with .Form.FieldErrors.password}} {{end}} - +