Implement registration

2016-12-20 15:26:31 +01:00 · 2016-12-20 15:26:31 +01:00 · a71afaf6b9
commit a71afaf6b9
parent b9d428d386
4 changed files with 42 additions and 1 deletions
--- a/bcrypt/verifier.go
+++ b/bcrypt/verifier.go
@ -1,6 +1,8 @@
 package bcrypt

 import (
+	"bytes"
+
 	"golang.org/x/crypto/bcrypt"
 )

@ -13,3 +15,13 @@ type Verifier struct {
 func (bv *Verifier) Verify(password string, hashOnDb string) error {
 	return bcrypt.CompareHashAndPassword([]byte(hashOnDb), []byte(password))
 }
+
+// Hash calculates a hash to be stored on the database
+func (bv *Verifier) Hash(password string) (string, error) {
+	hash, err := bcrypt.GenerateFromPassword([]byte(password), bv.cost)
+	if err != nil {
+		return "", err
+	}
+	idx := bytes.IndexByte(hash, 0)
+	return string(hash[:idx]), nil
+}
--- a/http/http.go
+++ b/http/http.go
@ -36,6 +36,7 @@ func (h *Handler) Serve() {
 		api.GET("/logout", logout)
 		api.GET("/login", func(c *gin.Context) { c.Redirect(http.StatusPermanentRedirect, "/login") })
 		api.POST("/login", h.loginPost)
+		api.POST("/register", h.registerPost)

 		// Unauthenticated routes
 		api.GET("/check", func(c *gin.Context) { c.String(http.StatusOK, "Accessible") })
@ -131,3 +132,30 @@ func (h *Handler) loginPost(c *gin.Context) {
 		"token": t,
 	})
 }
+
+func (h *Handler) registerPost(c *gin.Context) {
+	username, _ := c.GetPostForm("username")
+	password, _ := c.GetPostForm("password")
+	name, _ := c.GetPostForm("name")
+
+	user, err := h.UserService.UserByUsername(username)
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	hash, err := h.CredentialsVerifier.Hash(password)
+	if err != nil {
+		c.AbortWithStatus(http.StatusUnauthorized)
+	}
+
+	user = &budgeteer.User{
+		Name:     name,
+		Password: hash,
+		Email:    username,
+	}
+	err = h.UserService.CreateUser(user)
+	if err != nil {
+		c.AbortWithError(http.StatusInternalServerError, err)
+	}
+}
--- a/templates/register.html
+++ b/templates/register.html
@ -47,7 +47,7 @@
            Budgeteer
        </div>
        <div class="container col-lg-12" id="content">
-            <form id="loginForm" action="/api/v1/login" method="POST" class="center-block">
+            <form id="loginForm" action="/api/v1/register" method="POST" class="center-block">
                <label for="email">E-Mail</label>
                <input type="text" name="email" /><br />

--- a/user.go
+++ b/user.go
@ -20,4 +20,5 @@ type UserService interface {
 // CredentialVerifier verifies the provided credentials
 type CredentialVerifier interface {
 	Verify(password string, hashOnDb string) error
+	Hash(password string) (string, error)
 }