Allow users to login and logout

Author: user

handlers.user.go

@@ -10,13 +10,51 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+func showLoginPage(c *gin.Context) {
+	// Call the render function with the name of the template to render
+	render(c, gin.H{
+		"title": "Login",
+	}, "login.html")
+}
+
+func performLogin(c *gin.Context) {
+	// Obtain the POSTed username and password values
+	username := c.PostForm("username")
+	password := c.PostForm("password")
+
+	// Check if the username/password combination is valid
+	if isUserValid(username, password) {
+		// If the username/password is valid set the token in a cookie
+		token := generateSessionToken()
+		c.SetCookie("token", token, 3600, "", "", false, true)
+
+		render(c, gin.H{
+			"title": "Successful Login"}, "login-successful.html")
+
+	} else {
+		// If the username/password combination is invalid,
+		// show the error message on the login page
+		c.HTML(http.StatusBadRequest, "login.html", gin.H{
+			"ErrorTitle":   "Login Failed",
+			"ErrorMessage": "Invalid credentials provided"})
+	}
+}
+
 func generateSessionToken() string {
 	// We're using a random 16 character string as the session token
 	// This is NOT a secure way of generating session tokens
 	// DO NOT USE THIS IN PRODUCTION
 	return strconv.FormatInt(rand.Int63(), 16)
 }
 
+func logout(c *gin.Context) {
+	// Clear the cookie
+	c.SetCookie("token", "", -1, "", "", false, true)
+
+	// Redirect to the home page
+	c.Redirect(http.StatusTemporaryRedirect, "/")
+}
+
 func showRegistrationPage(c *gin.Context) {
 	// Call the render function with the name of the template to render
 	render(c, gin.H{

handlers.user_test.go

@@ -12,6 +12,91 @@ import (
 	"testing"
 )
 
+// Test that a GET request to the login page returns the login page with
+// the HTTP code 200 for an unauthenticated user
+func TestShowLoginPageUnauthenticated(t *testing.T) {
+	r := getRouter(true)
+
+	// Define the route similar to its definition in the routes file
+	r.GET("/u/login", showLoginPage)
+
+	// Create a request to send to the above route
+	req, _ := http.NewRequest("GET", "/u/login", nil)
+
+	testHTTPResponse(t, r, req, func(w *httptest.ResponseRecorder) bool {
+		// Test that the http status code is 200
+		statusOK := w.Code == http.StatusOK
+
+		// Test that the page title is "Login"
+		p, err := ioutil.ReadAll(w.Body)
+		pageOK := err == nil && strings.Index(string(p), "<title>Login</title>") > 0
+
+		return statusOK && pageOK
+	})
+}
+
+// Test that a POST request to login returns a success message for
+// an unauthenticated user
+func TestLoginUnauthenticated(t *testing.T) {
+	// Create a response recorder
+	w := httptest.NewRecorder()
+
+	// Get a new router
+	r := getRouter(true)
+
+	// Define the route similar to its definition in the routes file
+	r.POST("/u/login", performLogin)
+
+	// Create a request to send to the above route
+	loginPayload := getLoginPOSTPayload()
+	req, _ := http.NewRequest("POST", "/u/login", strings.NewReader(loginPayload))
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Add("Content-Length", strconv.Itoa(len(loginPayload)))
+
+	// Create the service and process the above request.
+	r.ServeHTTP(w, req)
+
+	// Test that the http status code is 200
+	if w.Code != http.StatusOK {
+		t.Fail()
+	}
+
+	// Test that the page title is "Successful Login"
+	// You can carry out a lot more detailed tests using libraries that can
+	// parse and process HTML pages
+	p, err := ioutil.ReadAll(w.Body)
+	if err != nil || strings.Index(string(p), "<title>Successful Login</title>") < 0 {
+		t.Fail()
+	}
+}
+
+// Test that a POST request to login returns an error when using
+// incorrect credentials
+func TestLoginUnauthenticatedIncorrectCredentials(t *testing.T) {
+	// Create a response recorder
+	w := httptest.NewRecorder()
+
+	// Get a new router
+	r := getRouter(true)
+
+	// Define the route similar to its definition in the routes file
+	r.POST("/u/login", performLogin)
+
+	// Create a request to send to the above route
+	loginPayload := getRegistrationPOSTPayload()
+	req, _ := http.NewRequest("POST", "/u/login", strings.NewReader(loginPayload))
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	req.Header.Add("Content-Length", strconv.Itoa(len(loginPayload)))
+
+	// Create the service and process the above request.
+	r.ServeHTTP(w, req)
+
+	// Test that the http status code is 200
+	if w.Code != http.StatusBadRequest {
+		t.Fail()
+	}
+}
+
 // Test that a GET request to the registration page returns the registration
 // page with the HTTP code 200 for an unauthenticated user
 func TestShowRegistrationPageUnauthenticated(t *testing.T) {

models.user.go

@@ -24,6 +24,16 @@ var userList = []user{
 	user{Username: "user3", Password: "pass3"},
 }
 
+// Check if the username and password combination is valid
+func isUserValid(username, password string) bool {
+	for _, u := range userList {
+		if u.Username == username && u.Password == password {
+			return true
+		}
+	}
+	return false
+}
+
 // Register a new user with the given username and password
 // NOTE: For this demo, we
 func registerNewUser(username, password string) (*user, error) {

models.user_test.go

@@ -4,6 +4,28 @@ package main
 
 import "testing"
 
+// Test the validity of different combinations of username/password
+func TestUserValidity(t *testing.T) {
+	if !isUserValid("user1", "pass1") {
+		t.Fail()
+	}
+
+	if isUserValid("user2", "pass1") {
+		t.Fail()
+	}
+
+	if isUserValid("user1", "") {
+		t.Fail()
+	}
+
+	if isUserValid("", "pass1") {
+		t.Fail()
+	}
+
+	if isUserValid("User1", "pass1") {
+		t.Fail()
+	}
+}
 
 // Test if a new user can be registered with valid username/password
 func TestValidUserRegistration(t *testing.T) {

routes.go

@@ -10,13 +10,24 @@ func initializeRoutes() {
 	// Group user related routes together
 	userRoutes := router.Group("/u")
 	{
+		// Handle the GET requests at /u/login
+		// Show the login page
+		// Ensure that the user is not logged in by using the middleware
+		userRoutes.GET("/login", showLoginPage)
+
+		// Handle POST requests at /u/login
+		// Ensure that the user is not logged in by using the middleware
+		userRoutes.POST("/login", performLogin)
+
+		// Handle GET requests at /u/logout
+		// Ensure that the user is logged in by using the middleware
+		userRoutes.GET("/logout", logout)
+
 		// Handle the GET requests at /u/register
 		// Show the registration page
-		// Ensure that the user is not logged in by using the middleware
 		userRoutes.GET("/register", showRegistrationPage)
 
 		// Handle POST requests at /u/register
-		// Ensure that the user is not logged in by using the middleware
 		userRoutes.POST("/register", register)
 	}
 

templates/login.html

@@ -0,0 +1,34 @@
+<!--login.html-->
+
+<!--Embed the header.html template at this location-->
+{{ template "header.html" .}}
+
+<h1>Login</h1>
+
+
+<div class="panel panel-default col-sm-6">
+  <div class="panel-body">
+    <!--If there's an error, display the error-->
+    {{ if .ErrorTitle}}
+    <p class="bg-danger">
+      {{.ErrorTitle}}: {{.ErrorMessage}}
+    </p>
+    {{end}}
+    <!--Create a form that POSTs to the `/u/login` route-->
+    <form class="form" action="/u/login" method="POST">
+      <div class="form-group">
+        <label for="username">Username</label>
+        <input type="text" class="form-control" id="username" name="username" placeholder="Username">
+      </div>
+      <div class="form-group">
+        <label for="password">Password</label>
+        <input type="password" class="form-control" id="password" name="password" placeholder="Password">
+      </div>
+      <button type="submit" class="btn btn-primary">Login</button>
+    </form>
+  </div>
+</div>  
+
+
+<!--Embed the footer.html template at this location-->
+{{ template "footer.html" .}}

templates/menu.html

@@ -9,6 +9,8 @@
     </div>
     <ul class="nav navbar-nav">      
         <li><a href="/u/register">Register</a></li>
+        <li><a href="/u/login">Login</a></li>
+        <li><a href="/u/logout">Logout</a></li>
     </ul>
   </div>
 </nav>