use strict; package TrsrDB::HTTP::User; use Mojo::Base 'Mojolicious::Controller'; #use Carp qw(croak); sub login { my $self = shift; my $user_id = $self->param('user') // return; my $db = $self->app->db; my $password = $self->param('password'); my $user = $db->resultset("User")->find( $user_id =~ m{@} ? { email => $user_id } : $user_id ); if ( !$user ) { $self->render( retry_msg => 'authfailure' ); return; } elsif ( my $token = $self->param('token') ) { my $pw = $self->param("password") // q{}; if ( ($user->password//q{}) ne $token ) { $self->render( retry_msg => 'authfailure' ); return; } elsif ( $pw ne ($self->param("samepassword") // q{}) ) { $self->render( retry_msg => "Passwords are different" ); return; } $self->session("user_id" => $user_id ); $user->salted_password($pw); $user->update(); $self->redirect_to("home"); } elsif ( $password && $user->password_equals($password) ) { $self->session("user_id" => $user_id ); $self->redirect_to("home"); } else { $self->render( $password ? (retry_msg => 'authfailure') : () ); } } sub logout { my ($self) = @_; $self->session(expires => 1); $self->redirect_to('home'); # $self->stash( retry_msg => 'loggedOut' ); } 1;