Mercurial > gemma
annotate pkg/controllers/token.go @ 512:7474e9922ed5
Don't tell what the reason is when login fails for database reasons.
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Fri, 24 Aug 2018 18:04:25 +0200 |
| parents | 8a0737aa6ab6 |
| children | d9dbb6139760 |
| rev | line source |
|---|---|
|
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
206
diff
changeset
|
1 package controllers |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
2 |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
3 import ( |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
4 "encoding/json" |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
5 "fmt" |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
6 "log" |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
7 "net/http" |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
8 |
|
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
333
diff
changeset
|
9 "gemma.intevation.de/gemma/pkg/auth" |
|
442
fc37e7072022
Moved some models used in controllers to to model package because they may be needed elsewhere (e.g. GeoServer config).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
425
diff
changeset
|
10 "gemma.intevation.de/gemma/pkg/models" |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
11 ) |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
12 |
|
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
13 func sendJSON(rw http.ResponseWriter, data interface{}) { |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
14 rw.Header().Set("Content-Type", "application/json") |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
15 if err := json.NewEncoder(rw).Encode(data); err != nil { |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
16 log.Printf("error: %v\n", err) |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
17 } |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
18 } |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
19 |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
20 func renew(rw http.ResponseWriter, req *http.Request) { |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 token, _ := auth.GetToken(req) |
|
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
484
diff
changeset
|
22 newToken, err := auth.Sessions.Renew(token) |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
23 switch { |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
24 case err == auth.ErrNoSuchToken: |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
25 http.NotFound(rw, req) |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 return |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
27 case err != nil: |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
28 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
29 return |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
30 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
31 |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
32 session, _ := auth.GetSession(req) |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
33 |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
34 var result = struct { |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
35 Token string `json:"token"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
36 Expires int64 `json:"expires"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
37 User string `json:"user"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
38 Roles []string `json:"roles"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
39 }{ |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
40 Token: newToken, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
41 Expires: session.ExpiresAt, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
42 User: session.User, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
43 Roles: session.Roles, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
44 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
45 |
|
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
46 sendJSON(rw, &result) |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
47 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
48 |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
49 func logout(rw http.ResponseWriter, req *http.Request) { |
|
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
50 token, ok := auth.GetToken(req) |
|
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
484
diff
changeset
|
51 if !ok || !auth.Sessions.Delete(token) { |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
52 http.NotFound(rw, req) |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
53 return |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
54 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
55 rw.Header().Set("Content-Type", "text/plain") |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 fmt.Fprintln(rw, "token deleted") |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
57 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
58 |
|
231
694f959ba3e7
Fixed bad route to /logout controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
226
diff
changeset
|
59 func login(rw http.ResponseWriter, req *http.Request) { |
|
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
60 |
|
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
61 var input struct { |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
62 User models.UserName `json:"user"` |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
63 Password string `json:"password"` |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
64 } |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
65 defer req.Body.Close() |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
66 if err := json.NewDecoder(req.Body).Decode(&input); err != nil { |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
67 log.Printf("%v\n", err) |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
68 http.Error(rw, "error: "+err.Error(), http.StatusBadRequest) |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
69 return |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
70 } |
|
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
71 |
|
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
72 if input.Password == "" { |
|
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
73 http.Error(rw, "Invalid credentials", http.StatusBadRequest) |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
74 return |
|
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
75 } |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
76 |
|
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
77 token, session, err := auth.GenerateSession( |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
78 string(input.User), |
|
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
79 input.Password) |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
80 if err != nil { |
|
512
7474e9922ed5
Don't tell what the reason is when login fails for database reasons.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
81 http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
82 return |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
83 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
84 |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
85 var result = struct { |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
86 Token string `json:"token"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
87 Expires int64 `json:"expires"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
88 User string `json:"user"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
89 Roles []string `json:"roles"` |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
90 }{ |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
91 Token: token, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
92 Expires: session.ExpiresAt, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
93 User: session.User, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
94 Roles: session.Roles, |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
95 } |
|
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
96 |
|
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
97 sendJSON(rw, &result) |
|
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
98 } |