Mercurial > gemma
annotate pkg/controllers/token.go @ 5244:8f9cd1df5028 new-fwa
Fixed a copy-by-value problem.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 12 May 2020 19:11:02 +0200 |
parents | 4394daeea96a |
children | 5f47eeea988d |
rev | line source |
---|---|
1017
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
1 // This is Free Software under GNU Affero General Public License v >= 3.0 |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
2 // without warranty, see README.md and license for details. |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
3 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
4 // SPDX-License-Identifier: AGPL-3.0-or-later |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
5 // License-Filename: LICENSES/AGPL-3.0.txt |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
6 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
7 // Copyright (C) 2018 by via donau |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
8 // – Österreichische Wasserstraßen-Gesellschaft mbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
9 // Software engineering by Intevation GmbH |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
10 // |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
11 // Author(s): |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
12 // * Sascha L. Teichmann <sascha.teichmann@intevation.de> |
a244b18cb916
Added GNU Affero General Public License.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
979
diff
changeset
|
13 |
226
63dd5216eee4
Refactored gemma server to be more REST-like.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
206
diff
changeset
|
14 package controllers |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
15 |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
16 import ( |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
17 "encoding/json" |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
18 "fmt" |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
19 "log" |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
20 "net/http" |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
21 |
414
c1047fd04a3a
Moved project specific Go packages to new pkg folder.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
333
diff
changeset
|
22 "gemma.intevation.de/gemma/pkg/auth" |
442
fc37e7072022
Moved some models used in controllers to to model package because they may be needed elsewhere (e.g. GeoServer config).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
425
diff
changeset
|
23 "gemma.intevation.de/gemma/pkg/models" |
4244
4394daeea96a
Moved JSONHandler into middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
3956
diff
changeset
|
24 |
4394daeea96a
Moved JSONHandler into middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
3956
diff
changeset
|
25 mw "gemma.intevation.de/gemma/pkg/middleware" |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
26 ) |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
27 |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
28 func renew(rw http.ResponseWriter, req *http.Request) { |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
29 token, _ := auth.GetToken(req) |
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
484
diff
changeset
|
30 newToken, err := auth.Sessions.Renew(token) |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
31 switch { |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
32 case err == auth.ErrNoSuchToken: |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
33 http.NotFound(rw, req) |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
34 return |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
35 case err != nil: |
536
d9dbb6139760
Log errors in JSON handler and login controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
512
diff
changeset
|
36 log.Printf("error: %v\n", err) |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
37 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
38 return |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
39 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
40 |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
41 session, _ := auth.GetSession(req) |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
42 |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
43 var result = struct { |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
44 Token string `json:"token"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
45 Expires int64 `json:"expires"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
46 User string `json:"user"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
47 Roles []string `json:"roles"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
48 }{ |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
49 Token: newToken, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
50 Expires: session.ExpiresAt, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
51 User: session.User, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
52 Roles: session.Roles, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
53 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
54 |
4244
4394daeea96a
Moved JSONHandler into middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
3956
diff
changeset
|
55 mw.SendJSON(rw, http.StatusOK, &result) |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
56 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
57 |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
58 func logout(rw http.ResponseWriter, req *http.Request) { |
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
59 token, ok := auth.GetToken(req) |
493
8a0737aa6ab6
The connection pool is now only a session store.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
484
diff
changeset
|
60 if !ok || !auth.Sessions.Delete(token) { |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
61 http.NotFound(rw, req) |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
62 return |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
63 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
64 rw.Header().Set("Content-Type", "text/plain") |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
65 fmt.Fprintln(rw, "token deleted") |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
66 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
67 |
231
694f959ba3e7
Fixed bad route to /logout controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
226
diff
changeset
|
68 func login(rw http.ResponseWriter, req *http.Request) { |
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
69 |
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
70 var input struct { |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
71 User models.UserName `json:"user"` |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
72 Password string `json:"password"` |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
73 } |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
74 defer req.Body.Close() |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
75 if err := json.NewDecoder(req.Body).Decode(&input); err != nil { |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
76 log.Printf("%v\n", err) |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
77 http.Error(rw, "error: "+err.Error(), http.StatusBadRequest) |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
78 return |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
79 } |
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
80 |
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
81 if input.Password == "" { |
286
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
82 http.Error(rw, "Invalid credentials", http.StatusBadRequest) |
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
83 return |
a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
231
diff
changeset
|
84 } |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
85 |
484
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
86 token, session, err := auth.GenerateSession( |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
87 string(input.User), |
2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
442
diff
changeset
|
88 input.Password) |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
89 if err != nil { |
536
d9dbb6139760
Log errors in JSON handler and login controller.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
512
diff
changeset
|
90 log.Printf("error: %v\n", err) |
512
7474e9922ed5
Don't tell what the reason is when login fails for database reasons.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
493
diff
changeset
|
91 http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
92 return |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
93 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
94 |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
95 var result = struct { |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
96 Token string `json:"token"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
97 Expires int64 `json:"expires"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
98 User string `json:"user"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
99 Roles []string `json:"roles"` |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
100 }{ |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
101 Token: token, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
102 Expires: session.ExpiresAt, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
103 User: session.User, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
104 Roles: session.Roles, |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
105 } |
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
106 |
3956
4f9a1ff2c2ee
Reworked password reset to be single mailed.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
107 go deletePasswordResetRequest(session.User) |
4f9a1ff2c2ee
Reworked password reset to be single mailed.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
1017
diff
changeset
|
108 |
4244
4394daeea96a
Moved JSONHandler into middleware package.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
3956
diff
changeset
|
109 mw.SendJSON(rw, http.StatusCreated, &result) |
186
fe3a88f00b0a
Experimental user creation support.
Sascha L. Teichmann <sascha.teichmann@intevation.de>
parents:
diff
changeset
|
110 } |