Mercurial > gemma
comparison pkg/controllers/token.go @ 484:2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
| author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
|---|---|
| date | Fri, 24 Aug 2018 11:36:11 +0200 |
| parents | fc37e7072022 |
| children | 8a0737aa6ab6 |
comparison
equal
deleted
inserted
replaced
| 483:27502291e564 | 484:2ac37419f593 |
|---|---|
| 45 | 45 |
| 46 sendJSON(rw, &result) | 46 sendJSON(rw, &result) |
| 47 } | 47 } |
| 48 | 48 |
| 49 func logout(rw http.ResponseWriter, req *http.Request) { | 49 func logout(rw http.ResponseWriter, req *http.Request) { |
| 50 token, _ := auth.GetToken(req) | 50 token, ok := auth.GetToken(req) |
| 51 deleted := auth.ConnPool.Delete(token) | 51 if !ok || !auth.ConnPool.Delete(token) { |
| 52 if !deleted { | |
| 53 http.NotFound(rw, req) | 52 http.NotFound(rw, req) |
| 54 return | 53 return |
| 55 } | 54 } |
| 56 rw.Header().Set("Content-Type", "text/plain") | 55 rw.Header().Set("Content-Type", "text/plain") |
| 57 fmt.Fprintln(rw, "token deleted") | 56 fmt.Fprintln(rw, "token deleted") |
| 58 } | 57 } |
| 59 | 58 |
| 60 func login(rw http.ResponseWriter, req *http.Request) { | 59 func login(rw http.ResponseWriter, req *http.Request) { |
| 61 | 60 |
| 62 var ( | 61 var input struct { |
| 63 user = req.FormValue("user") | 62 User models.UserName `json:"user"` |
| 64 password = req.FormValue("password") | 63 Password string `json:"password"` |
| 65 ) | 64 } |
| 65 defer req.Body.Close() | |
| 66 if err := json.NewDecoder(req.Body).Decode(&input); err != nil { | |
| 67 log.Printf("%v\n", err) | |
| 68 http.Error(rw, "error: "+err.Error(), http.StatusBadRequest) | |
| 69 return | |
| 70 } | |
| 66 | 71 |
| 67 if !models.UserName(user).IsValid() || password == "" { | 72 if input.Password == "" { |
| 68 http.Error(rw, "Invalid credentials", http.StatusBadRequest) | 73 http.Error(rw, "Invalid credentials", http.StatusBadRequest) |
| 69 return | 74 return |
| 70 } | 75 } |
| 71 | 76 |
| 72 token, session, err := auth.GenerateSession(user, password) | 77 token, session, err := auth.GenerateSession( |
| 78 string(input.User), | |
| 79 input.Password) | |
| 73 if err != nil { | 80 if err != nil { |
| 74 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusUnauthorized) | 81 http.Error(rw, "error: "+err.Error(), http.StatusUnauthorized) |
| 75 return | 82 return |
| 76 } | 83 } |
| 77 | 84 |
| 78 var result = struct { | 85 var result = struct { |
| 79 Token string `json:"token"` | 86 Token string `json:"token"` |