Mercurial > gemma
comparison pkg/controllers/token.go @ 484:2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Fri, 24 Aug 2018 11:36:11 +0200 |
parents | fc37e7072022 |
children | 8a0737aa6ab6 |
comparison
equal
deleted
inserted
replaced
483:27502291e564 | 484:2ac37419f593 |
---|---|
45 | 45 |
46 sendJSON(rw, &result) | 46 sendJSON(rw, &result) |
47 } | 47 } |
48 | 48 |
49 func logout(rw http.ResponseWriter, req *http.Request) { | 49 func logout(rw http.ResponseWriter, req *http.Request) { |
50 token, _ := auth.GetToken(req) | 50 token, ok := auth.GetToken(req) |
51 deleted := auth.ConnPool.Delete(token) | 51 if !ok || !auth.ConnPool.Delete(token) { |
52 if !deleted { | |
53 http.NotFound(rw, req) | 52 http.NotFound(rw, req) |
54 return | 53 return |
55 } | 54 } |
56 rw.Header().Set("Content-Type", "text/plain") | 55 rw.Header().Set("Content-Type", "text/plain") |
57 fmt.Fprintln(rw, "token deleted") | 56 fmt.Fprintln(rw, "token deleted") |
58 } | 57 } |
59 | 58 |
60 func login(rw http.ResponseWriter, req *http.Request) { | 59 func login(rw http.ResponseWriter, req *http.Request) { |
61 | 60 |
62 var ( | 61 var input struct { |
63 user = req.FormValue("user") | 62 User models.UserName `json:"user"` |
64 password = req.FormValue("password") | 63 Password string `json:"password"` |
65 ) | 64 } |
65 defer req.Body.Close() | |
66 if err := json.NewDecoder(req.Body).Decode(&input); err != nil { | |
67 log.Printf("%v\n", err) | |
68 http.Error(rw, "error: "+err.Error(), http.StatusBadRequest) | |
69 return | |
70 } | |
66 | 71 |
67 if !models.UserName(user).IsValid() || password == "" { | 72 if input.Password == "" { |
68 http.Error(rw, "Invalid credentials", http.StatusBadRequest) | 73 http.Error(rw, "Invalid credentials", http.StatusBadRequest) |
69 return | 74 return |
70 } | 75 } |
71 | 76 |
72 token, session, err := auth.GenerateSession(user, password) | 77 token, session, err := auth.GenerateSession( |
78 string(input.User), | |
79 input.Password) | |
73 if err != nil { | 80 if err != nil { |
74 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusUnauthorized) | 81 http.Error(rw, "error: "+err.Error(), http.StatusUnauthorized) |
75 return | 82 return |
76 } | 83 } |
77 | 84 |
78 var result = struct { | 85 var result = struct { |
79 Token string `json:"token"` | 86 Token string `json:"token"` |