Mercurial > gemma
comparison controllers/token.go @ 286:a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 31 Jul 2018 11:08:31 +0200 |
parents | 694f959ba3e7 |
children | 154e0f5bff0a |
comparison
equal
deleted
inserted
replaced
282:dfb989088158 | 286:a42f55ea0a20 |
---|---|
6 "log" | 6 "log" |
7 "net/http" | 7 "net/http" |
8 | 8 |
9 "gemma.intevation.de/gemma/auth" | 9 "gemma.intevation.de/gemma/auth" |
10 ) | 10 ) |
11 | |
12 func sendJSON(rw http.ResponseWriter, data interface{}) { | |
13 rw.Header().Set("Content-Type", "application/json") | |
14 if err := json.NewEncoder(rw).Encode(data); err != nil { | |
15 log.Printf("error: %v\n", err) | |
16 } | |
17 } | |
11 | 18 |
12 func renew(rw http.ResponseWriter, req *http.Request) { | 19 func renew(rw http.ResponseWriter, req *http.Request) { |
13 token, _ := auth.GetToken(req) | 20 token, _ := auth.GetToken(req) |
14 newToken, err := auth.ConnPool.Renew(token) | 21 newToken, err := auth.ConnPool.Renew(token) |
15 switch { | 22 switch { |
33 Expires: session.ExpiresAt, | 40 Expires: session.ExpiresAt, |
34 User: session.User, | 41 User: session.User, |
35 Roles: session.Roles, | 42 Roles: session.Roles, |
36 } | 43 } |
37 | 44 |
38 rw.Header().Set("Content-Type", "text/plain") | 45 sendJSON(rw, &result) |
39 if err := json.NewEncoder(rw).Encode(&result); err != nil { | |
40 log.Printf("error: %v\n", err) | |
41 } | |
42 } | 46 } |
43 | 47 |
44 func logout(rw http.ResponseWriter, req *http.Request) { | 48 func logout(rw http.ResponseWriter, req *http.Request) { |
45 token, _ := auth.GetToken(req) | 49 token, _ := auth.GetToken(req) |
46 deleted := auth.ConnPool.Delete(token) | 50 deleted := auth.ConnPool.Delete(token) |
51 rw.Header().Set("Content-Type", "text/plain") | 55 rw.Header().Set("Content-Type", "text/plain") |
52 fmt.Fprintln(rw, "token deleted") | 56 fmt.Fprintln(rw, "token deleted") |
53 } | 57 } |
54 | 58 |
55 func login(rw http.ResponseWriter, req *http.Request) { | 59 func login(rw http.ResponseWriter, req *http.Request) { |
56 user := req.FormValue("user") | 60 |
57 password := req.FormValue("password") | 61 var ( |
62 user = req.FormValue("user") | |
63 password = req.FormValue("password") | |
64 ) | |
65 | |
66 if user == "" || password == "" { | |
67 http.Error(rw, "Invalid credentials", http.StatusBadRequest) | |
68 return | |
69 } | |
58 | 70 |
59 token, session, err := auth.GenerateSession(user, password) | 71 token, session, err := auth.GenerateSession(user, password) |
60 | |
61 if err != nil { | 72 if err != nil { |
62 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) | 73 http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) |
63 return | 74 return |
64 } | 75 } |
65 | 76 |
73 Expires: session.ExpiresAt, | 84 Expires: session.ExpiresAt, |
74 User: session.User, | 85 User: session.User, |
75 Roles: session.Roles, | 86 Roles: session.Roles, |
76 } | 87 } |
77 | 88 |
78 rw.Header().Set("Content-Type", "application/json") | 89 sendJSON(rw, &result) |
79 if err := json.NewEncoder(rw).Encode(&result); err != nil { | |
80 log.Printf("error: %v\n", err) | |
81 } | |
82 } | 90 } |