Mercurial > gemma
diff pkg/controllers/token.go @ 484:2ac37419f593
Implemented wamos/issue114 (Improve code consistency: For login use json body, disallow GET).
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Fri, 24 Aug 2018 11:36:11 +0200 |
parents | fc37e7072022 |
children | 8a0737aa6ab6 |
line wrap: on
line diff
--- a/pkg/controllers/token.go Fri Aug 24 10:50:58 2018 +0200 +++ b/pkg/controllers/token.go Fri Aug 24 11:36:11 2018 +0200 @@ -47,9 +47,8 @@ } func logout(rw http.ResponseWriter, req *http.Request) { - token, _ := auth.GetToken(req) - deleted := auth.ConnPool.Delete(token) - if !deleted { + token, ok := auth.GetToken(req) + if !ok || !auth.ConnPool.Delete(token) { http.NotFound(rw, req) return } @@ -59,19 +58,27 @@ func login(rw http.ResponseWriter, req *http.Request) { - var ( - user = req.FormValue("user") - password = req.FormValue("password") - ) + var input struct { + User models.UserName `json:"user"` + Password string `json:"password"` + } + defer req.Body.Close() + if err := json.NewDecoder(req.Body).Decode(&input); err != nil { + log.Printf("%v\n", err) + http.Error(rw, "error: "+err.Error(), http.StatusBadRequest) + return + } - if !models.UserName(user).IsValid() || password == "" { + if input.Password == "" { http.Error(rw, "Invalid credentials", http.StatusBadRequest) return } - token, session, err := auth.GenerateSession(user, password) + token, session, err := auth.GenerateSession( + string(input.User), + input.Password) if err != nil { - http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusUnauthorized) + http.Error(rw, "error: "+err.Error(), http.StatusUnauthorized) return }