Mercurial > gemma
changeset 286:a42f55ea0a20
Deduped some code. Don't allow empty user and empty password at login.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 31 Jul 2018 11:08:31 +0200 |
parents | dfb989088158 |
children | be6e60fca3dd |
files | controllers/token.go |
diffstat | 1 files changed, 19 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/controllers/token.go Mon Jul 30 17:30:08 2018 +0200 +++ b/controllers/token.go Tue Jul 31 11:08:31 2018 +0200 @@ -9,6 +9,13 @@ "gemma.intevation.de/gemma/auth" ) +func sendJSON(rw http.ResponseWriter, data interface{}) { + rw.Header().Set("Content-Type", "application/json") + if err := json.NewEncoder(rw).Encode(data); err != nil { + log.Printf("error: %v\n", err) + } +} + func renew(rw http.ResponseWriter, req *http.Request) { token, _ := auth.GetToken(req) newToken, err := auth.ConnPool.Renew(token) @@ -35,10 +42,7 @@ Roles: session.Roles, } - rw.Header().Set("Content-Type", "text/plain") - if err := json.NewEncoder(rw).Encode(&result); err != nil { - log.Printf("error: %v\n", err) - } + sendJSON(rw, &result) } func logout(rw http.ResponseWriter, req *http.Request) { @@ -53,11 +57,18 @@ } func login(rw http.ResponseWriter, req *http.Request) { - user := req.FormValue("user") - password := req.FormValue("password") + + var ( + user = req.FormValue("user") + password = req.FormValue("password") + ) + + if user == "" || password == "" { + http.Error(rw, "Invalid credentials", http.StatusBadRequest) + return + } token, session, err := auth.GenerateSession(user, password) - if err != nil { http.Error(rw, fmt.Sprintf("error: %v", err), http.StatusInternalServerError) return @@ -75,8 +86,5 @@ Roles: session.Roles, } - rw.Header().Set("Content-Type", "application/json") - if err := json.NewEncoder(rw).Encode(&result); err != nil { - log.Printf("error: %v\n", err) - } + sendJSON(rw, &result) }