Beispiel #1
0
func authenticate(r *http.Request) (http.Header, error) {
	token := r.Header.Get(ChuteToken)
	if token == "" {
		return nil, tigertonic.Unauthorized{errors.New("please log in")}
	}
	auth := new(profile.Auth)
	auth.Token = &token
	err := auth.Get()
	if err != nil {
		return nil, tigertonic.Unauthorized{errors.New("please log in")}
	}
	c := tigertonic.Context(r).(*Context)
	c.Auth = auth
	c.Profile = new(profile.Profile)
	err = c.Profile.Get(auth)
	if err != nil {
		return nil, tigertonic.Unauthorized{errors.New("please log in")}
	}
	return nil, nil
}
Beispiel #2
0
func updateAuth(u *url.URL, h http.Header, r *AuthChange, c *Context) (int, http.Header, Response, error) {
	a := new(profile.Auth)
	if r.Id != nil {
		a.Id = *r.Id
	} else {
		a.Hash = []byte(*r.Hash)
		a.Username = r.Username
	}
	err := a.Get()
	if err != nil {
		return error400("couldn't find that auth", err.Error())
	}
	if a.Profile != c.Profile.Id {
		return error400("unauthorized access")
	}
	if r.Hash != nil {
		a.InHash = []byte(*r.Hash)
	}
	a.Username = r.Username
	a.Name = r.Name
	a.Authorized = r.Authorized
	err = a.Save()
	if err != nil {
		return error500("db failure: p544", err.Error())
	}
	return getAuths(u, h, nil, c)
}