//User login
func (uc UsersController) login(request *restful.Request,
response *restful.Response) {
loginCredentials := new(UserLoginCredentials)
err := request.ReadEntity(loginCredentials)
if err != nil {
LogError(request, response, err)
WriteIllegalRequestError(response)
return
}
cookieAuth, err := new(UserManager).Login(loginCredentials)
if err != nil {
LogError(request, response, err)
WriteError(err, response)
return
}
//Create an Auth cookie
authCookie := http.Cookie{
Name: "AuthSession",
Value: cookieAuth.AuthToken,
Path: "/",
HttpOnly: true,
}
//Create a CSRF cookie for this session
//Subsequent requests must include this in a header field
//X-Csrf-Token
csrfCookie := http.Cookie{
Name: "CsrfToken",
Value: util.GenHashString(cookieAuth.AuthToken),
Path: "/",
HttpOnly: false,
}
response.AddHeader("Set-Cookie", authCookie.String())
response.AddHeader("Set-Cookie", csrfCookie.String())
response.WriteEntity(BooleanResponse{Success: true})
}
//Set Updated auth cookies
func SetAuth(response *restful.Response, auth couchdb.Auth) {
authData := auth.GetUpdatedAuth()
if authData == nil {
return
}
if val, ok := authData["AuthSession"]; ok {
authCookie := http.Cookie{
Name: "AuthSession",
Value: val,
Path: "/",
HttpOnly: true,
}
//Create a CSRF cookie
csrfCookie := http.Cookie{
Name: "CsrfToken",
Value: util.GenHashString(val),
Path: "/",
HttpOnly: false,
}
response.AddHeader("Set-Cookie", authCookie.String())
response.AddHeader("Set-Cookie", csrfCookie.String())
}
}
