Beispiel #1
0
//User login
func (uc UsersController) login(request *restful.Request,
	response *restful.Response) {
	loginCredentials := new(UserLoginCredentials)
	err := request.ReadEntity(loginCredentials)
	if err != nil {
		LogError(request, response, err)
		WriteIllegalRequestError(response)
		return
	}
	cookieAuth, err := new(UserManager).Login(loginCredentials)
	if err != nil {
		LogError(request, response, err)
		WriteError(err, response)
		return
	}
	//Create an Auth cookie
	authCookie := http.Cookie{
		Name:     "AuthSession",
		Value:    cookieAuth.AuthToken,
		Path:     "/",
		HttpOnly: true,
	}
	//Create a CSRF cookie for this session
	//Subsequent requests must include this in a header field
	//X-Csrf-Token
	csrfCookie := http.Cookie{
		Name:     "CsrfToken",
		Value:    util.GenHashString(cookieAuth.AuthToken),
		Path:     "/",
		HttpOnly: false,
	}
	response.AddHeader("Set-Cookie", authCookie.String())
	response.AddHeader("Set-Cookie", csrfCookie.String())
	response.WriteEntity(BooleanResponse{Success: true})
}
Beispiel #2
0
//Set Updated auth cookies
func SetAuth(response *restful.Response, auth couchdb.Auth) {
	authData := auth.GetUpdatedAuth()
	if authData == nil {
		return
	}
	if val, ok := authData["AuthSession"]; ok {
		authCookie := http.Cookie{
			Name:     "AuthSession",
			Value:    val,
			Path:     "/",
			HttpOnly: true,
		}
		//Create a CSRF cookie
		csrfCookie := http.Cookie{
			Name:     "CsrfToken",
			Value:    util.GenHashString(val),
			Path:     "/",
			HttpOnly: false,
		}
		response.AddHeader("Set-Cookie", authCookie.String())
		response.AddHeader("Set-Cookie", csrfCookie.String())
	}
}