Beispiel #1
0
//creates a new Session object with no Id.
func NewSession(id string) *Session {
	return &Session{
		Id:            orm.String(id),
		Authenticated: orm.Bool(false),
		ProfileId:     nil,
		Values:        &map[string]string{},
	}
}
Beispiel #2
0
func (b *BuiltinStrategy) setupAdminAccount(db orm.Database) (user *builtinUser, profile *perfect.Profile, err error) {

	//setup the admin account
	user = &builtinUser{Id: orm.String(b.Config.Username)}
	err = db.Find(user)
	if err != nil && err != orm.ErrNotFound {
		return
	}

	profile = &perfect.Profile{}
	//search for this profile
	if user.ProfileId != nil {
		profile.Id = user.ProfileId
		err = db.Find(profile)
		if err != nil && err != orm.ErrNotFound {
			return
		}
	}

	//update the profile
	profile.Id = orm.String(b.Config.Email)
	profile.Name = orm.String(b.Config.Name)
	profile.AuthType = orm.String(b.Config.Type)
	err = db.Save(profile)
	if err != nil {
		return
	}

	//hash the password
	password_salt := generateRandomSalt(SALT_ENTROPY)
	password_hash := hash(b.Config.Password, password_salt)
	//update username
	user.Password = &password_hash
	user.Salt = &password_salt
	user.ProfileId = profile.Id
	err = db.Save(user)
	if err != nil {
		return
	}

	return user, profile, nil
}
Beispiel #3
0
func Login(w http.ResponseWriter, r *perfect.Request) {
	var (
		profile_id *string
		err        error
	)

	//get the session
	session, err := r.Session()
	if err != nil {
		perfect.Error(w, r, err)
		return
	}

	//if the user is already authenticated, redirect to home
	if *session.Authenticated {
		perfect.Redirect(w, r, "/")
		return
	}

	//TODO: make this work! (and delete the hard-coded built-in strategy!)
	//user, err := r.Module.Auth.Login(w, r);
	bauth := NewBuiltinStrategy(&Config{Type: BUILTIN})
	profile_id, err = bauth.Login(w, r)

	if err != nil {
		log.Println("login error:", err)
		perfect.JSONResult(w, r, false, err.Error())
		return
	}

	//mark the session as authenticated
	session.Authenticated = orm.Bool(true)

	//regenerate the session Id
	session.Id = orm.String(r.Module.Db.UniqueId())

	//set the current user profile id
	session.ProfileId = profile_id

	// update the session
	err = r.Module.Db.Save(session)
	if err != nil {
		perfect.Error(w, r, err)
		return
	}

	session.SetCookie(w, r)

	//success
	perfect.JSONResult(w, r, true, r.Module.MountPoint+"/")
}
Beispiel #4
0
func createBuiltinProfile(username, password, name, email string, db orm.Database) (user *builtinUser, profile *perfect.Profile, err error) {
	user = &builtinUser{Id: &username}

	//query the database to check if the username exists
	err = db.Find(user)
	if err != orm.ErrNotFound {
		//make sure users can't register duplicate usernames
		if err == nil {
			err = ErrUsernameExists
		}
		return
	}

	//create a perfect user (profile)
	profile = perfect.NewProfile(email, name)
	profile.AuthType = orm.String(BUILTIN)
	err = db.Save(profile)
	if err != nil {
		log.Println(err)
		return
	}

	//hash the password
	password_salt := generateRandomSalt(SALT_ENTROPY)
	password_hash := hash(password, password_salt)

	//create an entry to store auth details
	user.Password = &password_hash
	user.Salt = &password_salt
	user.ProfileId = profile.Id
	err = db.Save(user)
	if err != nil {
		log.Println(err)
		return
	}

	return user, profile, nil
}
Beispiel #5
0
func NewProfile(email, name string) *Profile {
	return &Profile{
		Id:   orm.String(email),
		Name: orm.String(name),
	}
}
Beispiel #6
0
func TestSession_Partial(t *testing.T) {

	type testCase struct {
		Update, Expected *Session
	}

	db, clean := ormtest.NewTestDatabase(ormtest.DbUrl, t)
	defer clean()

	//create a sample Session
	s := &Session{}

	//clean the collection at the start and end of this test
	db.DropCollection(s)
	defer db.DropCollection(s)

	//insert the first session
	err := db.Save(s)
	if err != nil {
		t.Fatalf("err = %v", err)
	}

	var (
		oid  orm.Object         = s.Object
		sid1 *string            = orm.String("1")
		sid2 *string            = orm.String("2")
		yes  *bool              = orm.Bool(true)
		no   *bool              = orm.Bool(false)
		val1 *map[string]string = &map[string]string{"1": "2"}
		val2 *map[string]string = &map[string]string{"1": "3"}
		val3 *map[string]string = &map[string]string{"2": "1"}

		partial_session_updates []testCase = []testCase{
			{Update: &Session{Object: oid}, Expected: &Session{Object: oid}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
			{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
			{Update: &Session{Object: oid, Id: sid1, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
			{Update: &Session{Object: oid, Id: sid1, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
			{Update: &Session{Object: oid, Id: sid2, Authenticated: no}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no}},
			{Update: &Session{Object: oid, Id: sid2, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
			{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
			{Update: &Session{Object: oid, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
			{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
			{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
			{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
			{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
			{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no, Values: val2}},
			{Update: &Session{Object: oid, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val2}},
			{Update: &Session{Object: oid, Values: val3}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val3}},
			{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes, Values: val3}},
		}
	)

	for i, test := range partial_session_updates {
		err := db.Save(test.Update)
		if err != nil {
			t.Fatalf("partial session %v: err = %v", i+1, err)
		}

		actual := &Session{
			Object: test.Update.Object,
		}

		err = db.Find(actual)
		if err != nil {
			t.Fatalf("partial session %v: err = %v", i+1, err)
		}

		if !reflect.DeepEqual(actual, test.Expected) {
			t.Fatalf("partial session %v: actual session is not exactly the same as expected session\n actual: %v\n expected: %v\n update: %v", i+1, actual, test.Expected, test.Update)
		}
	}
}