Beispiel #1
0
// KillSession deletes a session for an existing user account based on
// the session token
func (a *AuthAPI) KillSession(params *api.Request) api.Response {
	sessionToken, found := filter.GetStringParameter("token", params.Form)
	if !found || len(sessionToken) == 0 {
		return api.BadRequest(ErrTokenNotSpecified)
	}

	session, err := cookies.GetSession(sessionToken)
	if err != nil {
		return api.InternalServerError(err)
	}

	err = session.Delete()
	if err != nil {
		return api.InternalServerError(err)
	}

	return api.StatusResponse(http.StatusOK)
}
Beispiel #2
0
// Authorize tries to authorize an existing gostToken
func Authorize(httpHeader http.Header) (*identity.Identity, error) {
	ghostToken, err := extractGhostToken(httpHeader)
	if err != nil {
		if err == errAnonymousUser {
			return identity.NewAnonymous(), nil
		}

		return nil, err
	}

	encryptedToken, err := util.Decode([]byte(ghostToken))
	if err != nil {
		return nil, err
	}

	jsonToken, err := security.Decrypt(encryptedToken)
	if err != nil {
		return nil, err
	}

	cookie := new(cookies.Session)
	err = util.DeserializeJSON(jsonToken, cookie)
	if err != nil {
		return nil, err
	}

	dbCookie, err := cookies.GetSession(cookie.Token)
	if err != nil || dbCookie == nil {
		return nil, ErrDeactivatedUser
	}

	if !identity.IsUserActivated(dbCookie.UserID) {
		return nil, ErrDeactivatedUser
	}

	go dbCookie.ResetToken()

	return identity.New(dbCookie), nil
}