func LoginView(c *middleware.Context) {
if err := setIndexViewData(c); err != nil {
c.Handle(500, "Failed to get settings", err)
return
}
//尝试监测是否开启ucenterLogin
checkUcenterLogin(c)
settings := c.Data["Settings"].(map[string]interface{})
settings["googleAuthEnabled"] = setting.OAuthService.Google
settings["githubAuthEnabled"] = setting.OAuthService.GitHub
settings["disableUserSignUp"] = !setting.AllowUserSignUp
if !tryLoginUsingRememberCookie(c) {
c.HTML(200, VIEW_INDEX)
return
}
if redirectTo, _ := url.QueryUnescape(c.GetCookie("redirect_to")); len(redirectTo) > 0 {
c.SetCookie("redirect_to", "", -1, setting.AppSubUrl+"/")
c.Redirect(redirectTo)
return
}
c.Redirect(setting.AppSubUrl + "/")
}
func Logout(c *middleware.Context) {
c.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl+"/")
c.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl+"/")
c.Session.Destory(c)
checkUcenterLogout(c)
c.Redirect(setting.AppSubUrl + "/login")
}
func LoginUcenterCallback(c *middleware.Context) {
token := c.QueryStrings("token")
if len(token) == 0 {
c.Handle(500, "ucenter api request error", errors.New("token params error"))
return
}
uclient := ucenter.NewClient(setting.Ucenter.Api_Url, setting.Ucenter.Api_Key, setting.Ucenter.Api_Secret)
if uid, err := service.CheckToken(uclient, strings.Join(token, "")); err != nil {
c.Handle(500, "ucenter api request error", err)
return
} else {
t := reflect.TypeOf(uid)
switch t.Kind() {
case reflect.Bool:
c.Handle(500, "ucenter api request error", errors.New("token is expired or invaild"))
return
case reflect.Float64:
var uidFloat float64 = uid.(float64)
var uidInt int64 = int64(uidFloat)
if user, err := service.GetUserById(uclient, service.Uid(uidInt)); err != nil {
c.Handle(500, "ucenter api request error", err)
return
} else {
//都是登录状态了
//首先查询下用户是否在数据库内
queryUser:
userQuery := m.GetUserByLoginQuery{LoginOrEmail: user.Name}
err := bus.Dispatch(&userQuery)
if err != nil {
//如果用户不存在,则插入数据
cmd := m.CreateUserCommand{}
cmd.Login = user.Name
cmd.Email = user.Email
cmd.Password = setting.AdminPassword //暂用管理员密码吧
cmd.IsAdmin = false
if err := bus.Dispatch(&cmd); err != nil {
log.Error(3, "Failed to create user"+user.Name, err)
return
}
log.Info("Created user: %v", user.Name)
goto queryUser
}
userModel := userQuery.Result
//记录状态
loginUserWithUser(userModel, c)
//跳转页面
c.Redirect(setting.AppSubUrl + "/")
}
}
}
}
func checkUcenterLogout(c *middleware.Context) {
if !setting.Ucenter.Enabled {
return
}
uclient := ucenter.NewClient(setting.Ucenter.Api_Url, setting.Ucenter.Api_Key, setting.Ucenter.Api_Secret)
callbackUrl := baseurl.BaseUrl(c.Req.Request) + "/login"
logoutUrl, err := service.LogoutUrl(uclient, callbackUrl)
if err != nil {
c.Handle(500, "logoutUrl get failed", err)
return
}
c.Redirect(logoutUrl.String())
}
func OAuthLogin(ctx *middleware.Context) {
if setting.OAuthService == nil {
ctx.Handle(404, "login.OAuthLogin(oauth service not enabled)", nil)
return
}
name := ctx.Params(":name")
connect, ok := social.SocialMap[name]
if !ok {
ctx.Handle(404, "login.OAuthLogin(social login not enabled)", errors.New(name))
return
}
code := ctx.Query("code")
if code == "" {
ctx.Redirect(connect.AuthCodeURL("", oauth2.AccessTypeOnline))
return
}
// handle call back
token, err := connect.Exchange(oauth2.NoContext, code)
if err != nil {
ctx.Handle(500, "login.OAuthLogin(NewTransportWithCode)", err)
return
}
log.Trace("login.OAuthLogin(Got token)")
userInfo, err := connect.UserInfo(token)
if err != nil {
if err == social.ErrMissingTeamMembership {
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github team membership not fulfilled"))
} else if err == social.ErrMissingOrganizationMembership {
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github organization membership not fulfilled"))
} else {
ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err)
}
return
}
log.Trace("login.OAuthLogin(social login): %s", userInfo)
// validate that the email is allowed to login to grafana
if !connect.IsEmailAllowed(userInfo.Email) {
log.Info("OAuth login attempt with unallowed email, %s", userInfo.Email)
ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required email domain not fulfilled"))
return
}
userQuery := m.GetUserByLoginQuery{LoginOrEmail: userInfo.Email}
err = bus.Dispatch(&userQuery)
// create account if missing
if err == m.ErrUserNotFound {
if !connect.IsSignupAllowed() {
ctx.Redirect(setting.AppSubUrl + "/login")
return
}
cmd := m.CreateUserCommand{
Login: userInfo.Email,
Email: userInfo.Email,
Name: userInfo.Name,
Company: userInfo.Company,
}
if err = bus.Dispatch(&cmd); err != nil {
ctx.Handle(500, "Failed to create account", err)
return
}
userQuery.Result = &cmd.Result
} else if err != nil {
ctx.Handle(500, "Unexpected error", err)
}
// login
loginUserWithUser(userQuery.Result, ctx)
metrics.M_Api_Login_OAuth.Inc(1)
ctx.Redirect(setting.AppSubUrl + "/")
}
