func LoginHandler(w http.ResponseWriter, r *http.Request, session sessions.Session, log *log.Logger) string {
c, err := config.ReadDefault("users.cfg")
if err != nil {
return "Can't login. Problems reading user and password."
}
username := r.FormValue("username")
password := r.FormValue("password")
allowedUsername, _ := c.RawStringDefault("user")
allowedPassword, _ := c.RawStringDefault("password")
if username == allowedUsername && password == allowedPassword {
log.Print("User WAS logged in.")
session.Set("username", username)
session.Set("password", password)
http.Redirect(w, r, "/home", http.StatusFound)
return "OK"
}
log.Print("User wasn't logged in. User " + username + " and password " + password)
http.Redirect(w, r, "/login", http.StatusFound)
return "Username or password incorrect"
}
func SetupAdmin(args martini.Params, session sessions.Session, r render.Render) {
form := &forms.SetupAdmin{}
session.Set("setup", "true")
genform := utils.GenerateForm(form, "/setup", "POST", nil)
r.HTML(200, "setup", genform)
}
func loginWithNameAndPwd(r *http.Request, res http.ResponseWriter, params martini.Params, session sessions.Session, render render.Render, l *log.Logger) {
err := r.ParseForm()
if err != nil {
l.Printf("ParseForm error: %v\n", err)
render.HTML(200, "error", "登录失败!")
return
}
username := r.PostFormValue("username")
//password := r.PostFormValue("password")
l.Printf("Start logging in, username = %s \n", username)
//gitlabClient, err := gogitlab.NewGitlabByLogin(constant.GitLabHost, constant.GitLabApiPath, username, password)
//if err != nil {
// l.Printf("Login error: %v\n", err)
// render.HTML(200, "error", "登录失败!")
// return
//}
//gitUser, err := gitlabClient.CurrentUser()
//if err != nil {
// l.Printf("Get current error: %v\n", err)
// render.HTML(200, "error", "登录失败!")
// return
//}
uInfo := &UserInfo{}
session.Set(constant.UserInfoKey, uInfo)
render.HTML(200, "dashboard", uInfo)
}
func UserLogin(r *http.Request, db *sql.DB, s sessions.Session, rw http.ResponseWriter) (int, string) {
var id string
var pass string
email, password := r.FormValue("email"), r.FormValue("password")
err := db.QueryRow("select id, password from appuser where email=$1", email).Scan(&id, &pass)
if err != nil || bcrypt.CompareHashAndPassword([]byte(pass), []byte(password)) != nil {
//return 401, "Not Authorized. Buuuurn!"
http.Redirect(rw, r, "/wrong", http.StatusFound)
}
//set the user id in the session
s.Set("userId", id)
//return user
if returnUrl, ok := s.Get("returnUrl").(string); ok {
s.Delete("returnUrl")
http.Redirect(rw, r, returnUrl, http.StatusFound)
} else {
http.Redirect(rw, r, "/", http.StatusFound)
}
return 200, "User id is " + id
}
func inner_GET_authorize(c martini.Context, sess sessions.Session, r *http.Request, ar *osin.AuthorizeRequest) bool {
var (
identity = ActiveIdentity(c)
source = current_url(r)
handler martini.Handler
)
if identity != nil {
ar.UserData = identity
sess.Delete("flow")
return true
} else {
sess.Set("flow", FlowState{
Type: AuthorizeFlow,
Source: source,
StartAt: time.Now(),
})
if provider := r.URL.Query().Get("p"); provider == "" {
handler = show_provider_chooser()
} else {
handler = redirect_to_provider(provider)
}
}
c.Invoke(handler)
return false
}
// ReadUser is a route which fetches user according to parameter "id" on API side and according to retrieved
// session cookie on frontend side.
// Returns user struct with all posts merged to object on API call. Frontend call will render user "home" page, "user/index.tmpl".
func ReadUser(req *http.Request, params martini.Params, res render.Render, s sessions.Session) {
var user User
switch Root(req) {
case "api":
id, err := strconv.Atoi(params["id"])
if err != nil {
log.Println(err)
res.JSON(400, map[string]interface{}{"error": "The user ID could not be parsed from the request URL."})
return
}
user.ID = int64(id)
user, err := user.Get()
if err != nil {
log.Println(err)
if err.Error() == "not found" {
res.JSON(404, NotFound())
return
}
res.JSON(500, map[string]interface{}{"error": "Internal server error"})
return
}
res.JSON(200, user)
return
case "user":
user, err := user.Session(s)
if err != nil {
log.Println(err)
s.Set("user", -1)
res.HTML(500, "error", err)
return
}
res.HTML(200, "user/index", user)
return
}
}
func userSiginCheck(info SiginIfo, session sessions.Session) string {
var result bool
info.UserName, result = check.CheckUserName(info.UserName)
if result != true {
return "-1"
}
info.UserNumber, result = check.CheckNumber(info.UserNumber)
if result != true {
return "-2"
}
isSelected := model.CheckSelected(info.UserNumber)
if isSelected == false {
return "-3"
}
resultSigin := model.Sigin(info.UserName, info.UserNumber)
if resultSigin != true {
return "-4"
} else {
session.Set("user_name", info.UserName)
session.Set("user_number", info.UserNumber)
return "1"
}
}
func Login(session sessions.Session, re render.Render, r *http.Request) {
client_id := common.Config.OAuth2Client_ID
letters := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
b := make([]rune, 10)
for i := range b {
b[i] = letters[rand.Intn(len(letters))]
}
session.AddFlash(string(b), "state")
redirectBack := r.URL.Query().Get("redirect_back")
ref := r.Referer()
if redirectBack == "true" && ref != "" {
session.Set("redirect_to", ref)
} else {
session.Set("redirect_to", nil)
}
query := url.Values{}
query.Set("client_id", client_id)
query.Set("state", string(b))
query.Set("scope", "repo")
dest := url.URL{
Scheme: "https",
Host: "github.com",
Path: "/login/oauth/authorize",
RawQuery: query.Encode(),
}
re.Redirect(dest.String())
}
func SearchPage(user common.User, session sessions.Session, r render.Render, req *http.Request) {
src, err := handleSearch(req.URL.Query())
if err != nil {
r.Error(400)
}
status := common.GetCodeSourceStatus(src)
id := rand.Int63()
params := req.URL.Query()
usr := params.Get("user")
repo := params.Get("repo")
session.Set(id, usr+"/"+repo)
data := struct {
common.User
Pagename string
Theme string
SourceStatus string
WS_ID int64
Source *common.CodeSource
}{user, "search", "standard", string(status), id, src}
r.HTML(200, "search", data)
}
// GetPollHandler attempts to find the requested poll and responds with a json representation
func GetPollHandler(w http.ResponseWriter, r *http.Request, s sessions.Session, params martini.Params, ctx pollr.ApplicationContext) {
// If this is the first time we've seen this user
// create a new voter entry for them in the table and
// send them their voter id
if s.Get("voterId") == nil {
voter := pollr.NewVoter()
ctx.CreateVoter(voter)
s.Options(sessions.Options{
Domain: r.Host,
Path: "/",
MaxAge: 0,
HttpOnly: false,
Secure: false,
})
s.Set("voterId", voter.Id.Hex())
}
id := params["id"]
poll, err := ctx.FindPoll(id)
if err != nil {
log.Print(err)
http.Error(w, fmt.Sprintf("Poll %s not found", id), 404)
return
}
JsonPollResponse(w, poll)
}
func (s *AEServer) HandleLogin(r *http.Request, params martini.Params, session sessions.Session) (int, string) {
a := AuthFromJson(r.Body)
if a == nil {
time.Sleep(time.Second)
return 404, Message("Login Failed")
}
sltr := StrResponse{}
sltr.Arg = a.Username
sltr.Resp = make(chan string)
s.ch_getsalt <- sltr
salt := <-sltr.Resp
if salt == "" {
return 401, Message("No login salt registered!")
}
user := s.FindUserByName(a.Username)
salt_pass := DoHash(user.Password, salt)
if salt_pass != a.Password {
fmt.Println("Invalid password.")
time.Sleep(time.Second)
return http.StatusUnauthorized, Message("Invalid Username or Password.")
}
user.login = time.Now()
tok := s.GetSessionToken()
s.ch_login <- &Session{tok, user}
session.Set("Login", tok)
fmt.Println("Logged in!")
return 200, Stringify(user)
}
func (api *dialogueApi) apiAuthorize(r *http.Request, session sessions.Session, rndr render.Render) {
// check authorization headers
username := r.Header.Get("X-Auth-User")
token := r.Header.Get("X-Auth-Token")
if username == "" || token == "" {
e := ApiError{
Error: "username and token must be present",
}
rndr.JSON(401, e)
return
}
// verify token
auth, err := api.rdb.GetAuthorization(username)
if err != nil {
e := ApiError{
Error: fmt.Sprintf("error verifying token: %s", err),
}
rndr.JSON(401, e)
return
}
if auth == nil || auth.Token != token {
e := ApiError{
Error: "invalid username/token",
}
rndr.JSON(401, e)
return
}
// all is well, set session
session.Set("username", username)
}
func Login(session sessions.Session, db *mgo.Database, r render.Render, req *http.Request, writer http.ResponseWriter) string {
writer.Header().Set("Content-Type", "text/javascript")
userid := req.FormValue("userid")
callback := req.FormValue("callback")
password := req.FormValue("password")
fmt.Println("userid", userid)
if userid == "" {
return util.Jsonp(JsonRet{"login", 401, "请登录", "abc"}, callback)
} else {
result := bson.M{}
err := db.C("auth_user").Find(bson.M{"id": userid}).One(&result)
fmt.Println(password)
fmt.Println(result)
if err == nil {
values := result
if values["password"] == password {
session.Set("userid", values["id"])
session.Set("username", values["name"])
values["password"] = nil
items := []interface{}{}
db.C("good_shares").Find(bson.M{"acc": userid}).All(&items)
values["items"] = items
fmt.Println("登录成功!")
return util.Jsonp(JsonRet{"login", 200, "登录成功", values}, callback)
} else {
return util.Jsonp(JsonRet{"login", 401, "登录失败!密码错误!", nil}, callback)
}
} else {
return util.Jsonp(JsonRet{"login", 401, "登录失败!用户名错误!", nil}, callback)
}
}
}
func LoginPost(lu forms.Login, session sessions.Session, r render.Render, dbh *db.Dbh) {
errs := ValidateLogin(&lu)
if len(errs) > 0 {
log.Printf("errors: %+v\n", errs)
}
user := dbh.GetUserByEmail(lu.Email)
match := auth.MatchPassword(lu.Password, user.Password, user.Salt)
if match {
sessionkey := SessionKey(user.Email, user.Password, user.Salt)
session.Set("loggedin", "true")
session.Set("uid", user.Id)
session.Set("email", user.Email)
session.Set("key", sessionkey)
dbh.CreateSession(models.UserSession{UserId: user.Id, SessionKey: sessionkey, Active: true, Timestamp: time.Now().Unix()})
r.Redirect(strings.Join([]string{utils.AppCfg.Url(), "albums"}, "/"), http.StatusFound)
return
}
session.Set("flash", "Invalid Email or Password")
r.Redirect(strings.Join([]string{utils.AppCfg.Url(), "login"}, "/"), http.StatusFound)
}
func Login(session sessions.Session, su models.User, r render.Render, p *models.Page) {
// Check if we are already logged in
if su.Id > 0 {
r.Redirect(strings.Join([]string{utils.AppCfg.Url(), "albums"}, "/"), http.StatusFound)
return
}
session.Set("loggedin", "false")
// Init error holder
errs := make(map[string]string)
err_flash := session.Get("flash")
if err_flash != nil {
errs["flash"] = err_flash.(string)
session.Set("flash", nil)
}
genform := utils.GenerateForm(&forms.Login{}, "/login", "POST", errs)
p.SetUser(su)
p.SetTitle("Login")
p.Data = LoginVars{Form: genform}
encoder.Render(p.Encoding, 200, "login", p, r)
}
// LtiProblemSets handles /lti/problem_set requests.
// It creates the user/course if necessary, creates a session,
// and redirects the user to the problem set picker UI URL.
func LtiProblemSets(w http.ResponseWriter, r *http.Request, tx *sql.Tx, form LTIRequest, render render.Render, session sessions.Session) {
now := time.Now()
// load the coarse
if _, err := getUpdateCourse(tx, &form, now); err != nil {
loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err)
return
}
// load the user
user, err := getUpdateUser(tx, &form, now)
if err != nil {
loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err)
return
}
// sign the user in
session.Set("id", user.ID)
u := &url.URL{
Path: "/",
Fragment: fmt.Sprintf("/problem_sets/%s/%s",
url.QueryEscape(form.OAuthConsumerKey),
url.QueryEscape(form.LaunchPresentationReturnURL)),
}
log.Printf("problem set picker redirecting to %s", u.String())
//http.Redirect(w, r, u.String(), http.StatusSeeOther)
http.Redirect(w, r, "/v2/users/me/cookie", http.StatusSeeOther)
}
func AuthRequired(su models.User, session sessions.Session, res http.ResponseWriter, req *http.Request) {
if su.Id > 0 {
return
}
log.Println("Login Required")
session.Set("flash", "Login Required")
http.Redirect(res, req, strings.Join([]string{utils.AppCfg.Url(), "login"}, "/"), http.StatusFound)
}
func PostLogin(rw http.ResponseWriter, req *http.Request, db_ *mgo.Database, s sessions.Session) {
user, pass := req.FormValue("email"), req.FormValue("password")
id, err := LoginUser(db_, user, pass)
if err != nil {
fmt.Println(err)
http.Redirect(rw, req, PAGE_LOGIN, http.StatusFound)
}
s.Set("userId", id.Hex())
http.Redirect(rw, req, FUNC_HOME, http.StatusFound)
}
// POST /auth
func PostAuth(s sessions.Session, r render.Render, req *http.Request) {
email := req.PostFormValue("email")
password := req.PostFormValue("password")
session_id, err := db.Auth(email, password)
if err != nil {
r.Error(401)
} else {
s.Set("user_session", session_id)
r.Redirect("/")
}
}
func GithubCallback(session sessions.Session, r *http.Request, re render.Render) {
code, state := r.URL.Query().Get("code"), r.URL.Query().Get("state")
client_id, client_secret := common.Config.OAuth2Client_ID, common.Config.OAuth2Client_Secret
flashes := session.Flashes("state")
if code == "" || state == "" || session == nil || len(flashes) == 0 || flashes[0].(string) != state {
re.Redirect("/")
return
}
client := &http.Client{}
form := url.Values{}
form.Add("code", code)
form.Add("client_id", client_id)
form.Add("client_secret", client_secret)
req, _ := http.NewRequest("POST", "https://github.com/login/oauth/access_token/", strings.NewReader(form.Encode()))
req.Header.Set("Accept", "application/json")
resp, _ := client.Do(req)
body, _ := ioutil.ReadAll(resp.Body)
parse := map[string]interface{}{}
json.Unmarshal([]byte(string(body)), &parse)
token := parse["access_token"].(string)
req, _ = http.NewRequest("GET", "https://api.github.com/user?access_token="+token, nil)
resp, _ = client.Do(req)
body, _ = ioutil.ReadAll(resp.Body)
parse = map[string]interface{}{}
json.Unmarshal([]byte(string(body)), &parse)
username, id := parse["login"].(string), strconv.FormatFloat(parse["id"].(float64), 'f', -1, 64)
if !common.UserExist(id) {
common.NewUser(id)
}
session.Set("loggedin", true)
session.Set("username", username)
session.Set("id", id)
session.Set("token", token)
redirectTo := session.Get("redirect_to")
if redirectTo != nil {
re.Redirect(redirectTo.(string))
} else {
re.Redirect("/")
}
session.Set("redirect_to", nil)
}
func Login(r *http.Request, render render.Render, db *gorp.DbMap, s sessions.Session) {
user := User{}
email, password := r.FormValue("email"), r.FormValue("password")
err := db.SelectOne(&user, "Select * from users where email=? ", email)
//tmp_pass, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
//err := db.QueryRow("select id, password from users where email=$1", email).Scan(&userId, &dbPasswd)
if err != nil || bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password)) != nil {
render.HTML(400, "404", "")
}
s.Set("userId", user.Id)
render.HTML(200, "dashboard", "")
}
func EnsureSessionVariables(s sessions.Session, t oauth2.Tokens) {
userName := s.Get("userName")
twitchId := s.Get("twitchId")
if userName == nil || twitchId == nil {
u, err := GetTwitchUser(t.Access())
if err != nil {
log.Fatal(err)
}
s.Set("userName", u.DisplayName)
s.Set("twitchId", u.Id)
}
}
// 登陆(获取授权令牌)
// @router /users/authentication [get]
func (this *Controller) Authentication(req *http.Request, session sessions.Session) (int, []byte) {
req.ParseForm()
fmt.Println("req传过来", req.Form)
// 验证用户
userData, err := this.model.Authentication(req.Form.Get("account"), req.Form.Get("password"))
if err != nil {
return this.Error(err.Error())
}
// 生成session
session.Set("id", userData.Id)
return this.Success(AuthenticationInfo(userData))
}
func PostLogin(req *http.Request, db *sql.DB, s sessions.Session) (int, string) {
var id string
email, password := req.FormValue("email"), req.FormValue("password")
err := db.QueryRow("select id from users where email=$1 and password=$2", email, password).Scan(&id)
if err != nil {
return 401, "Unauthorized"
}
s.Set("userId", id)
return 200, "User id is " + id
}
func RequireLogin(s sessions.Session, db *sql.DB, c martini.Context, ren render.Render, returnUrl string) {
user := &User{}
err := db.QueryRow("select name, email from appuser where id=$1", s.Get("userId")).Scan(&user.Name, &user.Email)
s.Set("returnUrl", returnUrl)
if err != nil {
ren.Redirect("/login")
return
}
//map user to the context
c.Map(user)
}
func PostLogin(req *http.Request, dbmap *gorp.DbMap, s sessions.Session) (int, string) {
var userId string
email, password := req.FormValue("email"), req.FormValue("password")
err := dbmap.SelectOne(&userId, "select id from users where email=$1 and password=$2", email, Md5(password))
if err != nil {
return 401, "Unauthorized"
}
s.Set("userId", userId)
return 200, "User id is " + userId
}
// LtiProblem handles /lti/problem/:unique requests.
// It creates the user/course/assignment if necessary, creates a session,
// and redirects the user to the main UI URL.
func LtiProblemSet(w http.ResponseWriter, r *http.Request, tx *sql.Tx, form LTIRequest, params martini.Params, session sessions.Session) {
unique := params["unique"]
if unique == "" {
loggedHTTPErrorf(w, http.StatusBadRequest, "malformed URL: missing unique ID for problem")
return
}
if unique != url.QueryEscape(unique) {
loggedHTTPErrorf(w, http.StatusBadRequest, "unique ID must be URL friendly: %s is escaped as %s", unique, url.QueryEscape(unique))
return
}
now := time.Now()
// load the problem set
problemSet := new(ProblemSet)
if err := meddler.QueryRow(tx, problemSet, `SELECT * FROM problem_sets WHERE unique_id = $1`, unique); err != nil {
loggedHTTPDBNotFoundError(w, err)
return
}
// load the course
course, err := getUpdateCourse(tx, &form, now)
if err != nil {
loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err)
return
}
// load the user
user, err := getUpdateUser(tx, &form, now)
if err != nil {
loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err)
return
}
// load the assignment
asst, err := getUpdateAssignment(tx, &form, now, course, problemSet, user)
if err != nil {
loggedHTTPErrorf(w, http.StatusInternalServerError, "db error: %v", err)
return
}
// sign the user in
session.Set("id", user.ID)
// redirect to the console
//http.Redirect(w, r, fmt.Sprintf("/#/assignment/%d", asst.ID), http.StatusSeeOther)
_ = asst
http.Redirect(w, r, "/v2/users/me/cookie", http.StatusSeeOther)
}
func PostLogin(req *http.Request, db *sql.DB, s sessions.Session) (int, string) {
var id string
var pw string
email, password := req.FormValue("email"), req.FormValue("password")
err := db.QueryRow("select id, password from users where email=$1", email).Scan(&id, &pw)
if err != nil || bcrypt.CompareHashAndPassword([]byte(pw), []byte(password)) != nil {
return 401, "Unauthorized"
}
s.Set("userId", id)
return 200, "User id is " + id
}
func handleOAuth2Callback(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
next := extractPath(r.URL.Query().Get("state"))
code := r.URL.Query().Get("code")
tk, err := t.Exchange(code)
if err != nil {
// Pass the error message, or allow dev to provide its own
// error handler.
http.Redirect(w, r, PathError, codeRedirect)
return
}
// Store the credentials in the session.
val, _ := json.Marshal(tk)
s.Set(keyToken, val)
http.Redirect(w, r, next, codeRedirect)
}
func EnsureAuth(session sessions.Session, r render.Render, req *http.Request, c martini.Context) {
id, ok := session.Get("id").(int64)
if !ok || id == 0 {
session.AddFlash("warning: You must login first!")
session.Set("previous_url", req.RequestURI)
r.Redirect("/signin")
} else if ok {
var user models.User
err := utils.ORM.First(&user, id).Error
if err != nil {
r.Error(500)
return
}
c.Map(user)
}
}