Example #1
0
// POST /_session creates a login session and sets its cookie
func (h *handler) handleSessionPOST() error {
	// CORS not allowed for login #115 #762
	originHeader := h.rq.Header["Origin"]
	if len(originHeader) > 0 {
		matched := ""
		if h.server.config.CORS != nil {
			matched = matchedOrigin(h.server.config.CORS.LoginOrigin, originHeader)
		}
		if matched == "" {
			return base.HTTPErrorf(http.StatusBadRequest, "No CORS")
		}
	}

	var params struct {
		Name     string `json:"name"`
		Password string `json:"password"`
	}
	err := h.readJSONInto(&params)
	if err != nil {
		return err
	}
	var user auth.User
	user, err = h.db.Authenticator().GetUser(params.Name)
	if err != nil {
		return err
	}

	if user != nil && !user.Authenticate(params.Password) {
		user = nil
	}
	return h.makeSession(user)
}
Example #2
0
func (h *handler) getUserFromSessionRequestBody() (auth.User, error) {

	var params struct {
		Name     string `json:"name"`
		Password string `json:"password"`
	}
	err := h.readJSONInto(&params)
	if err != nil {
		return nil, err
	}

	var user auth.User
	user, err = h.db.Authenticator().GetUser(params.Name)
	if err != nil {
		return nil, err
	}

	if user != nil && !user.Authenticate(params.Password) {
		user = nil
	}
	return user, err
}
Example #3
0
// POST /_session creates a login session and sets its cookie
func (h *handler) handleSessionPOST() error {
	if len(h.rq.Header["Origin"]) > 0 {
		// CORS not allowed for login #115
		return base.HTTPErrorf(http.StatusBadRequest, "No CORS")
	}
	var params struct {
		Name     string `json:"name"`
		Password string `json:"password"`
	}
	err := h.readJSONInto(&params)
	if err != nil {
		return err
	}
	var user auth.User
	user, err = h.db.Authenticator().GetUser(params.Name)
	if err != nil {
		return err
	}

	if !user.Authenticate(params.Password) {
		user = nil
	}
	return h.makeSession(user)
}