func handleUserCreate(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := util.Key(r.Form.Get("key"))
if err := admin.IsAdmin(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
email := r.Form.Get("email")
pwhash := r.Form.Get("pwhash")
if err := user.Create(d, email, pwhash); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error creating user %s: %s", email, err.Error())
return
}
log.Printf("user %s created", email)
WriteResponse(w, &user.User{
Email: email,
Hash: util.Hash(pwhash),
})
}
}
func handleAdminDelete(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := util.Key(r.Form.Get("key"))
if err := admin.IsAdmin(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %s", err.Error())
return
}
if err := admin.Delete(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error deleting admin for %s: %s", key, err.Error())
return
}
log.Printf("admin %s deleted", key)
WriteResponse(w, &admin.Admin{
Key: key,
})
}
}
func (s *UserSuite) testValidate(u t.TestUser, pause int, c *gc.C) error {
<-time.NewTimer(timeout(pause)).C
err := user.ValidLogin(s.d, u.Email, util.Key(u.LoginKey))
if err != nil {
return err
}
return nil
}
func (s *AuthSuite) testValidate(user t.TestUser, pause int, c *gc.C) error {
<-time.NewTimer(timeout(pause)).C
err := auth.Valid(s.d, user.Email, util.Key(user.LoginKey))
if err != nil {
return err
}
return nil
}
func (s *UserSuite) deleteTests(u t.TestUser, c *gc.C) error {
if err := user.Delete(s.d, u.Email); err != nil {
return err
}
err := user.ValidLogin(s.d, u.Email, util.Key(u.LoginKey))
c.Assert(err, gc.ErrorMatches, fmt.Sprintf("could not get login for email %q not valid", u.Email))
return nil
}
func (s *AuthSuite) deleteTests(user t.TestUser, c *gc.C) error {
err := auth.DeleteUser(s.d, user.Email)
if err != nil {
return err
}
err = auth.Valid(s.d, user.Email, util.Key(user.LoginKey))
c.Assert(err, gc.ErrorMatches, fmt.Sprintf("user %q not logged in user not found", user.Email))
return nil
}
func (s *UserSuite) logoutTests(u t.TestUser, key util.Key, login bool, c *gc.C) error {
if login {
key, err := user.LoginUser(s.d, u.Email, u.Pwhash)
c.Assert(err, jc.ErrorIsNil)
u = t.TestUser{
Email: u.Email,
Pwhash: u.Pwhash,
LoginKey: string(key),
}
}
if key != util.Key("") {
u.LoginKey = string(key)
}
err := user.LogoutUser(s.d, u.Email, util.Key(u.LoginKey))
if err != nil {
return err
}
err = user.LogoutUser(s.d, u.Email, util.Key(u.LoginKey))
c.Assert(err, gc.ErrorMatches, fmt.Sprintf("could not get login for email %q not valid", u.Email))
return nil
}
func (s *AuthSuite) logoutTests(user t.TestUser, key util.Key, login bool, c *gc.C) error {
if login {
key, err := auth.LoginUser(s.d, user.Email, user.Pwhash)
c.Assert(err, gc.IsNil)
user = t.TestUser{
Email: user.Email,
Pwhash: user.Pwhash,
LoginKey: string(key),
}
}
if key != util.Key("") {
user.LoginKey = string(key)
}
err := auth.LogoutUser(s.d, user.Email, util.Key(user.LoginKey))
if err != nil {
return err
}
err = auth.LogoutUser(s.d, user.Email, util.Key(user.LoginKey))
c.Assert(err, gc.ErrorMatches, fmt.Sprintf("user %q not logged in user not found", user.Email))
return nil
}
func handleUserDelete(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := util.Key(r.Form.Get("key"))
email := r.Form.Get("email")
pwhash := r.Form.Get("pwhash")
switch {
case key != "":
// An admin can delete any user.
if err := admin.IsAdmin(d, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
case email != "", pwhash != "":
if err := user.CheckUser(d, email, pwhash); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("invalid user %s: %s", email, err.Error())
return
}
default:
// No key, no email, no pwhash -- no delete.
WriteResponse(w, newApiError("must pass pwhash and email, or API key", nil))
log.Printf("invalid user delete request: no values")
return
}
if err := user.Delete(d, email); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error deleting user %q: %s", email, err.Error())
return
}
log.Printf("user %q deleted", email)
WriteResponse(w, &user.User{
Email: email,
})
}
}
func handleAdminValid(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
key := r.Form.Get("key")
if err := admin.IsAdmin(d, util.Key(key)); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %s", err.Error())
return
}
WriteResponse(w, "ok")
log.Printf("admin %s verified", key)
}
}
func handleLogout(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
err := r.ParseForm()
if err != nil {
WriteResponse(w, newApiError("bad request: "+err.Error(), err))
log.Error("bad request: %#v", r)
return
}
email := r.Form.Get("email")
key := util.Key(r.Form.Get("key"))
err = auth.LogoutUser(d, email, key)
if err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Error("user %q logout for key %q failed: %s", email, key, err.Error())
return
}
WriteResponse(w, &auth.User{
Email: email,
})
}
}
func handleUserValid(d db.DB) htr.Handle {
return func(w http.ResponseWriter, r *http.Request, ps htr.Params) {
if err := r.ParseForm(); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("bad admin request: %#v", r)
return
}
email := r.Form.Get("email")
key := util.Key(r.Form.Get("key"))
if err := user.ValidLogin(d, email, key); err != nil {
WriteResponse(w, newApiError(err.Error(), err))
log.Printf("error authenticating user %q, key %q: %s", email, key, err.Error())
return
}
log.Printf("user %q validated", email)
WriteResponse(w, &user.User{
Email: email,
})
}
}
func (s *AdminSuite) createTests(adm t.TestAdmin, c *gc.C) error {
key, err := admin.Create(s.d, adm.Email, adm.Pwhash)
if err != nil {
return err
}
err = admin.IsAdmin(s.d, util.Key(key))
c.Assert(err, jc.ErrorIsNil)
adminBytes, err := db.GetByKey(s.d, admin.Admins, []byte(key))
if err != nil {
return err
}
c.Assert(len(adminBytes), gc.Not(gc.Equals), 0)
var tmpAdmin admin.Admin
if err = json.Unmarshal(adminBytes, &tmpAdmin); err != nil {
return err
}
c.Check(tmpAdmin.Email, gc.Equals, adm.Email)
return nil
}