//creates a new Session object with no Id.
func NewSession(id string) *Session {
return &Session{
Id: orm.String(id),
Authenticated: orm.Bool(false),
ProfileId: nil,
Values: &map[string]string{},
}
}
func (b *BuiltinStrategy) setupAdminAccount(db orm.Database) (user *builtinUser, profile *perfect.Profile, err error) {
//setup the admin account
user = &builtinUser{Id: orm.String(b.Config.Username)}
err = db.Find(user)
if err != nil && err != orm.ErrNotFound {
return
}
profile = &perfect.Profile{}
//search for this profile
if user.ProfileId != nil {
profile.Id = user.ProfileId
err = db.Find(profile)
if err != nil && err != orm.ErrNotFound {
return
}
}
//update the profile
profile.Id = orm.String(b.Config.Email)
profile.Name = orm.String(b.Config.Name)
profile.AuthType = orm.String(b.Config.Type)
err = db.Save(profile)
if err != nil {
return
}
//hash the password
password_salt := generateRandomSalt(SALT_ENTROPY)
password_hash := hash(b.Config.Password, password_salt)
//update username
user.Password = &password_hash
user.Salt = &password_salt
user.ProfileId = profile.Id
err = db.Save(user)
if err != nil {
return
}
return user, profile, nil
}
func Login(w http.ResponseWriter, r *perfect.Request) {
var (
profile_id *string
err error
)
//get the session
session, err := r.Session()
if err != nil {
perfect.Error(w, r, err)
return
}
//if the user is already authenticated, redirect to home
if *session.Authenticated {
perfect.Redirect(w, r, "/")
return
}
//TODO: make this work! (and delete the hard-coded built-in strategy!)
//user, err := r.Module.Auth.Login(w, r);
bauth := NewBuiltinStrategy(&Config{Type: BUILTIN})
profile_id, err = bauth.Login(w, r)
if err != nil {
log.Println("login error:", err)
perfect.JSONResult(w, r, false, err.Error())
return
}
//mark the session as authenticated
session.Authenticated = orm.Bool(true)
//regenerate the session Id
session.Id = orm.String(r.Module.Db.UniqueId())
//set the current user profile id
session.ProfileId = profile_id
// update the session
err = r.Module.Db.Save(session)
if err != nil {
perfect.Error(w, r, err)
return
}
session.SetCookie(w, r)
//success
perfect.JSONResult(w, r, true, r.Module.MountPoint+"/")
}
func createBuiltinProfile(username, password, name, email string, db orm.Database) (user *builtinUser, profile *perfect.Profile, err error) {
user = &builtinUser{Id: &username}
//query the database to check if the username exists
err = db.Find(user)
if err != orm.ErrNotFound {
//make sure users can't register duplicate usernames
if err == nil {
err = ErrUsernameExists
}
return
}
//create a perfect user (profile)
profile = perfect.NewProfile(email, name)
profile.AuthType = orm.String(BUILTIN)
err = db.Save(profile)
if err != nil {
log.Println(err)
return
}
//hash the password
password_salt := generateRandomSalt(SALT_ENTROPY)
password_hash := hash(password, password_salt)
//create an entry to store auth details
user.Password = &password_hash
user.Salt = &password_salt
user.ProfileId = profile.Id
err = db.Save(user)
if err != nil {
log.Println(err)
return
}
return user, profile, nil
}
func NewProfile(email, name string) *Profile {
return &Profile{
Id: orm.String(email),
Name: orm.String(name),
}
}
func TestSession_Partial(t *testing.T) {
type testCase struct {
Update, Expected *Session
}
db, clean := ormtest.NewTestDatabase(ormtest.DbUrl, t)
defer clean()
//create a sample Session
s := &Session{}
//clean the collection at the start and end of this test
db.DropCollection(s)
defer db.DropCollection(s)
//insert the first session
err := db.Save(s)
if err != nil {
t.Fatalf("err = %v", err)
}
var (
oid orm.Object = s.Object
sid1 *string = orm.String("1")
sid2 *string = orm.String("2")
yes *bool = orm.Bool(true)
no *bool = orm.Bool(false)
val1 *map[string]string = &map[string]string{"1": "2"}
val2 *map[string]string = &map[string]string{"1": "3"}
val3 *map[string]string = &map[string]string{"2": "1"}
partial_session_updates []testCase = []testCase{
{Update: &Session{Object: oid}, Expected: &Session{Object: oid}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1}},
{Update: &Session{Object: oid, Id: sid1, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
{Update: &Session{Object: oid, Id: sid1, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
{Update: &Session{Object: oid, Id: sid2, Authenticated: no}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no}},
{Update: &Session{Object: oid, Id: sid2, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes}},
{Update: &Session{Object: oid, Authenticated: no}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no}},
{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
{Update: &Session{Object: oid, Values: val1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val1}},
{Update: &Session{Object: oid, Values: val2}, Expected: &Session{Object: oid, Id: sid1, Authenticated: no, Values: val2}},
{Update: &Session{Object: oid, Id: sid2}, Expected: &Session{Object: oid, Id: sid2, Authenticated: no, Values: val2}},
{Update: &Session{Object: oid, Authenticated: yes}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val2}},
{Update: &Session{Object: oid, Values: val3}, Expected: &Session{Object: oid, Id: sid2, Authenticated: yes, Values: val3}},
{Update: &Session{Object: oid, Id: sid1}, Expected: &Session{Object: oid, Id: sid1, Authenticated: yes, Values: val3}},
}
)
for i, test := range partial_session_updates {
err := db.Save(test.Update)
if err != nil {
t.Fatalf("partial session %v: err = %v", i+1, err)
}
actual := &Session{
Object: test.Update.Object,
}
err = db.Find(actual)
if err != nil {
t.Fatalf("partial session %v: err = %v", i+1, err)
}
if !reflect.DeepEqual(actual, test.Expected) {
t.Fatalf("partial session %v: actual session is not exactly the same as expected session\n actual: %v\n expected: %v\n update: %v", i+1, actual, test.Expected, test.Update)
}
}
}