// Creates a session with TTL and adds to the response.  Does NOT return the session info response.
func (h *handler) makeSessionWithTTL(user auth.User, expiry time.Duration) (sessionID string, err error) {
	if user == nil {
		return "", base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
	}
	h.user = user
	auth := h.db.Authenticator()
	session, err := auth.CreateSession(user.Name(), expiry)
	if err != nil {
		return "", err
	}
	cookie := auth.MakeSessionCookie(session)
	base.AddDbPathToCookie(h.rq, cookie)
	http.SetCookie(h.response, cookie)
	return session.ID, nil
}
func (h *handler) makeSession(user auth.User) error {
	if user == nil {
		return base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
	}
	h.user = user
	auth := h.db.Authenticator()
	session, err := auth.CreateSession(user.Name(), kDefaultSessionTTL)
	if err != nil {
		return err
	}
	cookie := auth.MakeSessionCookie(session)
	base.AddDbPathToCookie(h.rq, cookie)
	http.SetCookie(h.response, cookie)
	return h.respondWithSessionInfo()
}
Exemple #3
0
func (auth *Authenticator) AuthenticateCookie(rq *http.Request, response http.ResponseWriter) (User, error) {

	cookie, _ := rq.Cookie(CookieName)
	if cookie == nil {
		return nil, nil
	}

	var session LoginSession
	_, err := auth.bucket.Get(docIDForSession(cookie.Value), &session)
	if err != nil {
		if base.IsDocNotFoundError(err) {
			err = nil
		}
		return nil, err
	}
	// Don't need to check session.Expiration, because Couchbase will have nuked the document.
	//update the session Expiration if 10% or more of the current expiration time has elapsed
	//if the session does not contain a Ttl (probably created prior to upgrading SG), use
	//default value of 24Hours
	if session.Ttl == 0 {
		session.Ttl = kDefaultSessionTTL
	}
	duration := session.Ttl
	sessionTimeElapsed := int((time.Now().Add(duration).Sub(session.Expiration)).Seconds())
	tenPercentOfTtl := int(duration.Seconds()) / 10
	if sessionTimeElapsed > tenPercentOfTtl {
		session.Expiration = time.Now().Add(duration)
		ttlSec := int(duration.Seconds())
		if err = auth.bucket.Set(docIDForSession(session.ID), ttlSec, session); err != nil {
			return nil, err
		}
		base.AddDbPathToCookie(rq, cookie)
		cookie.Expires = session.Expiration
		http.SetCookie(response, cookie)
	}

	user, err := auth.GetUser(session.Username)
	if user != nil && user.Disabled() {
		user = nil
	}
	return user, err
}