Exemple #1
0
// Get HTTP get method
func (c *AuthUser) Get(req *Request) {

	// get the username/password
	user := req.r.URL.Query().Get("user")
	pass := req.r.URL.Query().Get("pass")

	// fetch the user form the db
	var u *config.User
	var err error
	c.pipeline.ViewConfig(func(ac *config.AppConfig) {
		u, err = ac.Provider().GetUserByUserName(user)
	})
	if err != nil {
		http.Error(req.w, err.Error(), http.StatusBadRequest)
		logrus.Error(err)
		return
	}

	// if the user does not have the correct password, fail
	if !config.CheckUserPassword(u, pass) {
		http.Error(req.w, "invalid password", http.StatusBadRequest)
		return
	}

	token := GlobalSession.Put(u.UserName)

	// encode the response as json
	buff, err := json.Marshal(map[string]string{
		"token": token,
	})

	if err != nil {
		http.Error(req.w, err.Error(), http.StatusInternalServerError)
		logrus.Error(err)
		return
	}

	req.w.Write(buff)
}
Exemple #2
0
func authUser(confProvider config.Provider, r *http.Request) (*config.User, error) {

	// check for a session token
	session := r.Header.Get(SESSION_HEADER_NAME)

	// create user doesn't require auth
	if r.URL.Path == "/api/user" && r.Method == "POST" {
		return confProvider.GetUserByUserName("admin")
	}

	// fetch the user id from the session store for this token
	if session != "" {
		userName, err := GlobalSession.Get(session)
		if err != nil {
			return nil, err
		}

		//  get the user by the given id
		return confProvider.GetUser(userName)
	}
	user, password, ok := r.BasicAuth()
	if !ok {
		return nil, fmt.Errorf("Auth not provided")
	}

	// fetch the user
	u, err := confProvider.GetUserByUserName(user)
	if err != nil {
		return nil, err
	}

	// check to see if the password is correct
	if !config.CheckUserPassword(u, password) {
		return nil, fmt.Errorf("The provided password is incorrect for user %s", user)
	}

	return u, nil
}