Exemple #1
0
//LoginResendPhonenumberConfirmation resend the phone number confirmation after logging in to a possibly new phone number
func (service *Service) LoginResendPhonenumberConfirmation(w http.ResponseWriter, request *http.Request) {
	values := struct {
		PhoneNumber string `json:"phonenumber"`
	}{}

	response := struct {
		Error string `json:"error"`
	}{}

	if err := json.NewDecoder(request.Body).Decode(&values); err != nil {
		log.Debug("Error decoding the ResendPhonenumberConfirmation request: ", err)
		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
		return
	}
	loginSession, err := service.GetSession(request, SessionLogin, "loginsession")
	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	if loginSession.IsNew {
		sessions.Save(request, w)
		log.Debug("Login session expired")
		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
		return
	}

	username, _ := loginSession.Values["username"].(string)

	//Invalidate the previous validation request, ignore a possible error
	validationkey, _ := loginSession.Values["phonenumbervalidationkey"].(string)
	_ = service.phonenumberValidationService.ExpireValidation(request, validationkey)

	phonenumber := user.Phonenumber{Label: "main", Phonenumber: values.PhoneNumber}
	if !phonenumber.IsValid() {
		log.Debug("Invalid phone number")
		w.WriteHeader(422)
		response.Error = "invalid_phonenumber"
		json.NewEncoder(w).Encode(&response)
		return
	}

	uMgr := user.NewManager(request)
	err = uMgr.SavePhone(username, phonenumber)
	if err != nil {
		log.Error("ResendPhonenumberConfirmation: Could not save phonenumber: ", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	validationkey, err = service.phonenumberValidationService.RequestValidation(request, username, phonenumber, fmt.Sprintf("https://%s/phonevalidation", request.Host))
	if err != nil {
		log.Error("ResendPhonenumberConfirmation: Could not get validationkey: ", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	loginSession.Values["phonenumbervalidationkey"] = validationkey
	sessions.Save(request, w)
	w.WriteHeader(http.StatusNoContent)
}
Exemple #2
0
// SaveSession - shortcut
func SaveSession(w http.ResponseWriter, r *http.Request) error {
	err := sessions.Save(r, w)
	if err != nil {
		logSession.Error("SaveSession error", "err", err)
	}
	return err
}
Exemple #3
0
func Start(w http.ResponseWriter, r *http.Request) {
	vars, session, err := initSession(w, r)
	if err != nil {
		return
	}

	if *startSecretKey == "" || isValidToken(vars["CardId"], *startSecretKey) {
		log.Debugf("Valid Start page: %v", vars["CardId"])
		session.Values["cardId"] = vars["CardId"]
		sessions.Save(r, w)

		var fileName string

		if session.Values["admin"] == "1" {
			log.Debug("Sending Admin UI")
			fileName = root + "/admin.html"
		} else {
			log.Debug("Sending User UI")
			fileName = root + "/public.html"
		}
		f, err := os.Open(fileName)
		if err == nil {
			http.ServeContent(w, r, fileName, time.Time{}, f)
		} else {
			log.Error(err.Error())
			http.Error(w, err.Error(), http.StatusInternalServerError)
		}
	} else {
		log.Infof("Bad Start page: %v", vars["CardId"])
		err = templates["bad-cards.html"].Execute(w, nil)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
		}
	}
}
Exemple #4
0
func (s *session) clear() error {
	s.userId = ``
	s.entityId = ``
	s.entity = nil
	s.internalSession.Values = map[interface{}]interface{}{}
	return sessions.Save(s.request, s.writer)
}
Exemple #5
0
func (h handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
	startTime := time.Now().UTC()
	if h.logRq {
		defer logger.LogRq(req, startTime)
	}
	//create the context
	ctx, err := NewContext(req, h.c)
	if err != nil {
		internalError(ctx, w, req, err, "New context err")
		return
	}
	//defer ctx.Close()
	// We're using httpbuf here to satisfy an unobvious requirement:
	// sessions.Save() *must* be called before anything is written to
	// ResponseWriter. So we pass this buffer in place of writer here, then
	// call Save() and finally apply the buffer to the real writer.
	buf := new(httpbuf.Buffer)
	err = h.h(buf, req, ctx)
	if err != nil {
		internalError(ctx, w, req, err, "Error in handler")
		return
	}
	//save the session
	if err = sessions.Save(req, w); err != nil {
		internalError(ctx, w, req, err, "Session save err")
		return
	}
	buf.Apply(w)
}
Exemple #6
0
func (service *Service) renderRegistrationFrom(w http.ResponseWriter, request *http.Request, validationErrors []string, totpsecret string) {
	htmlData, err := html.Asset(registrationFileName)
	if err != nil {
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}

	//Don't use go templates since angular uses "{{ ... }}" syntax as well and this way the standalone page also works
	htmlData = bytes.Replace(htmlData, []byte("secret=1234123412341234"), []byte("secret="+totpsecret), 2)

	errorMap := make(map[string]bool)
	for _, errorkey := range validationErrors {
		errorMap[errorkey] = true
	}
	jsonErrors, err := json.Marshal(errorMap)

	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	htmlData = bytes.Replace(htmlData, []byte(`{"invalidsomething": true}`), jsonErrors, 1)

	sessions.Save(request, w)
	w.Write(htmlData)
}
Exemple #7
0
func authLogoutPostHandler(w http.ResponseWriter, r *http.Request) {
	ses, _ := clientLongtermSessionStore.Get(r, "authentication")
	delete(ses.Values, "account")
	err := sessions.Save(r, w)
	if err != nil {
		glog.Errorln(err)
	}
}
Exemple #8
0
// Save emits the PastePermissionSet to disk, either as part of the anonymous
// session or as part of the authenticated user's data.
func (p *PastePermissionSet) Save(w http.ResponseWriter, r *http.Request) {
	if p.u != nil {
		p.u.Save()
	} else {
		cookieSession, _ := sessionStore.Get(r, "session")
		cookieSession.Values["permissions"] = p
		sessions.Save(r, w)
	}
}
Exemple #9
0
func (service *Service) loginUser(w http.ResponseWriter, request *http.Request, username string) {
	if err := service.SetLoggedInUser(w, request, username); err != nil {
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	sessions.Save(request, w)

	log.Debugf("Successfull login by '%s'", username)

	redirectURL := "/"
	queryValues := request.URL.Query()
	endpoint := queryValues.Get("endpoint")
	if endpoint != "" {
		queryValues.Del("endpoint")
		redirectURL = endpoint + "?" + queryValues.Encode()
	} else {
		registrationSession, _ := service.GetSession(request, SessionForRegistration, "registrationdetails")
		if !registrationSession.IsNew && registrationSession.Values["redirectparams"] != nil {
			splitted := strings.Split(registrationSession.Values["redirectparams"].(string), "&")
			if len(splitted) > 3 {
				for _, part := range splitted {
					kv := strings.Split(part, "=")
					if len(kv) == 2 {
						key, _ := url.QueryUnescape(kv[0])
						value, _ := url.QueryUnescape(kv[1])
						queryValues.Set(key, value)
					}
				}
				endpoint, _ = url.QueryUnescape(queryValues.Get("endpoint"))
				queryValues.Del("endpoint")
				redirectURL = endpoint + "?" + queryValues.Encode()
			}
		}
	}

	sessions.Save(request, w)
	response := struct {
		Redirecturl string `json:"redirecturl"`
	}{}
	response.Redirecturl = redirectURL
	log.Debug("Redirecting to:", redirectURL)
	json.NewEncoder(w).Encode(response)
}
Exemple #10
0
func (u UserController) SignOut() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {

		session, _ := store.Get(r, "user")
		session.Options.MaxAge = -1
		sessions.Save(r, w)

		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
	}
}
Exemple #11
0
func appstatsWrapper(h Handler) http.Handler {
	f := func(c appengine.Context, w http.ResponseWriter, req *http.Request) {
		// Emit some compatibility & anti-cache headers for IE (you can overwrite
		// them from the handlers)
		w.Header().Set("X-UA-Compatible", "chrome=1")
		w.Header().Set("Cache-Control", "max-age=0,no-cache,no-store,"+
			"post-check=0,pre-check=0")
		w.Header().Set("Expires", "Mon, 26 Jul 1997 05:00:00 GMT")

		// Build the request & session objects
		rw := newResponseWriter(w)
		r := &Request{Req: req, W: rw, C: c, N: goon.FromContext(c)}

		session, token, err := getSession(req, rw)
		if err != nil {
			r.processError(fmt.Errorf("build session failed: %s", err))
			return
		}
		r.Session = session

		// Check XSRF token
		if req.Method != "GET" {
			if ok, err := checkXsrfToken(req, token); err != nil {
				r.processError(fmt.Errorf("check xsrf token failed: %s", err))
				return
			} else if !ok {
				c.Errorf("xsrf token header check failed")
				r.processError(Forbidden())
				return
			}
		}

		// Fatal errors recovery
		defer func() {
			if rec := recover(); rec != nil {
				err := fmt.Errorf("panic recovered error: %s", rec)
				r.processError(err)
			}
		}()

		// Handle the request
		if err := h(r); err != nil {
			r.processError(err)
		}

		// Save the session & copy the buffered output
		if err := sessions.Save(req, w); err != nil {
			r.processError(err)
		}
		if err := rw.output(); err != nil {
			r.processError(err)
		}
	}
	return appstats.NewHandler(f)
}
Exemple #12
0
func (s *session) set(userId string, entityId string, entity Entity) error {
	s.userId = userId
	s.entityId = entityId
	s.entity = entity
	s.internalSession.Values = map[interface{}]interface{}{
		_USER_ID:   userId,
		_ENTITY_ID: entityId,
		_ENTITY:    entity,
	}
	return sessions.Save(s.request, s.writer)
}
Exemple #13
0
func CardLogin(w http.ResponseWriter, r *http.Request) {
	vars, session, err := initSession(w, r)
	if err != nil {
		return
	}
	if isValidToken(vars["CardId"], *adminSecretKey) {
		log.Debugf("Valid Card Login: %v", vars["CardId"])
		session.Values["admin"] = "1"
		sessions.Save(r, w)
		err = templates["login-ok.html"].Execute(w, nil)
	} else {
		log.Infof("Bad Card Login: %v", vars["CardId"])
		session.Values["admin"] = "0"
		sessions.Save(r, w)
		err = templates["login-failed.html"].Execute(w, nil)
	}
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
	}
}
Exemple #14
0
//renderEmailConfirmationPage renders a small mobile friendly confirmation page after a user follows a link in an email
func (service *Service) renderEmailConfirmationPage(w http.ResponseWriter, request *http.Request, text string) {
	htmlData, err := html.Asset(emailconfirmationPage)
	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	htmlData = bytes.Replace(htmlData, []byte(`{{ text }}`), []byte(text), 1)
	sessions.Save(request, w)
	w.Write(htmlData)
}
Exemple #15
0
func (service *Service) renderRegistrationFrom(w http.ResponseWriter, request *http.Request) {
	htmlData, err := html.Asset(registrationFileName)
	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}

	sessions.Save(request, w)
	w.Write(htmlData)
}
Exemple #16
0
//GetSmsCode returns an sms code for a specified phone label
func (service *Service) GetSmsCode(w http.ResponseWriter, request *http.Request) {
	phoneLabel := mux.Vars(request)["phoneLabel"]
	loginSession, err := service.GetSession(request, SessionLogin, "loginsession")
	if err != nil {
		log.Error("Error getting login session", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	sessionInfo, err := newLoginSessionInformation()
	if err != nil {
		log.Error("Error creating login session information", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	username, ok := loginSession.Values["username"].(string)
	if username == "" || !ok {
		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
		return
	}
	userMgr := user.NewManager(request)
	userFromDB, err := userMgr.GetByName(username)
	if err != nil {
		log.Error("Error getting user", err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	phoneNumber, err := userFromDB.GetPhonenumberByLabel(phoneLabel)
	if err != nil {
		log.Debug(userFromDB.Phonenumbers)
		http.Error(w, http.StatusText(http.StatusNotFound), http.StatusNotFound)
		return
	}
	loginSession.Values["sessionkey"] = sessionInfo.SessionKey
	authClientId := loginSession.Values["auth_client_id"]
	authenticatingOrganization := ""
	if authClientId != nil {
		authenticatingOrganization = authClientId.(string)
	}
	mgoCollection := db.GetCollection(db.GetDBSession(request), mongoLoginCollectionName)
	mgoCollection.Insert(sessionInfo)
	organizationText := ""
	if authenticatingOrganization != "" {
		split := strings.Split(authenticatingOrganization, ".")
		organizationText = fmt.Sprintf("to authorize the organization %s, ", split[len(split)-1])
	}
	smsmessage := fmt.Sprintf("To continue signing in at itsyou.online %senter the code %s in the form or use this link: https://%s/sc?c=%s&k=%s",
		organizationText, sessionInfo.SMSCode, request.Host, sessionInfo.SMSCode, url.QueryEscape(sessionInfo.SessionKey))
	sessions.Save(request, w)
	go service.smsService.Send(phoneNumber.Phonenumber, smsmessage)
	w.WriteHeader(http.StatusNoContent)
}
Exemple #17
0
// Saves all currently open sessions for this request to disk.
func (sc *SessionContext) SaveAll() {
	//TODO: Can I somehow defer this save until the request is finished processing?
	// Maybe a callback from the context-chain.

	// TODO TODO: Is that even a good idea though? Is there an instance where you expect the session
	// perhaps I'd need some kind of "ForceSave()" method in case a controller actually wnats to persist
	// state _now._

	//tl;dr: premature optimization.
	if sc.isInit {
		sessions.Save(sc.request, sc.response)
		return
	}
}
Exemple #18
0
// End the current user session
func (a AuthenticationController) LogOut() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {

		// retrieve user session
		session, _ := store.Get(r, "user")

		// kill session
		session.Options.MaxAge = -1
		sessions.Save(r, w)

		// redirect to home page
		http.Redirect(w, r, "/", http.StatusFound)
	}
}
Exemple #19
0
//renderLoginForm shows the user login page
func (service *Service) renderLoginForm(w http.ResponseWriter, request *http.Request, indicateError bool, postbackURL string) {
	htmlData, err := html.Asset(loginFileName)
	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	if indicateError {
		htmlData = bytes.Replace(htmlData, []byte(`{"invalidsomething": true}`), []byte(`{"invalidcredentials": true}`), 1)
	}
	htmlData = bytes.Replace(htmlData, []byte(`action="login"`), []byte(fmt.Sprintf("action=\"%s\"", postbackURL)), 1)
	sessions.Save(request, w)
	w.Write(htmlData)
}
Exemple #20
0
func ExampleStore_Save() {
	// db(*bolt.DB) should be opened beforehand and passed by the other function.
	var db *bolt.DB

	// w(http.ResponseWriter) should be passed by the other function.
	var w http.ResponseWriter

	// r(*http.Request) should be passed by the other function.
	var r *http.Request

	// Create a store.
	str, err := New(db, Config{}, []byte("secret-key"))
	if err != nil {
		panic(err)
	}

	// Create a session.
	session, err := str.New(r, "session-key")
	if err != nil {
		panic(err)
	}

	// Add a value on the session.
	session.Values["foo"] = "bar"

	// Save the session.
	if err := sessions.Save(r, w); err != nil {
		panic(err)
	}

	// You can delete the session by setting the session options's MaxAge
	// to a minus value.
	session.Options.MaxAge = -1
	if err := sessions.Save(r, w); err != nil {
		panic(err)
	}
}
Exemple #21
0
func checkUserIn(user, pass string, w http.ResponseWriter, r *http.Request) bool {
	if users.CheckPassword(user, pass) {
		session, err := GetSession(r)
		if err != nil {
			return false
		}
		session.Values["expires"] = time.Now().Add(time.Hour * 24)
		session.Values["user"] = user
		if err := sessions.Save(r, w); err != nil {
			return false
		}
		return true
	}
	return false
}
Exemple #22
0
func Logout(w http.ResponseWriter, r *http.Request) {
	_, session, err := initSession(w, r)
	if err != nil {
		return
	}

	log.Debug("Logout")
	session.Values["admin"] = "0"
	sessions.Save(r, w)

	err = templates["logout.html"].Execute(w, nil)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
	}
}
Exemple #23
0
// Internal handler for running the route, that way different functions can be exposed but all handled the same.
func (f *Fogo) runRoute(w http.ResponseWriter, r *http.Request, hf FogoHandler, path string) {
	context := f.newContext(w, r)
	defer handleError(f, context, path)
	f.runBeforeMiddleware(context)
	// Call registered handler
	status, output := hf(context)
	f.runAfterMiddlware(context)
	// Saving all session values
	svErr := sessions.Save(r, w)
	if svErr != nil {
		f.logger.LogError(svErr)
	}
	// Checking for redirects
	if context.Redirect {
		http.Redirect(w, r, context.RedirectPath, http.StatusSeeOther)
		return
	}
	// Writing out a request log
	f.logger.LogInterfaces("Status:", status, "Path:", path)

	// Generating the output
	instance := reflect.ValueOf(output)
	if instance.Type().Kind() == reflect.Ptr {
		instance = instance.Elem()
	}

	out_str := ""
	switch instance.Type().Kind() {
	case reflect.String:
		out_str = output.(string)
	case reflect.Array, reflect.Map, reflect.Slice, reflect.Struct:
		j, err := json.Marshal(output)
		if err != nil {
			f.logger.LogInterfaces("luar.Route", path, err)
			http.Error(w, `{
                        "success": false,
                        "error_message": "unable to serialize output json."
                    }`, http.StatusInternalServerError)
			return
		}
		w.Header().Add("Content-Type", "application/json")
		out_str = string(j)
	}

	w.WriteHeader(status)
	w.Write([]byte(out_str))

}
Exemple #24
0
func (a *Api) authCallback(w http.ResponseWriter, r *http.Request) {
	code := r.FormValue("code")

	client, err := a.getOAuthClient(code)

	u := getGithubURL("/user")
	resp, err := client.Get(u)
	if err != nil {
		log.Errorf("error getting user info: %s", err)
		return
	}

	var userInfo *GithubUser

	if err := json.NewDecoder(resp.Body).Decode(&userInfo); err != nil {
		log.Errorf("error parsing github user info: %s", err)
		return
	}

	shpdToken, err := a.manager.GenerateToken(userInfo.Login)
	if err != nil {
		log.Errorf("error generating token: %s", err)
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	// write to session
	session, _ := a.getSession(r)
	session.Values["username"] = shpdToken.Username
	session.Values["token"] = shpdToken.Token
	session.Values["code"] = code
	sessions.Save(r, w)

	log.Debugf("authenticated user: username=%s", shpdToken.Username)

	// check allowed user
	if !a.isValidUser(shpdToken.Username) {
		log.Warnf("unauthorized login: username=%s ip=%s", shpdToken.Username, r.RemoteAddr)
		//http.Error(w, "forbidden", http.StatusForbidden)
		http.Redirect(w, r, "/#/403", http.StatusFound)
		return
	}

	// redirect to domains
	http.Redirect(w, r, "/", http.StatusFound)
}
Exemple #25
0
//ShowLoginForm shows the user login page on the initial request
func (service *Service) ShowLoginForm(w http.ResponseWriter, request *http.Request) {
	htmlData, err := html.Asset(loginFileName)
	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	loginSession, err := service.GetSession(request, SessionLogin, "loginsession")
	if err != nil {
		log.Error(err)
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	loginSession.Values["auth_client_id"] = request.URL.Query().Get("client_id")
	sessions.Save(request, w)
	w.Write(htmlData)

}
Exemple #26
0
// This function will be called each time the request hits the location with this middleware activated
func (a *AuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	//Check session
	session, _ := store.Get(r, "session")
	if session.Values["active"] != "true" {
		//No session - try to log in
		username, password, ok := r.BasicAuth()
		// Reject the request by writing forbidden response
		if !ok || !isAuthorized(a.cfg, username, password) {
			w.WriteHeader(http.StatusUnauthorized)
			w.Header().Set("WWW-Authenticate", "Basic realm=\"Please log in\"")
			return
		}
		session.Values["active"] = "true"
		// Save all sessions.
		sessions.Save(r, w)
	}
	// Pass the request to the next middleware in chain
	a.next.ServeHTTP(w, r)
}
Exemple #27
0
//HomePage shows the home page when logged in, if not, delegate to showing the public website
func (service *Service) HomePage(w http.ResponseWriter, request *http.Request) {

	loggedinuser, err := service.GetLoggedInUser(request, w)
	if err != nil {
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	if loggedinuser == "" {
		service.ShowPublicSite(w, request)
		return
	}

	htmlData, err := html.Asset(homepageFileName)
	if err != nil {
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	sessions.Save(request, w)
	w.Write(htmlData)
}
Exemple #28
0
func authenticatePastePOSTHandler(w http.ResponseWriter, r *http.Request) {
	if throttleAuthForRequest(r) {
		RenderError(fmt.Errorf("Cool it."), 420, w)
		return
	}

	id := PasteIDFromString(mux.Vars(r)["id"])
	password := r.FormValue("password")

	p, err := pasteStore.Get(id, nil)
	if p == nil {
		RenderError(err, http.StatusNotFound, w)
		return
	}

	key := p.EncryptionKeyWithPassword(password)
	if key != nil {
		cliSession, _ := clientOnlySessionStore.Get(r, "c_session")
		pasteKeys, ok := cliSession.Values["paste_keys"].(map[PasteID][]byte)
		if !ok {
			pasteKeys = map[PasteID][]byte{}
		}

		pasteKeys[id] = key
		cliSession.Values["paste_keys"] = pasteKeys
		sessions.Save(r, w)
		if err != nil {
			glog.Errorln(err)
		}
	}

	url, _ := pasteRouter.Get("show").URL("id", id.String())
	dest := url.String()
	if destCookie, err := r.Cookie("destination"); err != nil {
		dest = destCookie.Value
	}
	w.Header().Set("Location", dest)
	w.WriteHeader(http.StatusSeeOther)
}
Exemple #29
0
func TwitterLoginHandler(w http.ResponseWriter, r *http.Request) {
	requestToken, err := models.GetRequestTokenAndURL("http://localhost:3000/twitter/callback")

	if err != nil {
		glog.Info("Failed to obtain request token")
		http.Error(w, "Failed to obtain request token", http.StatusInternalServerError)
	}

	session, err := models.GetSession(r, "twitter_login")

	if err != nil {
		glog.Error("failed to get session")
		http.Error(w, "failed to get session", http.StatusInternalServerError)
	}

	session.Values["request_token"] = requestToken
	if err = sessions.Save(r, w); err != nil {
		glog.Fatalf("Error saving session: %v", err)
	}

	glog.Infof("url: %s", requestToken.Url)
}
Exemple #30
0
func (service *Service) GetConfig(w http.ResponseWriter, request *http.Request) {
	token, err := totp.NewToken()
	if err != nil {
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	totpsession, err := service.GetSession(request, SessionForRegistration, "totp")
	if err != nil {
		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
		return
	}
	totpsession.Values["secret"] = token.Secret
	sessions.Save(request, w)
	data := struct {
		TotpSecret       string `json:"totpsecret"`
		GithubClientId   string `json:"githubclientid"`
		FacebookClientId string `json:"facebookclientid"`
	}{}
	data.TotpSecret = token.Secret
	data.GithubClientId, _ = identityservice.GetOauthClientID("github")
	data.FacebookClientId, _ = identityservice.GetOauthClientID("facebook")
	json.NewEncoder(w).Encode(&data)
}