Exemple #1
0
// CreateTransaction endpoint creates a new transaction with the valid transfer tokens and data
func (t *TransactionsAPI) CreateTransaction(params *api.Request) api.Response {
	transaction := &models.Transaction{}

	err := util.DeserializeJSON(params.Body, transaction)
	if err != nil || !apifilter.CheckTransactionIntegrity(transaction) {
		return api.BadRequest(api.ErrEntityFormat)
	}

	return bll.CreateTransaction(transaction)
}
Exemple #2
0
// ResendAccountActivationEmail resends the email with the details for activating their user account
func (a *AuthAPI) ResendAccountActivationEmail(params *api.Request) api.Response {
	var model = ResendActivationEmailModel{}

	var err = util.DeserializeJSON(params.Body, &model)
	if err != nil {
		return api.BadRequest(api.ErrEntityFormat)
	}

	err = auth.ResendAccountActivationEmail(model.Email, model.ActivateAccountServiceLink)
	if err != nil {
		return api.InternalServerError(err)
	}

	return api.StatusResponse(http.StatusOK)
}
Exemple #3
0
// RequestResetPassword sends an email with a special token that will be used for resetting the password
func (a *AuthAPI) RequestResetPassword(params *api.Request) api.Response {
	var model = RequestResetPasswordModel{}

	var err = util.DeserializeJSON(params.Body, &model)
	if err != nil {
		return api.BadRequest(api.ErrEntityFormat)
	}

	err = auth.RequestResetPassword(model.Email, model.PasswordResetServiceLink)
	if err != nil {
		return api.InternalServerError(err)
	}

	return api.StatusResponse(http.StatusOK)
}
Exemple #4
0
// ActivateAccount activates an account using the activation token sent through email
func (a *AuthAPI) ActivateAccount(params *api.Request) api.Response {
	var model = ActivateAccountModel{}

	var err = util.DeserializeJSON(params.Body, &model)
	if err != nil {
		return api.BadRequest(api.ErrEntityFormat)
	}

	err = auth.ActivateAppUser(model.Token)
	if err != nil {
		return api.BadRequest(err)
	}

	return api.StatusResponse(http.StatusOK)
}
Exemple #5
0
// InitCipherModule initializes the components used for server-side encryption
func InitCipherModule() {
	key, err := util.Decode(encodedPrivateKey)
	if err != nil {
		panic(err)
	}

	err = util.DeserializeJSON(key, privateKey)
	if err != nil {
		panic(err)
	}

	encrypter, err = jose.NewEncrypter(jose.RSA_OAEP, jose.A128GCM, &privateKey.PublicKey)
	if err != nil {
		panic(err)
	}
}
Exemple #6
0
func getUserTokens(storeLocation string, userID bson.ObjectId) ([]string, error) {
	userIndexFile := fileLocation(storeLocation, userID.Hex())

	fileContent, err := ioutil.ReadFile(userIndexFile)
	if err != nil {
		return nil, err
	}

	var userTokens []string
	err = util.DeserializeJSON(fileContent, userTokens)
	if err != nil {
		return nil, err
	}

	return userTokens, nil
}
Exemple #7
0
// CreateAppUser is an endpoint used for creating application users
func (v *DevAPI) CreateAppUser(params *api.Request) api.Response {
	model := &AppUserModel{}

	err := util.DeserializeJSON(params.Body, model)
	if err != nil {
		return api.BadRequest(api.ErrEntityFormat)
	}

	var activationServiceLink = config.HTTPServerAddress + config.APIInstance + "dev/ActivateAppUser?token=%s"

	user, err := auth.CreateAppUser(model.Email, model.Password, model.AccountType, activationServiceLink)
	if err != nil {
		return api.InternalServerError(err)
	}

	return api.JSONResponse(http.StatusOK, user)
}
Exemple #8
0
// ReadCookie fetches a cookie from the cookie store
func (store *FileCookieStore) ReadCookie(key string) (*Session, error) {
	fileName := fileLocation(store.location, key)
	encryptedData, err := ioutil.ReadFile(fileName)
	if err != nil {
		return nil, err
	}

	jsonData, err := security.Decrypt(encryptedData)
	if err != nil {
		return nil, err
	}

	var session *Session
	err = util.DeserializeJSON(jsonData, session)

	return session, err
}
Exemple #9
0
// Authorize tries to authorize an existing gostToken
func Authorize(httpHeader http.Header) (*identity.Identity, error) {
	ghostToken, err := extractGhostToken(httpHeader)
	if err != nil {
		if err == errAnonymousUser {
			return identity.NewAnonymous(), nil
		}

		return nil, err
	}

	encryptedToken, err := util.Decode([]byte(ghostToken))
	if err != nil {
		return nil, err
	}

	jsonToken, err := security.Decrypt(encryptedToken)
	if err != nil {
		return nil, err
	}

	cookie := new(cookies.Session)
	err = util.DeserializeJSON(jsonToken, cookie)
	if err != nil {
		return nil, err
	}

	dbCookie, err := cookies.GetSession(cookie.Token)
	if err != nil || dbCookie == nil {
		return nil, ErrDeactivatedUser
	}

	if !identity.IsUserActivated(dbCookie.UserID) {
		return nil, ErrDeactivatedUser
	}

	go dbCookie.ResetToken()

	return identity.New(dbCookie), nil
}
Exemple #10
0
// CreateSession creates a new session for an existing user account
func (a *AuthAPI) CreateSession(params *api.Request) api.Response {
	model := &AuthModel{}

	err := util.DeserializeJSON(params.Body, model)
	if err != nil {
		return api.BadRequest(err)
	}

	if model.Password != model.PasswordConfirmation {
		return api.BadRequest(ErrPasswordMatch)
	}

	if !bson.IsObjectIdHex(model.AppUserID) {
		return api.BadRequest(api.ErrInvalidIDParam)
	}

	token, err := auth.GenerateUserAuth(bson.ObjectIdHex(model.AppUserID), model.ClientDetails)
	if err != nil {
		return api.BadRequest(err)
	}

	return api.PlainTextResponse(http.StatusOK, token)
}
Exemple #11
0
// ResetPassword resets an user account's password
func (a *AuthAPI) ResetPassword(params *api.Request) api.Response {
	var model = ResetPasswordModel{}

	var err = util.DeserializeJSON(params.Body, &model)
	if err != nil {
		return api.BadRequest(api.ErrEntityFormat)
	}

	if model.Password != model.PasswordConfirmation {
		return api.BadRequest(errPasswordsDoNotMatch)
	}

	err = auth.ResetPassword(model.Token, model.Password)
	if err != nil {
		if err == auth.ErrResetPasswordTokenExpired {
			return api.BadRequest(err)
		}

		return api.InternalServerError(err)
	}

	return api.StatusResponse(http.StatusOK)
}