func (h *LoginHandler) Post(ctx rest.Context) (int, interface{}) {
log.Infof("Handling login request %q")
ar := AuthRequest{}
ctx.Deserialize(&ar)
status := 200
// Check for a cookie already present.
c := getSessionCookie(ctx)
if c == nil {
c = &http.Cookie{}
c.Name = authCookieName
c.Value = simpleUUID4()
// TODO(jwall): Session expiration?
sess, err := h.ss.StartSession(c.Value)
if err != nil {
panic("Can't create user session. Something is very wrong!!!" + err.Error())
}
sess.Values[usernameKey] = ar.Username
err = h.ss.Save(sess)
if err != nil {
panic("Can't save user session. Something is very wrong!!!" + err.Error())
}
} else {
sess, err := h.ss.Get(c.Value)
if err != nil || sess == nil {
panic("Error Getting session " + err.Error())
}
if ar.Username != sess.Values[usernameKey].(string) {
// Status 409 Conflict.
// There is a conflict with the current session username
// and the requested login username.
return 409, nil
}
}
if ok, err := ctx.Auth.Authenticate(ar.Username, ar.Password); ok {
ctx.Header().Add("Set-Cookie", c.String())
} else {
log.Errorf("Unable to authenticate %q err %q", ar.Username, err)
status = 403
}
return status, nil
}
func (h *LogoutHandler) Get(ctx rest.Context) (int, interface{}) {
// Always close the body
var cookie *http.Cookie
for _, c := range ctx.Cookies {
if c.Name == authCookieName {
cookie = c
break
}
}
// If we saw a cookie then modify it's expiration.
if cookie != nil {
cookie.Expires = time.Now()
ctx.Header().Add("Set-Cookie", cookie.String())
}
err := h.ss.EndSession(cookie.Value)
if err != nil {
panic("Can't delete user session. Something is very wrong!!!" + err.Error())
}
// For now logouts always succeed. In future we may need to report
// failures.
return 200, nil
}