Esempio n. 1
0
func (ctx *MgoUserCtx) Login(id model.Identifier, remember int) error {
	tid, ok := id.(mtoy.ID)
	if !ok {
		return membership.ErrInvalidId
	}

	if remember > 0 {
		//use cookie a rememberColl
		//TODO: change the use of RememberInfo
		r := RememberInfo{}
		r.Id = tid.ObjectId
		r.Exp = time.Now().Add(time.Duration(remember) * time.Second)
		r.Token = base64.URLEncoding.EncodeToString(secure.RandomToken(128))
		http.SetCookie(ctx.respw, &http.Cookie{
			Name:    ctx.cookieName,
			Value:   tid.Encode() + "|" + r.Token,
			Expires: r.Exp,
		})
		return ctx.rememberColl.Insert(&r)
	} else {
		//use session
		s := SessionInfo{}
		s.At = time.Now()
		s.Id = tid.ObjectId
		return ctx.sess.Set(ctx.sessionName, s)
	}
	return nil
}
Esempio n. 2
0
// NewSessionEntry return a new SessionEntry
func NewSessionEntry(addr, agent string) *SessionEntry {
	s := &SessionEntry{}
	s.Id = base64.URLEncoding.EncodeToString(secure.RandomToken(32))
	s.RemoteAddr = addr
	s.UserAgent = agent
	s.LastActivity = time.Now()
	s.Data = make(map[string]interface{})
	s.FlashData = make(map[string]interface{})
	return s
}
Esempio n. 3
0
func (ctx *MgoUserCtx) GeneratePassword(password string) membership.Password {
	if len(password) == 0 {
		password = secure.RandomString(16)
	}

	pwd := membership.Password{}
	pwd.InitAt = time.Now()
	pwd.Salt = secure.RandomToken(32)
	ctx.pwdHash.Write([]byte(password))
	ctx.pwdHash.Write(pwd.Salt)
	pwd.Hashed = ctx.pwdHash.Sum(nil)
	ctx.pwdHash.Reset()

	return pwd
}
Esempio n. 4
0
func (ctx *MgoUserCtx) GetUser() (membership.User, error) {
	//check for remember cookie
	cookie, err := ctx.req.Cookie(ctx.cookieName)
	if err == nil {
		//read and parse cookie
		pos := strings.Index(cookie.Value, "|")
		id := cookie.Value[:pos]
		token := cookie.Value[pos+1:]
		if bson.IsObjectIdHex(id) {
			r := RememberInfo{}
			oid := bson.ObjectIdHex(id)
			//validate
			err = ctx.rememberColl.FindId(oid).One(&r)
			if err == nil {
				if token == r.Token {
					if r.Exp.Before(time.Now()) {
						//delete expried auth
						goto DelCookie
					}
					user := Account{}
					err = ctx.userColl.FindId(oid).One(&user)
					if err == nil {
						//re-generate token
						token = base64.URLEncoding.EncodeToString(secure.RandomToken(128))
						http.SetCookie(ctx.respw, &http.Cookie{
							Name:    ctx.cookieName,
							Value:   id + "|" + token,
							Expires: r.Exp,
						})
						err = ctx.rememberColl.UpdateId(oid, bson.M{
							"$set": bson.M{"token": token},
						})
						if err == nil {
							return &user, nil
						}
					}
				}
			}
			ctx.rememberColl.RemoveId(oid)
		}
	DelCookie:
		http.SetCookie(ctx.respw, &http.Cookie{
			Name:   ctx.cookieName,
			MaxAge: -1,
		})
	}
	//check for session
	mapinf, ok := ctx.sess.Get(ctx.sessionName).(map[string]interface{})
	if ok {
		var inf SessionInfo
		inf.Id = mapinf["_id"].(mtoy.ID).ObjectId
		inf.At = mapinf["at"].(time.Time)
		if inf.At.Add(ctx.threshold).After(time.Now()) {
			user := Account{}
			err = ctx.userColl.FindId(inf.Id).One(&user)
			if err == nil {
				return &user, nil
			}
		} else {
			ctx.sess.Delete(ctx.sessionName)
		}
	}
	//not Loged-in
	return nil, errors.New("auth: not Loged-in")
}