Esempio n. 1
0
//User login
func (uc UsersController) login(request *restful.Request,
	response *restful.Response) {
	loginCredentials := new(UserLoginCredentials)
	err := request.ReadEntity(loginCredentials)
	if err != nil {
		LogError(request, response, err)
		WriteIllegalRequestError(response)
		return
	}
	cookieAuth, err := new(UserManager).Login(loginCredentials)
	if err != nil {
		LogError(request, response, err)
		WriteError(err, response)
		return
	}
	//Create an Auth cookie
	authCookie := http.Cookie{
		Name:     "AuthSession",
		Value:    cookieAuth.AuthToken,
		Path:     "/",
		HttpOnly: true,
	}
	//Create a CSRF cookie for this session
	//Subsequent requests must include this in a header field
	//X-Csrf-Token
	csrfCookie := http.Cookie{
		Name:     "CsrfToken",
		Value:    util.GenHashString(cookieAuth.AuthToken),
		Path:     "/",
		HttpOnly: false,
	}
	response.AddHeader("Set-Cookie", authCookie.String())
	response.AddHeader("Set-Cookie", csrfCookie.String())
	response.WriteEntity(BooleanResponse{Success: true})
}
Esempio n. 2
0
func AddCsrfCookie(rw http.ResponseWriter, sessToken string) {
	csrfCookie := http.Cookie{
		Name:     "CsrfToken",
		Value:    util.GenHashString(sessToken),
		Path:     "/",
		HttpOnly: false,
	}
	rw.Header().Add("Set-Cookie", csrfCookie.String())
}
Esempio n. 3
0
func SetAuth(rw http.ResponseWriter, ca couchdb.Auth) {
	authData := ca.GetUpdatedAuth()
	if authData == nil {
		return
	}
	if val, ok := authData["AuthSession"]; ok {
		authCookie := http.Cookie{
			Name:     "AuthSession",
			Value:    val,
			Path:     "/",
			HttpOnly: true,
		}
		rw.Header().Add("Set-Cookie", authCookie.String())
		AddCsrfCookie(rw, util.GenHashString(val))
	}
}
Esempio n. 4
0
func (sta *StandardAuthenticator) SetAuth(rw http.ResponseWriter, cAuth couchdb.Auth) {
	authData := cAuth.GetUpdatedAuth()
	if authData == nil {
		return
	}
	if val, ok := authData["AuthSession"]; ok {
		authCookie := http.Cookie{
			Name:     "AuthSession",
			Value:    val,
			Path:     "/",
			HttpOnly: true,
		}
		//Create a CSRF cookie
		csrfCookie := http.Cookie{
			Name:     "CsrfToken",
			Value:    util.GenHashString(val),
			Path:     "/",
			HttpOnly: false,
		}
		rw.Header().Add("Set-Cookie", authCookie.String())
		rw.Header().Add("Set-Cookie", csrfCookie.String())
	}
}