Esempio n. 1
0
func WhoamiHandler(c http.ResponseWriter, r *http.Request) {
	id, err := session.Get(r, "openid-email")
	if err != nil {
		template.Error500(c, r, err)
		return
	}
	fmt.Fprintln(c, "Authenticated as:", id)
}
Esempio n. 2
0
// Basic function that retrieves the permissions a user has based on the contents of their request, including cookies and request path. Designed to be a simple function for most uses. If you want more control, you can use the GetGroupPerms and GetUserPerms functions.
func Get(r *http.Request) (p *Permissions, err error) {
	p = new(Permissions)
	uname, err := session.Get(r, "openid-email")
	if err != nil {
		p.Authenticated = false
		return p, err
	}
	p.Authenticated = true

	uperms, err := GetUserPerms(uname, r.URL.Path)
	if err != nil {
		return nil, err
	}

	if uperms == nil {
		p.Recognized = false
		return p, nil
	}
	p.Recognized = true

	p.Write = uperms.Write
	p.Read = uperms.Read

	groups, err := loadGroups(uname)
	if err != nil {
		// Group permissions can only possibly be *more* permissive than user permissions; failing to load the permissions for a user's group shouldn't be a fatal error.
		return p, err
	}

	for _, group := range groups {
		gperms, err := GetGroupPerms(group, r.URL.Path)
		if err != nil {
			return p, err
		}
		if gperms == nil {
			continue
		}
		// Use the most permissive interpretation of the permissions. If a group is allowed to access something, so should all the users in the group.
		if !uperms.Read {
			if gperms.Read {
				p.Read = true
			}
		}
		if !uperms.Write {
			if gperms.Write {
				p.Write = true
			}
		}
	}
	return p, nil
}
Esempio n. 3
0
func AuthHandler(c http.ResponseWriter, r *http.Request) {
	grant, _, err := openid.VerifyValues(r.URL.Query())
	if err != nil {
		emsg := fmt.Sprintln("Error in openid auth handler:", err)
		fmt.Println(emsg)
		fmt.Fprintln(c, emsg)
		return
	}
	if !grant {
		fmt.Println("Permission denied!")
		fmt.Fprintln(c, "Access denied by user or internal error.")
		return
	}
	fmt.Println("Permission granted!")

	wantedValues := []string{"value.email", "value.first", "value.last", "value.country", "value.lang"}
	qvalues := r.URL.Query()
	for _, wantedValue := range wantedValues {
		value, _ := url.QueryUnescape(qvalues.Get("openid.ext1." + wantedValue))
		err := session.Set(c, r, "openid-"+wantedValue[len("value."):], value)
		if err != nil {
			template.Error500(c, r, err)
			return
		}
	}
	id, _ := url.QueryUnescape(qvalues.Get("openid.ext1.value.email"))
	err = session.Set(c, r, "openid-email", id)
	if err != nil {
		template.Error500(c, r, err)
		return
	}

	continueURL, err := session.Get(r, "openid-continue-url")
	if err != nil || continueURL == "" {
		continueURL = "/"
	}
	fmt.Println(c, r, continueURL)
	http.Redirect(c, r, continueURL, 307)
	fmt.Fprintln(c, "Authenticated as", id)
	return
}