// handleLoginRequest is used to handle a login request, which is an // unauthenticated request to the backend. func (c *Core) handleLoginRequest(req *logical.Request) (*logical.Response, *logical.Auth, error) { defer metrics.MeasureSince([]string{"core", "handle_login_request"}, time.Now()) // Create an audit trail of the request, auth is not available on login requests if err := c.auditBroker.LogRequest(nil, req, nil); err != nil { c.logger.Printf("[ERR] core: failed to audit request (%#v): %v", req, err) return nil, nil, ErrInternalError } // Route the request resp, err := c.router.Route(req) // A login request should never return a secret! if resp != nil && resp.Secret != nil { c.logger.Printf("[ERR] core: unexpected Secret response for login path"+ "(request: %#v, response: %#v)", req, resp) return nil, nil, ErrInternalError } // If the response generated an authentication, then generate the token var auth *logical.Auth if resp != nil && resp.Auth != nil { auth = resp.Auth // Determine the source of the login source := c.router.MatchingMount(req.Path) source = strings.TrimPrefix(source, credentialRoutePrefix) source = strings.Replace(source, "/", "-", -1) // Prepend the source to the display name auth.DisplayName = strings.TrimSuffix(source+auth.DisplayName, "-") // Generate a token te := TokenEntry{ Path: req.Path, Policies: auth.Policies, Meta: auth.Metadata, DisplayName: auth.DisplayName, } if err := c.tokenStore.Create(&te); err != nil { c.logger.Printf("[ERR] core: failed to create token: %v", err) return nil, auth, ErrInternalError } // Populate the client token resp.Auth.ClientToken = te.ID // Set the default lease if non-provided, root tokens are exempt if auth.Lease == 0 && !strListContains(auth.Policies, "root") { auth.Lease = c.defaultLeaseDuration } // Limit the lease duration if resp.Auth.Lease > c.maxLeaseDuration { resp.Auth.Lease = c.maxLeaseDuration } // Register with the expiration manager if err := c.expiration.RegisterAuth(req.Path, auth); err != nil { c.logger.Printf("[ERR] core: failed to register token lease "+ "(request: %#v, response: %#v): %v", req, resp, err) return nil, auth, ErrInternalError } // Attach the display name, might be used by audit backends req.DisplayName = auth.DisplayName } return resp, auth, err }