func login(w http.ResponseWriter, req *http.Request, ctx *Context) error {
uid, password := req.FormValue("username"), req.FormValue("password")
// log.Printf("accept: %v (%d)", req.Header["Accept"], len(req.Header["Accept"]))
res := make(osin.ResponseData)
if !backends.Authenticate(uid, password) {
// ctx.Session.AddFlash("Invalid Username/Password")
res["ok"] = false
res["error"] = map[string]string{"message": "Invalid Username/Password", "field": "password"}
return outputJson(res, w)
}
staff, err := backends.GetStaff(uid)
if err != nil {
res["ok"] = false
res["error"] = map[string]string{"message": "Load user failed"}
return outputJson(res, w)
}
//store the user id in the values and redirect to welcome
user := UserFromStaff(staff)
user.Refresh()
ctx.Session.Values[kUserOL] = user
ctx.Session.Values[kLastUid] = staff.Uid
res["ok"] = true
res["referer"] = ctx.Referer
return outputJson(res, w)
// http.Redirect(w, req, reverse("welcome"), http.StatusSeeOther)
}
func passwordChange(w http.ResponseWriter, req *http.Request, ctx *Context) error {
uid, pwdOld, pwdNew := req.FormValue("username"), req.FormValue("old_password"), req.FormValue("new_password")
res := make(osin.ResponseData)
if !backends.Authenticate(uid, pwdOld) {
res["ok"] = false
res["error"] = map[string]string{"message": "Invalid Username/Password", "field": "old_password"}
return outputJson(res, w)
}
err := backends.PasswordChange(uid, pwdOld, pwdNew)
if err != nil {
res["ok"] = false
res["error"] = map[string]string{"message": err.Error(), "field": "old_password"}
} else {
res["ok"] = true
}
return outputJson(res, w)
}
// Access token endpoint
func oauthToken(w http.ResponseWriter, r *http.Request, ctx *Context) (err error) {
resp := server.NewResponse()
defer resp.Close()
var (
uid string = ""
user *User
)
if ar := server.HandleAccessRequest(resp, r); ar != nil {
debugf("ar Code %s Scope %s", ar.Code, ar.Scope)
switch ar.Type {
case osin.AUTHORIZATION_CODE:
uid = ar.UserData.(string)
staff, err := backends.GetStaff(uid)
if err != nil {
resp.SetError("get_user_error", "staff not found")
resp.InternalError = err
} else {
user = UserFromStaff(staff)
}
ar.Authorized = true
case osin.REFRESH_TOKEN:
ar.Authorized = true
case osin.PASSWORD:
if Settings.HttpListen == "localhost:3000" && ar.Username == "test" && ar.Password == "test" {
ar.UserData = "test"
ar.Authorized = true
break
}
if !backends.Authenticate(ar.Username, ar.Password) {
resp.SetError("authentication_failed", err.Error())
break
}
staff, err := backends.GetStaff(ar.Username)
if err != nil {
// resp.InternalError = err
resp.SetError("get_user_failed", err.Error())
break
}
ar.Authorized = true
ar.UserData = staff.Uid
user = UserFromStaff(staff)
case osin.CLIENT_CREDENTIALS:
ar.Authorized = true
case osin.ASSERTION:
if ar.AssertionType == "urn:osin.example.complete" && ar.Assertion == "osin.data" {
ar.Authorized = true
}
}
server.FinishAccessRequest(resp, r, ar)
}
if resp.IsError && resp.InternalError != nil {
log.Printf("token ERROR: %s\n", resp.InternalError)
}
if !resp.IsError {
if uid != "" {
resp.Output["uid"] = uid
resp.Output["is_keeper"] = IsKeeper(uid)
}
if user != nil {
resp.Output["user"] = user
}
}
debugf("oauthToken resp: %v", resp)
osin.OutputJSON(resp, w, r)
return resp.InternalError
}