Exemplo n.º 1
1
func LogoutHandler(c *gin.Context) {
	var userCookie http.Cookie
	userCookie.Name = "user"
	userCookie.MaxAge = -1
	http.SetCookie(c.Writer, &userCookie)
	c.Redirect(http.StatusMovedPermanently, "/")
}
Exemplo n.º 2
1
func (p *Login) addUuidCookie(c *gin.Context, uuid string) {
	cookie := new(http.Cookie)
	cookie.Name = "uuid"
	cookie.Value = uuid
	cookie.Path = "/"
	http.SetCookie(c.Writer, cookie)
}
Exemplo n.º 3
1
/*
	получить актуальную сессию
*/
func Get(w http.ResponseWriter, r *http.Request) *Session {
	var (
		err    error
		cookie *http.Cookie
		ses    *Session
		ok     bool
		ses_id string
	)

	cookie, err = r.Cookie(sid)
	if err != nil {
		ses_id, ses = registry.new()

		cookie = &http.Cookie{Name: sid, Value: ses_id, Path: "/", HttpOnly: true, MaxAge: int(maxlifetime.Seconds())}
		http.SetCookie(w, cookie)

		return ses
	}

	ses, ok = registry.get(cookie.Value)
	if !ok {
		ses = registry.create(cookie.Value)

		cookie.MaxAge = int(maxlifetime.Seconds())
		cookie.Path = "/"
		http.SetCookie(w, cookie)

		return ses
	}

	cookie.MaxAge = int(maxlifetime.Seconds())
	http.SetCookie(w, cookie)

	return ses
}
Exemplo n.º 4
0
func TestSignedCookie(t *testing.T) {

	context := MakeTestContext()

	cookie := new(http.Cookie)
	cookie.Name = "userId"
	cookie.Value = "2468"

	signedCookie, err := context.AddSignedCookie(cookie)

	if err != nil {
		t.Errorf("Shouldn't error: %s", err)
	}

	// set the request headers
	context.Request.Header = make(http.Header)
	context.Request.AddCookie(cookie)
	context.Request.AddCookie(signedCookie)

	returnedCookie, cookieErr := context.SignedCookie(cookie.Name)

	if cookieErr != nil {
		t.Errorf("SignedCookie shouldn't return error: %s", cookieErr)
		return
	}
	if returnedCookie == nil {
		t.Errorf("SignedCookie shouldn't return nil")
		return
	}

	assertEqual(t, returnedCookie.Name, cookie.Name, "name")

}
Exemplo n.º 5
0
func TestSignedCookie_Tempered(t *testing.T) {

	context := MakeTestContext()

	cookie := new(http.Cookie)
	cookie.Name = "userId"
	cookie.Value = "2468"

	signedCookie, err := context.AddSignedCookie(cookie)

	if err != nil {
		t.Errorf("Shouldn't error: %s", err)
	}

	// temper with the cookie
	cookie.Value = "something-else"

	// set the request headers
	context.Request.Header = make(http.Header)
	context.Request.AddCookie(cookie)
	context.Request.AddCookie(signedCookie)

	returnedCookie, cookieErr := context.SignedCookie(cookie.Name)

	if cookieErr == nil {
		t.Errorf("SignedCookie SHOULD return error")
	}
	if returnedCookie != nil {
		t.Errorf("ReturnedCookie should be nil")
	}

}
Exemplo n.º 6
0
//User logout
func (uc UsersController) logout(request *restful.Request,
	response *restful.Response) {
	token := func() string {
		for _, cookie := range request.Request.Cookies() {
			if cookie.Name == "AuthSession" {
				return cookie.Value
			}
		}
		return ""
	}()
	err := new(UserManager).Logout(token)
	if err != nil {
		LogError(request, response, err)
		WriteError(err, response)
		return
	}
	//Because CouchDB doesn't actually destroy the session,
	//best we can do is clear the cookie in the browser.
	//This is apparently "not a bug" :|
	//http://webmail.dev411.com/t/couchdb/dev/141xwf5vb0/jira-created-couchdb-2042-session-not-cleared-after-delete-session-cookie-auth
	theCookie := http.Cookie{
		Name:     "AuthSession",
		Value:    "",
		Path:     "/",
		HttpOnly: true,
	}
	response.AddHeader("Set-Cookie", theCookie.String())
	response.WriteEntity(BooleanResponse{Success: true})
}
Exemplo n.º 7
0
func CreateCookie(u string, db *sql.DB, persistent bool, app bool) (http.Cookie, error) {
	alphaNum := []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuv")
	randValue := ""
	for i := 0; i < 32; i++ {
		num, err := RandKey(58)
		if err != nil {
			return http.Cookie{}, err
		}
		randValue = randValue + string(alphaNum[num])
	}

	authCookie := http.Cookie{
		Name:     "5sur",
		Value:    randValue,
		Path:     "/",
		Domain:   "5sur.com", // Add domain name in the future
		Secure:   true,       // SSL only
		HttpOnly: true,       // HTTP(S) only
	}

	if persistent {
		authCookie.Expires = time.Now().AddDate(0, 1, 0) // One month from now
	} else {
		// Session cookie
	}

	err := updateSession(randValue, u, db, app)
	if err != nil {
		return http.Cookie{}, err
	}
	return authCookie, nil
}
Exemplo n.º 8
0
func (this *loginController) login(w http.ResponseWriter, req *http.Request) {
	w.Header().Add("Content-Type", "text/html")
	responseWriter := util.GetResponseWriter(w, req)
	defer responseWriter.Close()

	if req.Method == "POST" {
		email := req.FormValue("email")
		password := req.FormValue("password")

		member, err := models.GetMember(email, password)
		if err != nil {
			responseWriter.Write([]byte(err.Error()))
			return
		}

		session, err := models.CreateSession(member)
		if err != nil {
			responseWriter.Write([]byte(err.Error()))
			return
		}

		var cookie http.Cookie
		cookie.Name = "sessionId"
		cookie.Value = session.SessionId()
		responseWriter.Header().Add("Set-Cookie", cookie.String())
	}
	vm := viewmodels.GetLogin()
	this.template.Execute(responseWriter, vm)
}
Exemplo n.º 9
0
func (h *homeController) login(w http.ResponseWriter, req *http.Request) {
	responseWriter := util.GetResponseWriter(w, req)
	defer responseWriter.Close()

	w.Header().Add("Content Type", "text/html")

	if req.Method == "POST" {
		email := req.FormValue("email")
		password := req.FormValue("password")

		member, err := models.GetMember(email, password)

		if err == nil {
			session, err := models.CreateSession(member)
			log.Printf("create session err: %v", err)
			if err == nil {
				var cookie http.Cookie
				cookie.Name = "sessionId"
				cookie.Value = session.SessionId()
				responseWriter.Header().Add("Set-Cookie", cookie.String())
			}
		} else {
			log.Print("User not found!")
		}
	}

	vm := viewmodels.GetLogin()

	h.loginTemplate.Execute(responseWriter, vm)
}
Exemplo n.º 10
0
func (ss signedCookieSessionHandler) writeToResponse(s SignedCookieSession, resp goanna.Response) {
	bytes, err := s.sessionData.Unmarshal()
	if err != nil {
		log.Println(err.Error())
	}

	cookie := http.Cookie{
		Name:     ss.CookieName,
		Value:    base64.URLEncoding.EncodeToString(bytes),
		HttpOnly: true,
		Secure:   ss.Secure,
		Path:     "/",
	}
	ss.CookieSigner.EncodeCookie(&cookie)

	maxage := int(s.MaxAge() / time.Second)
	if maxage != 0 {
		if s.preferExpires {
			cookie.Expires = time.Now().Add(s.MaxAge())
		} else {
			cookie.MaxAge = maxage
		}
	}
	resp.SetCookie(cookie)
}
Exemplo n.º 11
0
func HandleGuard(c *webapp.Context) {
	var err error
	action := c.Request.FormValue("action")
	if action == "logout" {
		RevokeSessionTokon()
		c.Redirect("/guard", http.StatusFound)
		return
	}
	if c.Request.Method == "POST" {
		cert := c.Request.FormValue("certificate")
		if len(cert) == 0 {
			c.Redirect("/guard", http.StatusFound)
			return
		}
		if SHA256Sum(cert) == GetConfig().Certificate {
			cookie := new(http.Cookie)
			cookie.Name = "token"
			cookie.Path = "/"
			cookie.Value = GenerateSessionToken()
			http.SetCookie(c.Writer, cookie)
			c.Redirect("/writer", http.StatusFound)
		} else {
			err = RenderGuard(c, "Your password is not correct")
			if err != nil {
				c.Error(fmt.Sprintf("%s: %s", webapp.ErrInternalServerError, err), http.StatusInternalServerError)
			}
		}
	} else if c.Request.Method == "GET" {
		err = RenderGuard(c, "")
		if err != nil {
			c.Error(fmt.Sprintf("%s: %s", webapp.ErrInternalServerError, err), http.StatusInternalServerError)
		}
	}
}
Exemplo n.º 12
0
func TestValidateSignedCookie_MissingCookie(t *testing.T) {

	context := MakeTestContext()

	cookie := new(http.Cookie)
	cookie.Name = "userId"
	cookie.Value = "2468"

	signedCookie, err := context.AddSignedCookie(cookie)

	if err != nil {
		t.Errorf("Shouldn't error: %s", err)
	}

	// set the request headers
	context.Request.Header = make(http.Header)
	context.Request.AddCookie(signedCookie)

	valid, validErr := context.cookieIsValid(cookie.Name)

	if validErr != CookieIsMissing {
		t.Errorf("Should error CookieIsMissing")
	}

	assertEqual(t, valid, false, "cookieIsValid should be false")

}
Exemplo n.º 13
0
Arquivo: main.go Projeto: andoma/spmc
func roothandler(w http.ResponseWriter, r *http.Request) {
	u := getUser(r)

	if r.Method == "GET" {
		var filename string
		if u != nil {
			filename = "static/index.html"
		} else {
			filename = "static/login.html"
		}

		file, err := os.Open(filename)
		if err != nil {
			http.NotFound(w, r)
		} else {
			io.Copy(w, file)
			file.Close()
		}
		return
	}

	if r.Method == "POST" {
		r.ParseForm()
		var u *User
		var err error
		if len(r.Form["login"]) > 0 {
			username := r.Form["username"][0]
			password := r.Form["password"][0]
			u, err = dbAuthUser(username, password)
		} else if len(r.Form["register"]) > 0 {
			username := r.Form["username"][0]
			password := r.Form["password"][0]
			email := r.Form["email"][0]
			u, err = dbAddUser(username, password, email)
		} else {
			http.NotFound(w, r)
			return
		}

		if err != nil {
			w.WriteHeader(401)
			w.Write([]byte(err.Error()))
			return
		}

		value, err := authenticateUser(u)
		if err != nil {
			w.WriteHeader(401)
			w.Write([]byte(err.Error()))
			return
		}

		c := new(http.Cookie)
		c.Name = "auth"
		c.Value = *value
		http.SetCookie(w, c)
		http.Redirect(w, r, "spmc/", 301)
		return
	}
}
Exemplo n.º 14
0
// Get the session from the cookie in the request
// Creates a new session and cookie if none can be found
func getSession(w http.ResponseWriter, req *http.Request) (*Session, bool) {

	cookie, err := req.Cookie("id")
	if err == nil {
		s, ok := sessionSync(cookie.Value)
		if ok {
			return s, ok
		}

		log.Println("Invalid session cookie presented: ", cookie.Value)
	}

	// Create a session
	s := newSession()
	config.Debug("Creating new session ", s.id)
	sessions.Create(s)

	// Write the session to the HTTP response
	newcookie := http.Cookie{
		Name:     "id",
		Value:    s.id,
		Path:     "/",
		MaxAge:   math.MaxInt32,
		HttpOnly: true}
	w.Header().Add("Set-Cookie", newcookie.String())

	s.mutex.Lock()
	return s, true
}
Exemplo n.º 15
0
// cookie returns an http.Cookie containing the signed session.
func (s Session) cookie() *http.Cookie {
	var sessionValue string
	ts := s.getExpiration()
	s[TIMESTAMP_KEY] = getSessionExpirationCookie(ts)
	for key, value := range s {
		if strings.ContainsAny(key, ":\x00") {
			panic("Session keys may not have colons or null bytes")
		}
		if strings.Contains(value, "\x00") {
			panic("Session values may not have null bytes")
		}
		sessionValue += "\x00" + key + ":" + value + "\x00"
	}

	sessionData := url.QueryEscape(sessionValue)
	cookie := http.Cookie{
		Name:     revel.CookiePrefix + "_SESSION",
		Value:    revel.Sign(sessionData) + "-" + sessionData,
		Path:     "/",
		HttpOnly: revel.CookieHttpOnly,
		Secure:   revel.CookieSecure,
		Expires:  ts.UTC(),
	}

	if cookieDomain != "" {
		cookie.Domain = cookieDomain
	}

	return &cookie
}
Exemplo n.º 16
0
func handleLogin(w http.ResponseWriter, r *http.Request) {
	login := r.FormValue("login")
	password := r.FormValue("password")

	usersConfiguration := GetUsersConfiguration()
	user, userFindErr := usersConfiguration.getUserByName(login)

	if userFindErr != nil {
		fmt.Fprint(w, RenderLoginPage(&userFindErr))
		return
	}

	if user.Password != password {
		passwordMistmatchError := errors.New("Password mistmatch")
		fmt.Fprint(w, RenderLoginPage(&passwordMistmatchError))
		return
	}
	cookie := new(http.Cookie)
	cookie.Name = "loginToken"
	cookie.Value = login
	http.SetCookie(w, cookie)

	runner := GetAnalyzeRunner()
	fmt.Fprint(w, RenderMainPage(runner.IsRunning(), user))
}
Exemplo n.º 17
0
func SetCookieVal(w http.ResponseWriter, name string, value string, path string) {
	var C http.Cookie
	C.Name = name
	C.Value = value
	C.Path = path
	C.Expires = time.Now().AddDate(0, 1, 0)
	http.SetCookie(w, &C)
}
Exemplo n.º 18
0
func (r *OkResponse) ClearCookie(name string) {
	c := http.Cookie{}
	c.Name = name
	c.Value = "none"
	c.MaxAge = -1
	c.Expires = time.Unix(1, 0)
	r.SetCookie(c)
}
Exemplo n.º 19
0
func setStickyCookieBackend(res *http.Response, backend string, cookieKey [32]byte) {
	cookie := http.Cookie{
		Name:  stickyCookie,
		Value: base64.StdEncoding.EncodeToString(encrypt([]byte(backend), cookieKey)),
		Path:  "/",
	}
	res.Header.Add("Set-Cookie", cookie.String())
}
Exemplo n.º 20
0
func (s *Session) DeleteCookie(options cookieOptions, response http.ResponseWriter) {
	cookie := http.Cookie{
		Name:   options.Name,
		Value:  "-",
		MaxAge: -1,
	}

	response.Header().Set("Set-Cookie", cookie.String())
}
Exemplo n.º 21
0
func AddCsrfCookie(rw http.ResponseWriter, sessToken string) {
	csrfCookie := http.Cookie{
		Name:     "CsrfToken",
		Value:    util.GenHashString(sessToken),
		Path:     "/",
		HttpOnly: false,
	}
	rw.Header().Add("Set-Cookie", csrfCookie.String())
}
Exemplo n.º 22
0
Arquivo: monim.go Projeto: LDCS/monim
func createCookie(key, val string) *http.Cookie {
	cookie := new(http.Cookie)
	cookie.Name = key
	cookie.Value = val
	cookie.HttpOnly = false
	cookie.Path = "/" // Without this ang js cant read cookies we send
	//cookie.Expires = expire
	return cookie
}
Exemplo n.º 23
0
func clearAllCookies(rw http.ResponseWriter, req *http.Request) {
	for _, ck := range req.Cookies() {
		ck2 := http.Cookie{
			Name:   ck.Name,
			MaxAge: -1,
		}
		rw.Header().Add("Set-Cookie", ck2.String())
	}
}
Exemplo n.º 24
0
func (this *Ctx) SetCookie(key string, value string, expires int64) {

	var cookie http.Cookie
	cookie.Name = key
	cookie.Value = value
	cookie.Expires = time.Unix(time.Now().Unix()+expires, 0)

	// this.W.Header().Add("Set-Cookie", cookie.String())
	http.SetCookie(this.W, cookie)
}
Exemplo n.º 25
0
func SetCookie(w http.ResponseWriter, k, v string, exp int32) {
	var ck http.Cookie
	ck.Name = k
	ck.Path = "/"
	ck.Value = v
	if exp != 0 {
		ck.Expires = time.Now().Add(time.Second * time.Duration(exp))
	}
	http.SetCookie(w, &ck)
}
Exemplo n.º 26
0
func getRequest(port int) *http.Request {
	req, _ := http.NewRequest("GET", "http://localhost:"+strconv.Itoa(port)+"/test", nil)
	ck1 := new(http.Cookie)
	ck1.Name = "test"
	ck1.Value = "value"

	req.AddCookie(ck1)

	return req
}
Exemplo n.º 27
0
// TestMinSessionHandlerBadCookie tests if a MinSessionHandler recognizes a bad
// cookie.
//
// Steps:
// 	1. Create a new MinSessionHandler to test.
// 	2. Run the cookie mask in order to get a good cookie.
// 	3. Tamper with the cookie.
// 	4. Run the cookie mask with the tampered cookie.
// 	5. Verify that the bad cookie was rejected and replaced by another good
//	   cookie.
func TestMinSessionHandlerBadCookie(t *testing.T) {
	/* setup */
	var local_cookies []*http.Cookie
	var bad_cookie http.Cookie

	/* run */
	handler := NewMinSessionHandler("testHandler", "/", "example.com")
	sesh1, err := handler.GetSession()
	assert.NoError(t, err)
	fwd1, stc1, err1 := sesh1.CookieMask(nil)
	for _, cookie := range stc1 {
		cookie.Value = cookie.Value + "bad"
		bad_cookie.Name = cookie.Name
		bad_cookie.Value = cookie.Value
		local_cookies = append(local_cookies, cookie)
	}
	sesh2, err := handler.GetSession()
	assert.NoError(t, err)
	fwd2, stc2, err2 := sesh2.CookieMask(local_cookies)

	/* check */
	assert.NoError(t, err1)
	assert.NoError(t, err2)
	assert.Nil(t, fwd1)
	assert.Nil(t, fwd2)
	assert.NotNil(t, stc1)
	if stc1 != nil {
		assert.Equal(t, 1, len(stc1))
	}
	assert.NotNil(t, stc2)
	if stc2 != nil {
		assert.Equal(t, 2, len(stc2))
	}
	bad_cookie_deleted := false
	for _, cookie := range stc2 {
		if cookie.Name == bad_cookie.Name {
			assert.Equal(t, bad_cookie.Value, cookie.Value)
			assert.Equal(t, -1, cookie.MaxAge)
			bad_cookie_deleted = true
		}
	}
	assert.True(t, bad_cookie_deleted)
	assert.NotNil(t, sesh1)
	/*
		if sesh1 != nil {
			assert.Equal(t, 0, len(sesh1))
		}
	*/
	assert.NotNil(t, sesh2)
	/*
		if sesh2 != nil {
			assert.Equal(t, 0, len(sesh2))
		}
	*/
}
Exemplo n.º 28
0
// Constructs a new CSRFHandler that calls
// the specified handler if the CSRF check succeeds.
func New(handler http.Handler) *CSRFHandler {
	baseCookie := http.Cookie{}
	baseCookie.MaxAge = MaxAge

	csrf := &CSRFHandler{successHandler: handler,
		failureHandler: http.HandlerFunc(defaultFailureHandler),
		baseCookie:     baseCookie,
	}

	return csrf
}
Exemplo n.º 29
0
// Duration is the cookie time-to-live in seconds (0 = forever).
func (ctx *Context) SetCookie(name, value string, age int64) {
	var utctime time.Time
	if age == 0 {
		// 2^31 - 1 seconds (roughly 2038)
		utctime = time.Unix(2147483647, 0)
	} else {
		utctime = time.Unix(time.Now().Unix()+age, 0)
	}
	cookie := http.Cookie{Name: name, Value: value, Expires: utctime, Path: "/"}
	ctx.Header().Add("Set-Cookie", cookie.String())
}
Exemplo n.º 30
0
func fetchHandler(w http.ResponseWriter, urlStr string, ctx appengine.Context) {
	ctx.Infof("fetchHandler urlStr arg is %s", urlStr)
	i := strings.LastIndex(urlStr, "/")
	baseUrlStr := urlStr[0 : i+1]

	expires := time.Now().Add(time.Minute)
	ctx.Infof("Setting expires to %s", expires)
	cookie := http.Cookie{Name: PROXY_BASE_URL_COOKIE, Value: baseUrlStr, Expires: expires}
	ctx.Infof("Setting cookie to %s", cookie.String())
	http.SetCookie(w, &cookie)
}