// Creates a session with TTL and adds to the response. Does NOT return the session info response.
func (h *handler) makeSessionWithTTL(user auth.User, expiry time.Duration) (sessionID string, err error) {
if user == nil {
return "", base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
}
h.user = user
auth := h.db.Authenticator()
session, err := auth.CreateSession(user.Name(), expiry)
if err != nil {
return "", err
}
cookie := auth.MakeSessionCookie(session)
base.AddDbPathToCookie(h.rq, cookie)
http.SetCookie(h.response, cookie)
return session.ID, nil
}
func (h *handler) makeSession(user auth.User) error {
if user == nil {
return base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
}
h.user = user
auth := h.db.Authenticator()
session, err := auth.CreateSession(user.Name(), kDefaultSessionTTL)
if err != nil {
return err
}
cookie := auth.MakeSessionCookie(session)
base.AddDbPathToCookie(h.rq, cookie)
http.SetCookie(h.response, cookie)
return h.respondWithSessionInfo()
}
func (auth *Authenticator) AuthenticateCookie(rq *http.Request, response http.ResponseWriter) (User, error) {
cookie, _ := rq.Cookie(CookieName)
if cookie == nil {
return nil, nil
}
var session LoginSession
_, err := auth.bucket.Get(docIDForSession(cookie.Value), &session)
if err != nil {
if base.IsDocNotFoundError(err) {
err = nil
}
return nil, err
}
// Don't need to check session.Expiration, because Couchbase will have nuked the document.
//update the session Expiration if 10% or more of the current expiration time has elapsed
//if the session does not contain a Ttl (probably created prior to upgrading SG), use
//default value of 24Hours
if session.Ttl == 0 {
session.Ttl = kDefaultSessionTTL
}
duration := session.Ttl
sessionTimeElapsed := int((time.Now().Add(duration).Sub(session.Expiration)).Seconds())
tenPercentOfTtl := int(duration.Seconds()) / 10
if sessionTimeElapsed > tenPercentOfTtl {
session.Expiration = time.Now().Add(duration)
ttlSec := int(duration.Seconds())
if err = auth.bucket.Set(docIDForSession(session.ID), ttlSec, session); err != nil {
return nil, err
}
base.AddDbPathToCookie(rq, cookie)
cookie.Expires = session.Expiration
http.SetCookie(response, cookie)
}
user, err := auth.GetUser(session.Username)
if user != nil && user.Disabled() {
user = nil
}
return user, err
}