// POST /_session creates a login session and sets its cookie
func (h *handler) handleSessionPOST() error {
// CORS not allowed for login #115 #762
originHeader := h.rq.Header["Origin"]
if len(originHeader) > 0 {
matched := ""
if h.server.config.CORS != nil {
matched = matchedOrigin(h.server.config.CORS.LoginOrigin, originHeader)
}
if matched == "" {
return base.HTTPErrorf(http.StatusBadRequest, "No CORS")
}
}
var params struct {
Name string `json:"name"`
Password string `json:"password"`
}
err := h.readJSONInto(¶ms)
if err != nil {
return err
}
var user auth.User
user, err = h.db.Authenticator().GetUser(params.Name)
if err != nil {
return err
}
if user != nil && !user.Authenticate(params.Password) {
user = nil
}
return h.makeSession(user)
}
func (h *handler) getUserFromSessionRequestBody() (auth.User, error) {
var params struct {
Name string `json:"name"`
Password string `json:"password"`
}
err := h.readJSONInto(¶ms)
if err != nil {
return nil, err
}
var user auth.User
user, err = h.db.Authenticator().GetUser(params.Name)
if err != nil {
return nil, err
}
if user != nil && !user.Authenticate(params.Password) {
user = nil
}
return user, err
}
// POST /_session creates a login session and sets its cookie
func (h *handler) handleSessionPOST() error {
if len(h.rq.Header["Origin"]) > 0 {
// CORS not allowed for login #115
return base.HTTPErrorf(http.StatusBadRequest, "No CORS")
}
var params struct {
Name string `json:"name"`
Password string `json:"password"`
}
err := h.readJSONInto(¶ms)
if err != nil {
return err
}
var user auth.User
user, err = h.db.Authenticator().GetUser(params.Name)
if err != nil {
return err
}
if !user.Authenticate(params.Password) {
user = nil
}
return h.makeSession(user)
}