func (l *Login) handleLogin(w http.ResponseWriter, req *http.Request) { if ok, err := l.csrf.Check(req, req.FormValue("csrf")); !ok || err != nil { glog.Errorf("Unable to check CSRF token: %v", err) failed(errorCodeTokenExpired, w, req) return } then := req.FormValue("then") if len(then) == 0 { http.Redirect(w, req, "/", http.StatusFound) return } username, password := req.FormValue("username"), req.FormValue("password") if username == "" { failed(errorCodeUserRequired, w, req) return } user, ok, err := l.auth.AuthenticatePassword(username, password) if err != nil { glog.Errorf(`Error authenticating %q with provider %q: %v`, username, l.provider, err) failed(errorpage.AuthenticationErrorCode(err), w, req) return } if !ok { glog.V(4).Infof(`Login with provider %q failed for %q`, l.provider, username) failed(errorCodeAccessDenied, w, req) return } glog.V(4).Infof(`Login with provider %q succeeded for %q: %#v`, l.provider, username, user) l.auth.AuthenticationSucceeded(user, then, w, req) }
func (l *Login) handleLogin(w http.ResponseWriter, req *http.Request) { if ok, err := l.csrf.Check(req, req.FormValue("csrf")); !ok || err != nil { glog.Errorf("Unable to check CSRF token: %v", err) failed(errorCodeTokenExpired, w, req) return } then := req.FormValue("then") user, password := req.FormValue("username"), req.FormValue("password") if user == "" { failed(errorCodeUserRequired, w, req) return } context, ok, err := l.auth.AuthenticatePassword(user, password) if err != nil { glog.Errorf("Unable to authenticate password: %v", err) failed(errorpage.AuthenticationErrorCode(err), w, req) return } if !ok { failed(errorCodeAccessDenied, w, req) return } l.auth.AuthenticationSucceeded(context, then, w, req) }