//User login func (uc UsersController) login(request *restful.Request, response *restful.Response) { loginCredentials := new(UserLoginCredentials) err := request.ReadEntity(loginCredentials) if err != nil { LogError(request, response, err) WriteIllegalRequestError(response) return } cookieAuth, err := new(UserManager).Login(loginCredentials) if err != nil { LogError(request, response, err) WriteError(err, response) return } //Create an Auth cookie authCookie := http.Cookie{ Name: "AuthSession", Value: cookieAuth.AuthToken, Path: "/", HttpOnly: true, } //Create a CSRF cookie for this session //Subsequent requests must include this in a header field //X-Csrf-Token csrfCookie := http.Cookie{ Name: "CsrfToken", Value: util.GenHashString(cookieAuth.AuthToken), Path: "/", HttpOnly: false, } response.AddHeader("Set-Cookie", authCookie.String()) response.AddHeader("Set-Cookie", csrfCookie.String()) response.WriteEntity(BooleanResponse{Success: true}) }
func AddCsrfCookie(rw http.ResponseWriter, sessToken string) { csrfCookie := http.Cookie{ Name: "CsrfToken", Value: util.GenHashString(sessToken), Path: "/", HttpOnly: false, } rw.Header().Add("Set-Cookie", csrfCookie.String()) }
func SetAuth(rw http.ResponseWriter, ca couchdb.Auth) { authData := ca.GetUpdatedAuth() if authData == nil { return } if val, ok := authData["AuthSession"]; ok { authCookie := http.Cookie{ Name: "AuthSession", Value: val, Path: "/", HttpOnly: true, } rw.Header().Add("Set-Cookie", authCookie.String()) AddCsrfCookie(rw, util.GenHashString(val)) } }
func (sta *StandardAuthenticator) SetAuth(rw http.ResponseWriter, cAuth couchdb.Auth) { authData := cAuth.GetUpdatedAuth() if authData == nil { return } if val, ok := authData["AuthSession"]; ok { authCookie := http.Cookie{ Name: "AuthSession", Value: val, Path: "/", HttpOnly: true, } //Create a CSRF cookie csrfCookie := http.Cookie{ Name: "CsrfToken", Value: util.GenHashString(val), Path: "/", HttpOnly: false, } rw.Header().Add("Set-Cookie", authCookie.String()) rw.Header().Add("Set-Cookie", csrfCookie.String()) } }