func (d *Daemon) auther(r *http.Request) (store.Authenticator, error) {
overlord := d.overlord
state := overlord.State()
state.Lock()
user, err := UserFromRequest(state, r)
state.Unlock()
if err != nil {
return nil, err
}
return user.Authenticator(), nil
}
func loginUser(c *Command, r *http.Request) Response {
var loginData struct {
Username string `json:"username"`
Password string `json:"password"`
Otp string `json:"otp"`
}
decoder := json.NewDecoder(r.Body)
if err := decoder.Decode(&loginData); err != nil {
return BadRequest("cannot decode login data from request body: %v", err)
}
macaroon, err := store.RequestPackageAccessMacaroon()
if err != nil {
return InternalError(err.Error())
}
discharge, err := store.DischargeAuthCaveat(loginData.Username, loginData.Password, macaroon, loginData.Otp)
if err == store.ErrAuthenticationNeeds2fa {
twofactorRequiredResponse := &resp{
Type: ResponseTypeError,
Result: &errorResult{
Kind: errorKindTwoFactorRequired,
Message: store.ErrAuthenticationNeeds2fa.Error(),
},
Status: http.StatusUnauthorized,
}
return SyncResponse(twofactorRequiredResponse, nil)
}
if err != nil {
return Unauthorized(err.Error())
}
overlord := c.d.overlord
state := overlord.State()
state.Lock()
_, err = auth.NewUser(state, loginData.Username, macaroon, []string{discharge})
state.Unlock()
if err != nil {
return InternalError("cannot persist authentication details: %v", err)
}
result := loginResponseData{
Macaroon: macaroon,
Discharges: []string{discharge},
}
return SyncResponse(result, nil)
}
