2015-01-04 20:33:53 +02:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
2015-01-11 08:49:06 +02:00
|
|
|
"errors"
|
2015-01-15 23:24:12 +02:00
|
|
|
"fmt"
|
2015-01-04 20:33:53 +02:00
|
|
|
"net/http"
|
|
|
|
|
2015-01-13 09:51:25 +02:00
|
|
|
"golang.org/x/crypto/bcrypt"
|
2015-01-10 08:51:02 +02:00
|
|
|
"gopkg.in/authboss.v0"
|
2015-02-21 09:33:35 +02:00
|
|
|
"gopkg.in/authboss.v0/internal/render"
|
2015-01-04 20:33:53 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
methodGET = "GET"
|
|
|
|
methodPOST = "POST"
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
tplLogin = "login.tpl"
|
2015-01-13 07:08:52 +02:00
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
storeUsername = "username"
|
|
|
|
storePassword = "password"
|
2015-01-13 07:08:52 +02:00
|
|
|
)
|
2015-01-11 08:49:06 +02:00
|
|
|
|
2015-01-04 20:33:53 +02:00
|
|
|
func init() {
|
2015-02-21 09:33:35 +02:00
|
|
|
a := &AuthModule{}
|
2015-01-08 09:45:41 +02:00
|
|
|
authboss.RegisterModule("auth", a)
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
type AuthModule struct {
|
|
|
|
templates render.Templates
|
|
|
|
policies []authboss.Validator
|
2015-01-16 01:10:47 +02:00
|
|
|
isRememberLoaded bool
|
2015-01-17 07:49:23 +02:00
|
|
|
isRecoverLoaded bool
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
func (a *AuthModule) Initialize() (err error) {
|
|
|
|
a.templates, err = render.LoadTemplates(authboss.Cfg.Layout, authboss.Cfg.ViewsPath, tplLogin)
|
|
|
|
if err != nil {
|
2015-01-19 00:24:20 +02:00
|
|
|
return err
|
2015-01-05 06:41:20 +02:00
|
|
|
}
|
2015-01-04 20:33:53 +02:00
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
a.policies = authboss.FilterValidators(authboss.Cfg.Policies, "username", "password")
|
2015-01-05 00:50:34 +02:00
|
|
|
|
2015-01-16 01:10:47 +02:00
|
|
|
a.isRememberLoaded = authboss.IsLoaded("remember")
|
2015-01-17 07:49:23 +02:00
|
|
|
a.isRecoverLoaded = authboss.IsLoaded("recover")
|
2015-01-16 01:10:47 +02:00
|
|
|
|
2015-01-04 20:33:53 +02:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
func (a *AuthModule) Routes() authboss.RouteTable {
|
|
|
|
return authboss.RouteTable{
|
|
|
|
"login": a.loginHandlerFunc,
|
|
|
|
"logout": a.logoutHandlerFunc,
|
|
|
|
}
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
func (a *AuthModule) Storage() authboss.StorageOptions {
|
|
|
|
return authboss.StorageOptions{
|
|
|
|
storeUsername: authboss.String,
|
|
|
|
storePassword: authboss.String,
|
|
|
|
}
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
func (a *AuthModule) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error {
|
2015-01-04 20:33:53 +02:00
|
|
|
switch r.Method {
|
|
|
|
case methodGET:
|
2015-01-16 02:04:33 +02:00
|
|
|
if _, ok := ctx.SessionStorer.Get(authboss.SessionKey); ok {
|
|
|
|
if halfAuthed, ok := ctx.SessionStorer.Get(authboss.HalfAuthKey); !ok || halfAuthed == "false" {
|
2015-02-16 06:07:36 +02:00
|
|
|
http.Redirect(w, r, authboss.Cfg.AuthLoginSuccessRoute, http.StatusFound)
|
2015-01-16 02:04:33 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
data := authboss.NewHTMLData("showRemember", a.isRememberLoaded, "showRecover", a.isRecoverLoaded)
|
|
|
|
return a.templates.Render(ctx, w, r, tplLogin, data)
|
2015-01-04 20:33:53 +02:00
|
|
|
case methodPOST:
|
2015-02-21 09:33:35 +02:00
|
|
|
interrupted, err := authboss.Cfg.Callbacks.FireBefore(authboss.EventAuth, ctx)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
} else if interrupted {
|
|
|
|
return errors.New("auth interrupted")
|
2015-01-16 00:01:01 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
username, _ := ctx.FirstPostFormValue("username")
|
|
|
|
password, _ := ctx.FirstPostFormValue("password")
|
2015-01-16 00:01:01 +02:00
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
errData := authboss.NewHTMLData(
|
|
|
|
"error", "invalid username and/or password",
|
|
|
|
"username", username,
|
|
|
|
"showRemember", a.isRememberLoaded,
|
|
|
|
"showRecover", a.isRecoverLoaded,
|
|
|
|
)
|
|
|
|
|
|
|
|
if validationErrs := ctx.Validate(a.policies); len(validationErrs) > 0 {
|
|
|
|
fmt.Fprintln(authboss.Cfg.LogWriter, "auth: form validation failed:", validationErrs.Map())
|
|
|
|
return a.templates.Render(ctx, w, r, tplLogin, errData)
|
2015-01-16 00:01:01 +02:00
|
|
|
}
|
2015-01-13 07:08:52 +02:00
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
if err := validateCredentials(ctx, username, password); err != nil {
|
|
|
|
fmt.Fprintln(authboss.Cfg.LogWriter, "auth: failed to validate credentials:", err)
|
|
|
|
return a.templates.Render(ctx, w, r, tplLogin, errData)
|
2015-01-11 09:12:40 +02:00
|
|
|
}
|
2015-01-16 01:10:47 +02:00
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
ctx.SessionStorer.Put(authboss.SessionKey, username)
|
2015-02-16 06:07:36 +02:00
|
|
|
authboss.Cfg.Callbacks.FireAfter(authboss.EventAuth, ctx)
|
|
|
|
http.Redirect(w, r, authboss.Cfg.AuthLoginSuccessRoute, http.StatusFound)
|
2015-01-04 20:33:53 +02:00
|
|
|
default:
|
|
|
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
|
|
|
}
|
2015-02-21 09:33:35 +02:00
|
|
|
|
|
|
|
return nil
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
func validateCredentials(ctx *authboss.Context, username, password string) error {
|
|
|
|
if err := ctx.LoadUser(username); err != nil {
|
2015-01-13 07:08:52 +02:00
|
|
|
return err
|
2015-01-15 23:24:12 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
actualPassword, err := ctx.User.StringErr(storePassword)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2015-01-15 23:24:12 +02:00
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
if err := bcrypt.CompareHashAndPassword([]byte(actualPassword), []byte(password)); err != nil {
|
|
|
|
return err
|
2015-01-11 08:49:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2015-02-21 09:33:35 +02:00
|
|
|
func (a *AuthModule) logoutHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error {
|
2015-01-04 20:33:53 +02:00
|
|
|
switch r.Method {
|
|
|
|
case methodGET:
|
2015-01-16 02:04:33 +02:00
|
|
|
ctx.SessionStorer.Del(authboss.SessionKey)
|
2015-02-16 06:07:36 +02:00
|
|
|
http.Redirect(w, r, authboss.Cfg.AuthLogoutRoute, http.StatusFound)
|
2015-01-04 20:33:53 +02:00
|
|
|
default:
|
|
|
|
w.WriteHeader(http.StatusMethodNotAllowed)
|
|
|
|
}
|
2015-02-21 09:33:35 +02:00
|
|
|
|
|
|
|
return nil
|
2015-01-04 20:33:53 +02:00
|
|
|
}
|