1
0
mirror of https://github.com/volatiletech/authboss.git synced 2025-01-24 05:17:10 +02:00
authboss/auth/auth.go

180 lines
4.3 KiB
Go
Raw Normal View History

package auth
import (
2015-01-10 22:49:06 -08:00
"errors"
"fmt"
"net/http"
2015-01-12 23:51:25 -08:00
"golang.org/x/crypto/bcrypt"
2015-01-12 21:08:52 -08:00
2015-01-09 22:51:02 -08:00
"gopkg.in/authboss.v0"
2015-01-18 14:24:20 -08:00
"gopkg.in/authboss.v0/internal/views"
2015-01-09 22:51:02 -08:00
2015-01-07 23:45:41 -08:00
"html/template"
2015-01-04 14:50:34 -08:00
2015-01-09 22:51:02 -08:00
"io"
)
const (
methodGET = "GET"
methodPOST = "POST"
2015-01-12 21:08:52 -08:00
pageLogin = "login.tpl"
attrUsername = "username"
attrPassword = "password"
2015-01-12 21:08:52 -08:00
)
2015-01-10 22:49:06 -08:00
func init() {
a := &Auth{}
2015-01-07 23:45:41 -08:00
authboss.RegisterModule("auth", a)
}
2015-01-12 21:08:52 -08:00
type AuthPage struct {
Error string
Username string
ShowRemember bool
2015-01-16 21:49:23 -08:00
ShowRecover bool
FlashSuccess string
FlashError string
2015-01-12 21:08:52 -08:00
}
type Auth struct {
2015-01-12 21:08:52 -08:00
routes authboss.RouteTable
storageOptions authboss.StorageOptions
storer authboss.Storer
2015-01-12 21:08:52 -08:00
logoutRedirect string
loginRedirect string
logger io.Writer
templates map[string]*template.Template
2015-01-15 14:01:01 -08:00
callbacks *authboss.Callbacks
isRememberLoaded bool
2015-01-16 21:49:23 -08:00
isRecoverLoaded bool
}
2015-01-18 14:24:20 -08:00
func (a *Auth) Initialize(config *authboss.Config) (err error) {
if a.templates, err = views.Get(config.Layout, config.ViewsPath, pageLogin); err != nil {
2015-01-18 14:24:20 -08:00
return err
}
2015-01-07 23:45:41 -08:00
a.routes = authboss.RouteTable{
2015-01-12 21:08:52 -08:00
"login": a.loginHandlerFunc,
"logout": a.logoutHandlerFunc,
}
2015-01-12 22:28:42 -08:00
a.storageOptions = authboss.StorageOptions{
attrUsername: authboss.String,
attrPassword: authboss.String,
}
2015-01-18 14:24:20 -08:00
a.storer = config.Storer
a.logoutRedirect = config.AuthLogoutRoute
a.loginRedirect = config.AuthLoginSuccessRoute
a.logger = config.LogWriter
a.callbacks = config.Callbacks
2015-01-04 14:50:34 -08:00
a.isRememberLoaded = authboss.IsLoaded("remember")
2015-01-16 21:49:23 -08:00
a.isRecoverLoaded = authboss.IsLoaded("recover")
return nil
}
2015-01-07 23:45:41 -08:00
func (a *Auth) Routes() authboss.RouteTable {
2015-01-04 14:50:34 -08:00
return a.routes
}
2015-01-07 23:45:41 -08:00
func (a *Auth) Storage() authboss.StorageOptions {
2015-01-09 22:51:02 -08:00
return a.storageOptions
}
func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) {
switch r.Method {
case methodGET:
if _, ok := ctx.SessionStorer.Get(authboss.SessionKey); ok {
if halfAuthed, ok := ctx.SessionStorer.Get(authboss.HalfAuthKey); !ok || halfAuthed == "false" {
http.Redirect(w, r, a.loginRedirect, http.StatusFound)
}
}
page := AuthPage{ShowRemember: a.isRememberLoaded, ShowRecover: a.isRecoverLoaded}
if msg, ok := ctx.SessionStorer.Get(authboss.FlashSuccessKey); ok {
page.FlashSuccess = msg
ctx.SessionStorer.Del(authboss.FlashSuccessKey)
}
tpl := a.templates[pageLogin]
tpl.Execute(w, page)
// tpl.ExecuteTemplate(w, tpl.Name(), page)
case methodPOST:
u, ok := ctx.FirstPostFormValue("username")
2015-01-15 14:01:01 -08:00
if !ok {
fmt.Fprintln(a.logger, errors.New("auth: Expected postFormValue 'username' to be in the context"))
}
if err := a.callbacks.FireBefore(authboss.EventAuth, ctx); err != nil {
2015-01-15 14:01:01 -08:00
w.WriteHeader(http.StatusForbidden)
tpl := a.templates[pageLogin]
tpl.ExecuteTemplate(w, tpl.Name(), AuthPage{err.Error(), u, a.isRememberLoaded, a.isRecoverLoaded, "", ""})
2015-01-15 14:01:01 -08:00
}
p, ok := ctx.FirstPostFormValue("password")
2015-01-15 14:01:01 -08:00
if !ok {
fmt.Fprintln(a.logger, errors.New("auth: Expected postFormValue 'password' to be in the context"))
}
2015-01-12 21:08:52 -08:00
if err := a.authenticate(ctx, u, p); err != nil {
fmt.Fprintln(a.logger, err)
2015-01-10 23:12:40 -08:00
w.WriteHeader(http.StatusForbidden)
tpl := a.templates[pageLogin]
tpl.ExecuteTemplate(w, tpl.Name(), AuthPage{"invalid username and/or password", u, a.isRememberLoaded, a.isRecoverLoaded, "", ""})
2015-01-10 23:12:40 -08:00
return
}
ctx.SessionStorer.Put(authboss.SessionKey, u)
a.callbacks.FireAfter(authboss.EventAuth, ctx)
2015-01-12 21:08:52 -08:00
http.Redirect(w, r, a.loginRedirect, http.StatusFound)
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
}
func (a *Auth) authenticate(ctx *authboss.Context, username, password string) error {
var userInter interface{}
var err error
if userInter, err = a.storer.Get(username, nil); err != nil {
2015-01-12 21:08:52 -08:00
return err
}
ctx.User = authboss.Unbind(userInter)
pwdIntf, ok := ctx.User[attrPassword]
if !ok {
return errors.New("auth: User attributes did not include a password.")
}
pwd, ok := pwdIntf.(string)
if !ok {
return errors.New("auth: User password was not a string somehow.")
}
if err := bcrypt.CompareHashAndPassword([]byte(pwd), []byte(password)); err != nil {
return errors.New("invalid password")
2015-01-10 22:49:06 -08:00
}
return nil
}
func (a *Auth) logoutHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) {
switch r.Method {
case methodGET:
ctx.SessionStorer.Del(authboss.SessionKey)
2015-01-10 23:12:40 -08:00
http.Redirect(w, r, a.logoutRedirect, http.StatusFound)
default:
w.WriteHeader(http.StatusMethodNotAllowed)
}
}