1
0
mirror of https://github.com/volatiletech/authboss.git synced 2025-01-24 05:17:10 +02:00
authboss/auth/auth.go

116 lines
3.0 KiB
Go
Raw Normal View History

// Package auth implements password based user logins.
package auth
import (
2018-02-21 12:10:18 -08:00
"context"
"net/http"
"golang.org/x/crypto/bcrypt"
2017-07-30 19:39:33 -07:00
"github.com/volatiletech/authboss"
)
const (
// PageLogin is for identifying the login page for parsing & validation
PageLogin = "login"
2015-01-12 21:08:52 -08:00
)
2015-01-10 22:49:06 -08:00
func init() {
authboss.RegisterModule("auth", &Auth{})
}
2015-03-16 14:42:45 -07:00
// Auth module
2015-02-23 15:51:42 -08:00
type Auth struct {
2015-03-31 15:27:47 -07:00
*authboss.Authboss
}
// Init module
func (a *Auth) Init(ab *authboss.Authboss) (err error) {
2015-03-31 15:27:47 -07:00
a.Authboss = ab
if err = a.Authboss.Config.Core.ViewRenderer.Load(PageLogin); err != nil {
return err
2015-02-23 15:51:42 -08:00
}
a.Authboss.Config.Core.Router.Get("/login", a.Authboss.Core.ErrorHandler.Wrap(a.LoginGet))
a.Authboss.Config.Core.Router.Post("/login", a.Authboss.Core.ErrorHandler.Wrap(a.LoginPost))
return nil
}
// LoginGet simply displays the login form
func (a *Auth) LoginGet(w http.ResponseWriter, r *http.Request) error {
return a.Core.Responder.Respond(w, r, http.StatusOK, PageLogin, nil)
}
// LoginPost attempts to validate the credentials passed in
// to log in a user.
func (a *Auth) LoginPost(w http.ResponseWriter, r *http.Request) error {
2018-02-20 08:58:59 -08:00
logger := a.RequestLogger(r)
validatable, err := a.Authboss.Core.BodyReader.Read(PageLogin, r)
if err != nil {
return err
}
// Skip validation since all the validation happens during the database lookup and
// password check.
creds := authboss.MustHaveUserValues(validatable)
pid := creds.GetPID()
pidUser, err := a.Authboss.Storage.Server.Load(r.Context(), pid)
if err == authboss.ErrUserNotFound {
2018-02-20 08:58:59 -08:00
logger.Infof("failed to load user requested by pid: %s", pid)
data := authboss.HTMLData{authboss.DataErr: "Invalid Credentials"}
return a.Authboss.Core.Responder.Respond(w, r, http.StatusOK, PageLogin, data)
} else if err != nil {
return err
}
authUser := authboss.MustBeAuthable(pidUser)
2018-02-20 08:58:59 -08:00
password := authUser.GetPassword()
2015-02-20 23:33:35 -08:00
2018-02-21 12:10:18 -08:00
r = r.WithContext(context.WithValue(r.Context(), authboss.CTXKeyUser, pidUser))
2018-02-20 08:58:59 -08:00
var handled bool
err = bcrypt.CompareHashAndPassword([]byte(password), []byte(creds.GetPassword()))
if err != nil {
2018-02-20 08:58:59 -08:00
handled, err = a.Authboss.Events.FireAfter(authboss.EventAuthFail, w, r)
if err != nil {
return err
2018-02-20 08:58:59 -08:00
} else if handled {
return nil
}
2018-02-20 08:58:59 -08:00
logger.Infof("user %s failed to log in", pid)
data := authboss.HTMLData{authboss.DataErr: "Invalid Credentials"}
return a.Authboss.Core.Responder.Respond(w, r, http.StatusOK, PageLogin, data)
}
r = r.WithContext(context.WithValue(r.Context(), authboss.CTXKeyValues, validatable))
2018-02-20 08:58:59 -08:00
handled, err = a.Events.FireBefore(authboss.EventAuth, w, r)
2015-02-20 23:33:35 -08:00
if err != nil {
return err
2018-02-20 08:58:59 -08:00
} else if handled {
return nil
}
2018-02-20 08:58:59 -08:00
logger.Infof("user %s logged in", pid)
authboss.PutSession(w, authboss.SessionKey, pid)
authboss.DelSession(w, authboss.SessionHalfAuthKey)
2018-02-20 08:58:59 -08:00
handled, err = a.Authboss.Events.FireAfter(authboss.EventAuth, w, r)
if err != nil {
return err
2018-02-20 08:58:59 -08:00
} else if handled {
return nil
2015-01-10 22:49:06 -08:00
}
ro := authboss.RedirectOptions{
2018-02-20 08:58:59 -08:00
Code: http.StatusTemporaryRedirect,
2018-02-21 12:10:18 -08:00
RedirectPath: a.Authboss.Paths.AuthLoginOK,
}
return a.Authboss.Core.Redirector.Redirect(w, r, ro)
2015-01-10 22:49:06 -08:00
}