mirror of
https://github.com/volatiletech/authboss.git
synced 2024-11-28 08:58:38 +02:00
6c663762e4
- Fix bug where setup paths were not mountpathed so twofactor_verify would redirect to a 404. - Fix bug in remember where a user would be remembered even if logged in depending on the middleware order (if something had previously called LoadCurrentUser/LoadCurrentUserID it was fine, if not, the user was half-authed even if he was cleared of half-auth previously).
163 lines
4.1 KiB
Go
163 lines
4.1 KiB
Go
package authboss
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
)
|
|
|
|
type contextKey string
|
|
|
|
// CTX Keys for authboss
|
|
const (
|
|
CTXKeyPID contextKey = "pid"
|
|
CTXKeyUser contextKey = "user"
|
|
|
|
CTXKeySessionState contextKey = "session"
|
|
CTXKeyCookieState contextKey = "cookie"
|
|
|
|
// CTXKeyData is a context key for the accumulating
|
|
// map[string]interface{} (authboss.HTMLData) to pass to the
|
|
// renderer
|
|
CTXKeyData contextKey = "data"
|
|
|
|
// CTXKeyValues is to pass the data submitted from API request or form
|
|
// along in the context in case modules need it. The only module that needs
|
|
// user information currently is remember so only auth/oauth2 are currently
|
|
// going to use this.
|
|
CTXKeyValues contextKey = "values"
|
|
)
|
|
|
|
func (c contextKey) String() string {
|
|
return "authboss ctx key " + string(c)
|
|
}
|
|
|
|
// CurrentUserID retrieves the current user from the session.
|
|
// TODO(aarondl): This method never returns an error, one day we'll change
|
|
// the function signature.
|
|
func (a *Authboss) CurrentUserID(r *http.Request) (string, error) {
|
|
if pid := r.Context().Value(CTXKeyPID); pid != nil {
|
|
return pid.(string), nil
|
|
}
|
|
|
|
pid, _ := GetSession(r, SessionKey)
|
|
return pid, nil
|
|
}
|
|
|
|
// CurrentUserIDP retrieves the current user but panics if it's not available for
|
|
// any reason.
|
|
func (a *Authboss) CurrentUserIDP(r *http.Request) string {
|
|
i, err := a.CurrentUserID(r)
|
|
if err != nil {
|
|
panic(err)
|
|
} else if len(i) == 0 {
|
|
panic(ErrUserNotFound)
|
|
}
|
|
|
|
return i
|
|
}
|
|
|
|
// CurrentUser retrieves the current user from the session and the database.
|
|
// Before the user is loaded from the database the context key is checked.
|
|
// If the session doesn't have the user ID ErrUserNotFound will be returned.
|
|
func (a *Authboss) CurrentUser(r *http.Request) (User, error) {
|
|
if user := r.Context().Value(CTXKeyUser); user != nil {
|
|
return user.(User), nil
|
|
}
|
|
|
|
pid, err := a.CurrentUserID(r)
|
|
if err != nil {
|
|
return nil, err
|
|
} else if len(pid) == 0 {
|
|
return nil, ErrUserNotFound
|
|
}
|
|
|
|
return a.currentUser(r.Context(), pid)
|
|
}
|
|
|
|
// CurrentUserP retrieves the current user but panics if it's not available for
|
|
// any reason.
|
|
func (a *Authboss) CurrentUserP(r *http.Request) User {
|
|
i, err := a.CurrentUser(r)
|
|
if err != nil {
|
|
panic(err)
|
|
} else if i == nil {
|
|
panic(ErrUserNotFound)
|
|
}
|
|
return i
|
|
}
|
|
|
|
func (a *Authboss) currentUser(ctx context.Context, pid string) (User, error) {
|
|
return a.Storage.Server.Load(ctx, pid)
|
|
}
|
|
|
|
// LoadCurrentUserID takes a pointer to a pointer to the request in order to
|
|
// change the current method's request pointer itself to the new request that
|
|
// contains the new context that has the pid in it.
|
|
func (a *Authboss) LoadCurrentUserID(r **http.Request) (string, error) {
|
|
pid, err := a.CurrentUserID(*r)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
if len(pid) == 0 {
|
|
return "", nil
|
|
}
|
|
|
|
ctx := context.WithValue((**r).Context(), CTXKeyPID, pid)
|
|
*r = (**r).WithContext(ctx)
|
|
|
|
return pid, nil
|
|
}
|
|
|
|
// LoadCurrentUserIDP loads the current user id and panics if it's not found
|
|
func (a *Authboss) LoadCurrentUserIDP(r **http.Request) string {
|
|
pid, err := a.LoadCurrentUserID(r)
|
|
if err != nil {
|
|
panic(err)
|
|
} else if len(pid) == 0 {
|
|
panic(ErrUserNotFound)
|
|
}
|
|
|
|
return pid
|
|
}
|
|
|
|
// LoadCurrentUser takes a pointer to a pointer to the request in order to
|
|
// change the current method's request pointer itself to the new request that
|
|
// contains the new context that has the user in it. Calls LoadCurrentUserID
|
|
// so the primary id is also put in the context.
|
|
func (a *Authboss) LoadCurrentUser(r **http.Request) (User, error) {
|
|
if user := (*r).Context().Value(CTXKeyUser); user != nil {
|
|
return user.(User), nil
|
|
}
|
|
|
|
pid, err := a.LoadCurrentUserID(r)
|
|
if err != nil {
|
|
return nil, err
|
|
} else if len(pid) == 0 {
|
|
return nil, ErrUserNotFound
|
|
}
|
|
|
|
ctx := (**r).Context()
|
|
user, err := a.currentUser(ctx, pid)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
ctx = context.WithValue(ctx, CTXKeyUser, user)
|
|
*r = (**r).WithContext(ctx)
|
|
return user, nil
|
|
}
|
|
|
|
// LoadCurrentUserP does the same as LoadCurrentUser but panics if
|
|
// the current user is not found.
|
|
func (a *Authboss) LoadCurrentUserP(r **http.Request) User {
|
|
user, err := a.LoadCurrentUser(r)
|
|
if err != nil {
|
|
panic(err)
|
|
} else if user == nil {
|
|
panic(ErrUserNotFound)
|
|
}
|
|
|
|
return user
|
|
}
|