sum7/warehost
sum7
/
warehost
Archived
1
0
Fork 0

improve login + add system-password and system-delete

This commit is contained in:
Martin Geno 2016-08-17 22:31:58 +02:00
parent b78aa4be3d
commit 7320874578
4 changed files with 98 additions and 20 deletions

View File

@ -49,11 +49,3 @@ func SessionHandler(h Handle, sessions *session.Manager) httprouter.Handle {
JsonOutput(w, r, sess, data, err) JsonOutput(w, r, sess, data, err)
} }
} }
func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
sess := sessions.SessionStart(w, r)
data, err := h(w, r, ps, sess)
JsonOutput(w, r, sess, data, err)
}
}

View File

@ -35,9 +35,9 @@ func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *x
} }
router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions)) router.GET(prefix+"/status", libapi.SessionHandler(api.Status, sessions))
router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions)) router.POST(prefix+"/login", libapi.SessionHandler(api.Login, sessions))
router.GET(prefix+"/logout", libapi.LoginHandler(api.Logout, sessions)) router.GET(prefix+"/logout", LoginHandler(api.Logout, sessions))
router.POST(prefix+"/password", libapi.LoginHandler(api.Password, sessions)) router.POST(prefix+"/password", LoginHandler(api.Password, sessions))
router.GET(prefix+"/delete", libapi.LoginHandler(api.Status, sessions)) router.GET(prefix+"/delete", LoginHandler(api.Delete, sessions))
} }
// Status to get Login and Server status // Status to get Login and Server status
@ -58,7 +58,7 @@ func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Para
} }
// Logout current user // Logout current user
func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) { func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, _ *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
api.sessions.SessionDestroy(w, r) api.sessions.SessionDestroy(w, r)
logger := api.log.GetLog(r, "logout") logger := api.log.GetLog(r, "logout")
if login := sess.Get("login"); login != nil { if login := sess.Get("login"); login != nil {
@ -79,6 +79,9 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
if err != nil { if err != nil {
logger.Error("fetch request") logger.Error("fetch request")
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusInternalServerError)
returnerr = &libapi.ErrorResult{
Message: "Internal Request Error",
}
returndata = false returndata = false
return return
} }
@ -87,11 +90,15 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
_, err = api.dbconnection.Get(&login) _, err = api.dbconnection.Get(&login)
if err != nil { if err != nil {
logger.Error("fetch database") logger.Error("fetch database")
returnerr = &libapi.ErrorResult{
Message: "Internal Request Error",
}
returndata = false returndata = false
return return
} }
if login.Id <= 0 { if login.ID <= 0 {
logger.Warn("user not found") logger.Warn("user not found")
returnerr = &libapi.ErrorResult{Fields: []string{"username"}, Message: "User not Found"}
returndata = false returndata = false
return return
} }
@ -104,6 +111,7 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
logger.Info("logged in") logger.Info("logged in")
} else { } else {
logger.Warn("wrong password") logger.Warn("wrong password")
returnerr = &libapi.ErrorResult{Fields: []string{"password"}, Message: "Wrong Password"}
} }
} else { } else {
logger.Warn("not active") logger.Warn("not active")
@ -111,15 +119,46 @@ func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Param
return return
} }
func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) {
//Password to change the password
func (api *API) Password(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
logger := api.log.GetLog(r, "password") logger := api.log.GetLog(r, "password")
logger.Warn("not implemented")
returndata = false returndata = false
var changePasswordRequest ChangePasswordRequest
err := json.NewDecoder(r.Body).Decode(&changePasswordRequest)
if err != nil {
logger.Error("fetch request")
http.Error(w, err.Error(), http.StatusInternalServerError)
returnerr = &libapi.ErrorResult{Message: "Internal Request Error"}
return return
} }
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session) (returndata interface{}, returnerr *libapi.ErrorResult) { output, _ := libpassword.Validate(login.Password, changePasswordRequest.CurrentPassword)
if !output {
logger.Warn("wrong current password")
returnerr = &libapi.ErrorResult{Fields: []string{"currentpassword"}, Message: "Wrong CurrentPassword"}
return
}
if len(changePasswordRequest.NewPassword) < MINPASSWORDLENTH {
logger.Warn("wrong new password")
returnerr = &libapi.ErrorResult{Fields: []string{"newpassword"}, Message: "Wrong NewPassword"}
return
}
login.Password = libpassword.NewHesh(changePasswordRequest.NewPassword)
api.dbconnection.Update(login)
sess.Set("login", *login)
returndata = true
logger.Info("works")
return
}
//Delete of login on warehost
func (api *API) Delete(w http.ResponseWriter, r *http.Request, _ httprouter.Params, sess session.Session, login *Login) (returndata interface{}, returnerr *libapi.ErrorResult) {
logger := api.log.GetLog(r, "delete") logger := api.log.GetLog(r, "delete")
logger.Warn("not implemented") logger.Warn("login delete")
returndata = false sess.Delete("login")
api.dbconnection.Delete(login)
returndata = true
return return
} }

29
system/lib.go Normal file
View File

@ -0,0 +1,29 @@
package system
import (
"net/http"
"github.com/astaxie/session"
"github.com/julienschmidt/httprouter"
libapi "dev.sum7.de/sum7/warehost/lib/api"
)
type Handle func(w http.ResponseWriter, r *http.Request, ps httprouter.Params, sess session.Session, login *Login) (interface{}, *libapi.ErrorResult)
//LoginHandler for api function to Verifie User ist loggedin
func LoginHandler(h Handle, sessions *session.Manager) httprouter.Handle {
return func(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
sess := sessions.SessionStart(w, r)
err := &libapi.ErrorResult{Fields: []string{"session"}, Message: "Not logged in"}
var data interface{}
data = false
if login := sess.Get("login"); login != nil {
if loginObj := login.(Login); loginObj.Active {
data, err = h(w, r, ps, sess, &loginObj)
}
}
libapi.JsonOutput(w, r, sess, data, err)
}
}

View File

@ -9,15 +9,32 @@ import (
"github.com/go-xorm/xorm" "github.com/go-xorm/xorm"
) )
// Login object for request // MINPASSWORDLENTH to validate password
const MINPASSWORDLENTH = 3
/*
* API Model
*/
// RequestLogin for api request to log in
type RequestLogin struct { type RequestLogin struct {
Username string `json:"username"` Username string `json:"username"`
Password string `json:"password"` Password string `json:"password"`
} }
// ChangePasswordRequest for api request of a new password
type ChangePasswordRequest struct {
CurrentPassword string `json:"currentpassword"`
NewPassword string `json:"newpassword"`
}
/*
* Database Model
*/
// Login found // Login found
type Login struct { type Login struct {
Id int64 `json:"id"` ID int64 `xorm:"'id'" json:"id"`
Username string `xorm:"varchar(255) not null unique 'mail'" json:"username"` Username string `xorm:"varchar(255) not null unique 'mail'" json:"username"`
Password string `xorm:"varchar(255) not null 'password'" json:"-"` Password string `xorm:"varchar(255) not null 'password'" json:"-"`
Active bool `xorm:"boolean default false 'active'" json:"active"` Active bool `xorm:"boolean default false 'active'" json:"active"`
@ -27,6 +44,7 @@ type Login struct {
LastLoginAt time.Time `xorm:"timestampz 'lastloginat'" json:"lastloginat"` LastLoginAt time.Time `xorm:"timestampz 'lastloginat'" json:"lastloginat"`
} }
// SyncModels to verify the database schema
func SyncModels(dbconnection *xorm.Engine) { func SyncModels(dbconnection *xorm.Engine) {
err := dbconnection.Sync(new(Login)) err := dbconnection.Sync(new(Login))
if err != nil { if err != nil {