mirre-mt/pcmt
1
0
Fork 0
Code Issues 6 Pull Requests Releases 4 Activity
6b45213649
pcmt/handlers/signin.go
surtur 6b45213649
All checks were successful
continuous-integration/drone/push Build is passing
Details
go: add user onboarding, HIBP search functionality 
* add user onboarding workflow
* fix user editing (no edits of passwords of regular users after
  onboarding)
* refresh HIBP breach cache in DB on app start-up
* display HIBP breach details
* fix request scheduling to prevent panics (this still needs some love..)
* fix middleware auth
* add TODOs
* update head.tmpl
* reword some error messages
2023-08-24 18:43:24 +02:00

158 lines
3.5 KiB
Go
Raw Blame History

// Copyright 2023 wanderer <a_mirre at utb dot cz>
// SPDX-License-Identifier: AGPL-3.0-only
package handlers
import (
"context"
"net/http"
"strconv"
"git.dotya.ml/mirre-mt/pcmt/ent"
passwd "git.dotya.ml/mirre-mt/pcmt/modules/password"
moduser "git.dotya.ml/mirre-mt/pcmt/modules/user"
"github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session"
"github.com/labstack/echo/v4"
)
func Signin() echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
if sess, _ := session.Get(setting.SessionCookieName(), c); sess != nil {
username := sess.Values["username"]
if username != nil {
return c.Redirect(http.StatusFound, "/home")
}
}
csrf := c.Get("csrf").(string)
p := newPage()
p.Title = "Sign in"
p.Current = "signin"
p.CSRF = csrf
return c.Render(
http.StatusOK,
"signin.tmpl",
p,
)
}
}
func SigninPost(client *ent.Client) echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
cu := new(userSignin)
if err := c.Bind(cu); err != nil {
return renderErrorPage(
c,
http.StatusBadRequest,
http.StatusText(http.StatusBadRequest),
err.Error(),
)
}
csrf := c.Get("csrf").(string)
username := cu.Username
password := cu.Password
p := newPage()
data := make(map[string]any)
p.Title = "Sign in"
p.Current = "signin"
p.CSRF = csrf
if username == "" || password == "" {
c.Logger().Warn("username or password not set, returning to /signin")
data["flash"] = "you need to set both the username and the password"
data["form"] = cu
p.Data = data
return c.Render(
http.StatusBadRequest,
"signin.tmpl",
p,
)
}
loginFailed := "Login Failed!"
ctx := context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
if usr, err := moduser.QueryUser(ctx, client, username); err == nil {
log.Info("attempting login", "user", &usr.ID)
if !passwd.Compare(usr.Password, password) {
log.Warn("wrong credentials", "user", &usr.ID)
data["flash"] = loginFailed
data["form"] = cu
p.Data = data
return c.Render(
http.StatusBadRequest,
"signin.tmpl",
p,
)
}
} else {
if ent.IsNotFound(err) {
c.Logger().Error("user not found")
} else {
// just log the error instead of returning it to the user and
// redirect back to /signin.
c.Logger().Error(
http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
strconv.Itoa(http.StatusUnauthorized)+" "+http.StatusText(http.StatusUnauthorized)+" "+err.Error(),
)
}
data["form"] = cu
data["flash"] = loginFailed
p.Data = data
return c.Render(
http.StatusBadRequest,
"signin.tmpl",
p,
)
}
secure := c.Request().URL.Scheme == "https" //nolint:goconst
sess, _ := session.Get(setting.SessionCookieName(), c)
if sess != nil {
sess.Options = &sessions.Options{
Path: "/",
MaxAge: setting.SessionMaxAge(),
HttpOnly: true,
Secure: secure,
SameSite: http.SameSiteStrictMode,
}
sess.Values["foo"] = "bar"
c.Logger().Debug("saving username to the session cookie")
sess.Values["username"] = username
err := sess.Save(c.Request(), c.Response())
if err != nil {
c.Logger().Error("failed to save session")
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError)+" (make sure you've got cookies enabled)",
err.Error(),
)
}
}
return c.Redirect(http.StatusMovedPermanently, "/home")
}
}
Reference in New Issue View Git Blame Copy Permalink