diff options
author | Christian Pointner <equinox@helsinki.at> | 2015-12-26 08:58:34 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2015-12-26 08:58:34 (GMT) |
commit | 62ebc38acc54335ed7c4b14551fae828efddc333 (patch) | |
tree | 4a903c7aa8ca6bd201f3d094067378a9436473f8 | |
parent | f85d82026efe9272782eaebc36c822798a5525db (diff) |
session store now checks password
-rw-r--r-- | src/helsinki.at/rhimport/fetcher.go | 31 | ||||
-rw-r--r-- | src/helsinki.at/rhimport/rddb.go | 27 | ||||
-rw-r--r-- | src/helsinki.at/rhimport/session_store.go | 10 |
3 files changed, 43 insertions, 25 deletions
diff --git a/src/helsinki.at/rhimport/fetcher.go b/src/helsinki.at/rhimport/fetcher.go index acb6592..81072eb 100644 --- a/src/helsinki.at/rhimport/fetcher.go +++ b/src/helsinki.at/rhimport/fetcher.go @@ -247,31 +247,14 @@ func fetcher_init() { } func checkPassword(ctx *ImportContext, result *FetchResult) (err error) { - cached := true - - for { - res_ch := make(chan getPasswordResult) - req := getPasswordRequest{} - req.username = ctx.UserName - req.cached = cached - req.response = res_ch - ctx.rddb.getPasswordChan <- req - - res := <-res_ch - if res.err != nil { - return res.err - } - if ctx.Password == res.password { - return nil - } - if cached { - cached = false - } else { - break - } + ok := false + if ok, err = ctx.rddb.CheckPassword(ctx.UserName, ctx.Password); err != nil { + return + } + if !ok { + result.ResponseCode = http.StatusUnauthorized + result.ErrorString = "invalid username and/or password" } - result.ResponseCode = http.StatusUnauthorized - result.ErrorString = "invalid username and/or password" return } diff --git a/src/helsinki.at/rhimport/rddb.go b/src/helsinki.at/rhimport/rddb.go index 514abdf..7466d9c 100644 --- a/src/helsinki.at/rhimport/rddb.go +++ b/src/helsinki.at/rhimport/rddb.go @@ -177,6 +177,33 @@ func (self *RdDb) getPassword(username string, cached bool) (result getPasswordR return } +func (self *RdDbChan) CheckPassword(username, password string) (result bool, err error) { + cached := true + + for { + res_ch := make(chan getPasswordResult) + req := getPasswordRequest{} + req.username = username + req.cached = cached + req.response = res_ch + self.getPasswordChan <- req + + res := <-res_ch + if res.err != nil { + return false, res.err + } + if password == res.password { + return true, nil + } + if cached { + cached = false + } else { + break + } + } + return false, nil +} + func (self *RdDb) getGroupOfCart(cart uint) (result getGroupOfCartResult) { var rows *sql.Rows if rows, result.err = self.getGroupOfCartStmt.Query(cart, cart); result.err != nil { diff --git a/src/helsinki.at/rhimport/session_store.go b/src/helsinki.at/rhimport/session_store.go index 2aabc44..e065182 100644 --- a/src/helsinki.at/rhimport/session_store.go +++ b/src/helsinki.at/rhimport/session_store.go @@ -79,7 +79,15 @@ type SessionStore struct { } func (self *SessionStore) new(ctx *ImportContext) (resp newSessionResponse) { - // TODO: for untrusted interfaces we need to check Username and PassWord!!!! + if !ctx.Trusted { + if ok, err := ctx.rddb.CheckPassword(ctx.UserName, ctx.Password); err != nil { + resp.err = err + return + } else if !ok { + resp.err = fmt.Errorf("invalid username and/or password") + return + } + } b := uuid.NewV4().Bytes() resp.id = strings.ToLower(strings.TrimRight(base32.StdEncoding.EncodeToString(b), "=")) if _, exists := self.store[ctx.UserName]; !exists { |