summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2015-12-26 08:58:34 (GMT)
committerChristian Pointner <equinox@helsinki.at>2015-12-26 08:58:34 (GMT)
commit62ebc38acc54335ed7c4b14551fae828efddc333 (patch)
tree4a903c7aa8ca6bd201f3d094067378a9436473f8
parentf85d82026efe9272782eaebc36c822798a5525db (diff)
session store now checks password
-rw-r--r--src/helsinki.at/rhimport/fetcher.go31
-rw-r--r--src/helsinki.at/rhimport/rddb.go27
-rw-r--r--src/helsinki.at/rhimport/session_store.go10
3 files changed, 43 insertions, 25 deletions
diff --git a/src/helsinki.at/rhimport/fetcher.go b/src/helsinki.at/rhimport/fetcher.go
index acb6592..81072eb 100644
--- a/src/helsinki.at/rhimport/fetcher.go
+++ b/src/helsinki.at/rhimport/fetcher.go
@@ -247,31 +247,14 @@ func fetcher_init() {
}
func checkPassword(ctx *ImportContext, result *FetchResult) (err error) {
- cached := true
-
- for {
- res_ch := make(chan getPasswordResult)
- req := getPasswordRequest{}
- req.username = ctx.UserName
- req.cached = cached
- req.response = res_ch
- ctx.rddb.getPasswordChan <- req
-
- res := <-res_ch
- if res.err != nil {
- return res.err
- }
- if ctx.Password == res.password {
- return nil
- }
- if cached {
- cached = false
- } else {
- break
- }
+ ok := false
+ if ok, err = ctx.rddb.CheckPassword(ctx.UserName, ctx.Password); err != nil {
+ return
+ }
+ if !ok {
+ result.ResponseCode = http.StatusUnauthorized
+ result.ErrorString = "invalid username and/or password"
}
- result.ResponseCode = http.StatusUnauthorized
- result.ErrorString = "invalid username and/or password"
return
}
diff --git a/src/helsinki.at/rhimport/rddb.go b/src/helsinki.at/rhimport/rddb.go
index 514abdf..7466d9c 100644
--- a/src/helsinki.at/rhimport/rddb.go
+++ b/src/helsinki.at/rhimport/rddb.go
@@ -177,6 +177,33 @@ func (self *RdDb) getPassword(username string, cached bool) (result getPasswordR
return
}
+func (self *RdDbChan) CheckPassword(username, password string) (result bool, err error) {
+ cached := true
+
+ for {
+ res_ch := make(chan getPasswordResult)
+ req := getPasswordRequest{}
+ req.username = username
+ req.cached = cached
+ req.response = res_ch
+ self.getPasswordChan <- req
+
+ res := <-res_ch
+ if res.err != nil {
+ return false, res.err
+ }
+ if password == res.password {
+ return true, nil
+ }
+ if cached {
+ cached = false
+ } else {
+ break
+ }
+ }
+ return false, nil
+}
+
func (self *RdDb) getGroupOfCart(cart uint) (result getGroupOfCartResult) {
var rows *sql.Rows
if rows, result.err = self.getGroupOfCartStmt.Query(cart, cart); result.err != nil {
diff --git a/src/helsinki.at/rhimport/session_store.go b/src/helsinki.at/rhimport/session_store.go
index 2aabc44..e065182 100644
--- a/src/helsinki.at/rhimport/session_store.go
+++ b/src/helsinki.at/rhimport/session_store.go
@@ -79,7 +79,15 @@ type SessionStore struct {
}
func (self *SessionStore) new(ctx *ImportContext) (resp newSessionResponse) {
- // TODO: for untrusted interfaces we need to check Username and PassWord!!!!
+ if !ctx.Trusted {
+ if ok, err := ctx.rddb.CheckPassword(ctx.UserName, ctx.Password); err != nil {
+ resp.err = err
+ return
+ } else if !ok {
+ resp.err = fmt.Errorf("invalid username and/or password")
+ return
+ }
+ }
b := uuid.NewV4().Bytes()
resp.id = strings.ToLower(strings.TrimRight(base32.StdEncoding.EncodeToString(b), "="))
if _, exists := self.store[ctx.UserName]; !exists {