session store now checks password

author: Christian Pointner <equinox@helsinki.at> 2015-12-26 08:58:34 (GMT)
committer: Christian Pointner <equinox@helsinki.at> 2015-12-26 08:58:34 (GMT)
commit: 62ebc38acc54335ed7c4b14551fae828efddc333 (patch)
tree: 4a903c7aa8ca6bd201f3d094067378a9436473f8 /src/helsinki.at/rhimport/session_store.go
parent: f85d82026efe9272782eaebc36c822798a5525db (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/src/helsinki.at/rhimport/session_store.go b/src/helsinki.at/rhimport/session_store.go
index 2aabc44..e065182 100644
--- a/src/helsinki.at/rhimport/session_store.go
+++ b/src/helsinki.at/rhimport/session_store.go
@@ -79,7 +79,15 @@ type SessionStore struct {
 }
 
 func (self *SessionStore) new(ctx *ImportContext) (resp newSessionResponse) {
-	// TODO: for untrusted interfaces we need to check Username and PassWord!!!!
+	if !ctx.Trusted {
+		if ok, err := ctx.rddb.CheckPassword(ctx.UserName, ctx.Password); err != nil {
+			resp.err = err
+			return
+		} else if !ok {
+			resp.err = fmt.Errorf("invalid username and/or password")
+			return
+		}
+	}
 	b := uuid.NewV4().Bytes()
 	resp.id = strings.ToLower(strings.TrimRight(base32.StdEncoding.EncodeToString(b), "="))
 	if _, exists := self.store[ctx.UserName]; !exists {
author	Christian Pointner <equinox@helsinki.at>	2015-12-26 08:58:34 (GMT)
committer	Christian Pointner <equinox@helsinki.at>	2015-12-26 08:58:34 (GMT)
commit	62ebc38acc54335ed7c4b14551fae828efddc333 (patch)
tree	4a903c7aa8ca6bd201f3d094067378a9436473f8 /src/helsinki.at/rhimport/session_store.go
parent	f85d82026efe9272782eaebc36c822798a5525db (diff)