From 761d6d0824c0cc92fc746b77499ac563f4e6e579 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 2 Apr 2016 18:50:06 +0200 Subject: reenable password check for upload diff --git a/src/rhimportd/uploadWeb.go b/src/rhimportd/uploadWeb.go index 4dc0368..4b56a43 100644 --- a/src/rhimportd/uploadWeb.go +++ b/src/rhimportd/uploadWeb.go @@ -88,26 +88,25 @@ func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport } username := r.FormValue("LOGIN_NAME") - // TODO: re-add this after testing is done!!!! - // password := r.FormValue("PASSWORD") - // if username == "" { - // webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME") - // return - // } - // if password == "" { - // webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME") - // return - // } - - // if authenticated, err := db.CheckPassword(username, password); err != nil { - // rhl.Printf("WebUploadHandler: error checking username/password: %v", err) - // webUploadErrorResponse(w, http.StatusUnauthorized, err.Error()) - // return - // } else if !authenticated { - // rhl.Printf("WebUploadHandler: invalid username/password") - // webUploadErrorResponse(w, http.StatusUnauthorized, "invalid username/password") - // return - // } + password := r.FormValue("PASSWORD") + if username == "" { + webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME") + return + } + if password == "" { + webUploadErrorResponse(w, http.StatusBadRequest, "missing field LOGIN_NAME") + return + } + + if authenticated, err := db.CheckPassword(username, password); err != nil { + rhl.Printf("WebUploadHandler: error checking username/password: %v", err) + webUploadErrorResponse(w, http.StatusUnauthorized, err.Error()) + return + } else if !authenticated { + rhl.Printf("WebUploadHandler: invalid username/password") + webUploadErrorResponse(w, http.StatusUnauthorized, "invalid username/password") + return + } src, hdr, err := r.FormFile("FILENAME") if err != nil { -- cgit v0.10.2