session store now checks password

author: Christian Pointner <equinox@helsinki.at> 2015-12-26 08:58:34 (GMT)
committer: Christian Pointner <equinox@helsinki.at> 2015-12-26 08:58:34 (GMT)
commit: e2dee26e41817302ed4e14207ce779d58004f797 (patch)
tree: 1c472734f4bac38856d070a45ae979101af1c6d2 /session_store.go
parent: 7f63f817486684c0dcb440bf57ff79c07c487911 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/session_store.go b/session_store.go
index 2aabc44..e065182 100644
--- a/session_store.go
+++ b/session_store.go
@@ -79,7 +79,15 @@ type SessionStore struct {
 }
 
 func (self *SessionStore) new(ctx *ImportContext) (resp newSessionResponse) {
-	// TODO: for untrusted interfaces we need to check Username and PassWord!!!!
+	if !ctx.Trusted {
+		if ok, err := ctx.rddb.CheckPassword(ctx.UserName, ctx.Password); err != nil {
+			resp.err = err
+			return
+		} else if !ok {
+			resp.err = fmt.Errorf("invalid username and/or password")
+			return
+		}
+	}
 	b := uuid.NewV4().Bytes()
 	resp.id = strings.ToLower(strings.TrimRight(base32.StdEncoding.EncodeToString(b), "="))
 	if _, exists := self.store[ctx.UserName]; !exists {
author	Christian Pointner <equinox@helsinki.at>	2015-12-26 08:58:34 (GMT)
committer	Christian Pointner <equinox@helsinki.at>	2015-12-26 08:58:34 (GMT)
commit	e2dee26e41817302ed4e14207ce779d58004f797 (patch)
tree	1c472734f4bac38856d070a45ae979101af1c6d2 /session_store.go
parent	7f63f817486684c0dcb440bf57ff79c07c487911 (diff)