Add a token on login form (for XMPP auth).
This commit is contained in:
parent
87891cfd0d
commit
c8ebf02e30
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"github.com/astaxie/beego"
|
"github.com/astaxie/beego"
|
||||||
|
|
||||||
"git.kingpenguin.tk/chteufleur/datahouse.git/models/user"
|
"git.kingpenguin.tk/chteufleur/datahouse.git/models/user"
|
||||||
|
"git.kingpenguin.tk/chteufleur/datahouse.git/models/utils"
|
||||||
"git.kingpenguin.tk/chteufleur/datahouse.git/models/variables"
|
"git.kingpenguin.tk/chteufleur/datahouse.git/models/variables"
|
||||||
|
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
@ -33,6 +34,7 @@ func (c *LoginController) Get() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
c.Data["token"] = utils.TokenGenerator(8)
|
||||||
c.TplName = "login.tpl"
|
c.TplName = "login.tpl"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -51,8 +53,9 @@ func (c *LoginController) Post() {
|
||||||
|
|
||||||
login := c.GetString("login")
|
login := c.GetString("login")
|
||||||
passwd := c.GetString("password")
|
passwd := c.GetString("password")
|
||||||
|
token := c.GetString("token")
|
||||||
|
|
||||||
if !isLoginOK(login, passwd) {
|
if !isLoginOK(login, passwd, token) {
|
||||||
c.Abort("403")
|
c.Abort("403")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -64,7 +67,7 @@ func (c *LoginController) Post() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func isLoginOK(lgn, pwd string) bool {
|
func isLoginOK(lgn, pwd, token string) bool {
|
||||||
ret := false
|
ret := false
|
||||||
usr := user.GetUserByLogin(lgn)
|
usr := user.GetUserByLogin(lgn)
|
||||||
if usr.Id == 0 {
|
if usr.Id == 0 {
|
||||||
|
|
@ -74,9 +77,9 @@ func isLoginOK(lgn, pwd string) bool {
|
||||||
log.Info("Standard auth")
|
log.Info("Standard auth")
|
||||||
ret = pwd != "" && pwd == usr.Password
|
ret = pwd != "" && pwd == usr.Password
|
||||||
|
|
||||||
if !ret && usr.JID != "" {
|
if !ret && usr.JID != "" && token != "" {
|
||||||
log.Info("Auth by JID")
|
log.Info("Auth by JID")
|
||||||
resp, _ := http.Get(UrlXmppAuth + "?domain=datahouse.kingpenguin.tk&method=POST&jid=" + usr.JID + "&transaction_id=datahouse")
|
resp, _ := http.Get(UrlXmppAuth + "?domain=datahouse.kingpenguin.tk&method=POST&jid=" + usr.JID + "&transaction_id=" + token)
|
||||||
httpStatusCode := resp.StatusCode
|
httpStatusCode := resp.StatusCode
|
||||||
if resp != nil && httpStatusCode == 200 {
|
if resp != nil && httpStatusCode == 200 {
|
||||||
ret = true
|
ret = true
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,14 @@ package utils
|
||||||
import (
|
import (
|
||||||
"github.com/astaxie/beego/orm"
|
"github.com/astaxie/beego/orm"
|
||||||
|
|
||||||
|
"crypto/rand"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||||
|
)
|
||||||
|
|
||||||
func GetString(m orm.Params, param string) string {
|
func GetString(m orm.Params, param string) string {
|
||||||
ret := ""
|
ret := ""
|
||||||
switch i := m[param].(type) {
|
switch i := m[param].(type) {
|
||||||
|
|
@ -38,3 +43,14 @@ func GetTime(m orm.Params, param string) time.Time {
|
||||||
|
|
||||||
return ret
|
return ret
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TokenGenerator(length int) string {
|
||||||
|
var bytes = make([]byte, length)
|
||||||
|
if _, err := rand.Read(bytes); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
for k, v := range bytes {
|
||||||
|
bytes[k] = dictionary[v%byte(len(dictionary))]
|
||||||
|
}
|
||||||
|
return string(bytes)
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,14 +31,16 @@
|
||||||
<form id="loginForm" class="form-signin" action="/login" method="POST">
|
<form id="loginForm" class="form-signin" action="/login" method="POST">
|
||||||
<h2 class="form-signin-heading">Login</h2>
|
<h2 class="form-signin-heading">Login</h2>
|
||||||
<label for="inputEmail" class="sr-only">Email address</label>
|
<label for="inputEmail" class="sr-only">Email address</label>
|
||||||
<input id="inputLogin" name="login" class="form-control" placeholder="Login" required autofocus>
|
<input name="token" type="hidden" value="{{.token}}" />
|
||||||
|
<input id="inputLogin" name="login" class="form-control" placeholder="Login" required autofocus />
|
||||||
<label for="inputPassword" class="sr-only">Password</label>
|
<label for="inputPassword" class="sr-only">Password</label>
|
||||||
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
|
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" />
|
||||||
<!-- <div class="checkbox">
|
<!-- <div class="checkbox">
|
||||||
<label>
|
<label>
|
||||||
<input type="checkbox" value="remember-me"> Remember me
|
<input type="checkbox" value="remember-me"> Remember me
|
||||||
</label>
|
</label>
|
||||||
</div> -->
|
</div> -->
|
||||||
|
<center><p>Token: {{.token}}</p></center>
|
||||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Laisse moi entrer</button>
|
<button class="btn btn-lg btn-primary btn-block" type="submit">Laisse moi entrer</button>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue