Add a token on login form (for XMPP auth).
This commit is contained in:
parent
87891cfd0d
commit
c8ebf02e30
|
|
@ -4,6 +4,7 @@ import (
|
|||
"github.com/astaxie/beego"
|
||||
|
||||
"git.kingpenguin.tk/chteufleur/datahouse.git/models/user"
|
||||
"git.kingpenguin.tk/chteufleur/datahouse.git/models/utils"
|
||||
"git.kingpenguin.tk/chteufleur/datahouse.git/models/variables"
|
||||
|
||||
"net/http"
|
||||
|
|
@ -33,6 +34,7 @@ func (c *LoginController) Get() {
|
|||
return
|
||||
}
|
||||
|
||||
c.Data["token"] = utils.TokenGenerator(8)
|
||||
c.TplName = "login.tpl"
|
||||
}
|
||||
|
||||
|
|
@ -51,8 +53,9 @@ func (c *LoginController) Post() {
|
|||
|
||||
login := c.GetString("login")
|
||||
passwd := c.GetString("password")
|
||||
token := c.GetString("token")
|
||||
|
||||
if !isLoginOK(login, passwd) {
|
||||
if !isLoginOK(login, passwd, token) {
|
||||
c.Abort("403")
|
||||
}
|
||||
|
||||
|
|
@ -64,7 +67,7 @@ func (c *LoginController) Post() {
|
|||
}
|
||||
}
|
||||
|
||||
func isLoginOK(lgn, pwd string) bool {
|
||||
func isLoginOK(lgn, pwd, token string) bool {
|
||||
ret := false
|
||||
usr := user.GetUserByLogin(lgn)
|
||||
if usr.Id == 0 {
|
||||
|
|
@ -74,9 +77,9 @@ func isLoginOK(lgn, pwd string) bool {
|
|||
log.Info("Standard auth")
|
||||
ret = pwd != "" && pwd == usr.Password
|
||||
|
||||
if !ret && usr.JID != "" {
|
||||
if !ret && usr.JID != "" && token != "" {
|
||||
log.Info("Auth by JID")
|
||||
resp, _ := http.Get(UrlXmppAuth + "?domain=datahouse.kingpenguin.tk&method=POST&jid=" + usr.JID + "&transaction_id=datahouse")
|
||||
resp, _ := http.Get(UrlXmppAuth + "?domain=datahouse.kingpenguin.tk&method=POST&jid=" + usr.JID + "&transaction_id=" + token)
|
||||
httpStatusCode := resp.StatusCode
|
||||
if resp != nil && httpStatusCode == 200 {
|
||||
ret = true
|
||||
|
|
|
|||
|
|
@ -3,9 +3,14 @@ package utils
|
|||
import (
|
||||
"github.com/astaxie/beego/orm"
|
||||
|
||||
"crypto/rand"
|
||||
"time"
|
||||
)
|
||||
|
||||
const (
|
||||
dictionary = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
|
||||
)
|
||||
|
||||
func GetString(m orm.Params, param string) string {
|
||||
ret := ""
|
||||
switch i := m[param].(type) {
|
||||
|
|
@ -38,3 +43,14 @@ func GetTime(m orm.Params, param string) time.Time {
|
|||
|
||||
return ret
|
||||
}
|
||||
|
||||
func TokenGenerator(length int) string {
|
||||
var bytes = make([]byte, length)
|
||||
if _, err := rand.Read(bytes); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
for k, v := range bytes {
|
||||
bytes[k] = dictionary[v%byte(len(dictionary))]
|
||||
}
|
||||
return string(bytes)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,14 +31,16 @@
|
|||
<form id="loginForm" class="form-signin" action="/login" method="POST">
|
||||
<h2 class="form-signin-heading">Login</h2>
|
||||
<label for="inputEmail" class="sr-only">Email address</label>
|
||||
<input id="inputLogin" name="login" class="form-control" placeholder="Login" required autofocus>
|
||||
<input name="token" type="hidden" value="{{.token}}" />
|
||||
<input id="inputLogin" name="login" class="form-control" placeholder="Login" required autofocus />
|
||||
<label for="inputPassword" class="sr-only">Password</label>
|
||||
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" required>
|
||||
<input type="password" id="inputPassword" name="password" class="form-control" placeholder="Password" />
|
||||
<!-- <div class="checkbox">
|
||||
<label>
|
||||
<input type="checkbox" value="remember-me"> Remember me
|
||||
</label>
|
||||
</div> -->
|
||||
<center><p>Token: {{.token}}</p></center>
|
||||
<button class="btn btn-lg btn-primary btn-block" type="submit">Laisse moi entrer</button>
|
||||
</form>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue