auth

Paddy 2014-12-14 Parent:b0a759e00e6d Child:bc77a315f823

98:09c47387e455 Go to Latest

auth/oauth2.go

Move login concerns to session, add login handler. Move all our helpers for authenticating, building a login redirect, and reading a cookie to session.go. Rewrite our passphrase scheme code so that a scheme is just a struct with three functions for checking a passphrase against a profile object, generating a passphrase, and calculating the number of iterations to use when generating a passphrase. Define an implementation of our passphrase scheme (scheme #1) using PBKDF2 and SHA256. Add a CreateSessionHandler function that logs the user in using their login and passphrase. Add a RegisterSessionHandlers function that adds the session-related handlers (right now, just our CreateSessionHandler) to the specified router.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/oauth2.go	Sun Dec 14 12:01:44 2014 -0500
     1.2 +++ b/oauth2.go	Sun Dec 14 12:05:38 2014 -0500
     1.3 @@ -1,8 +1,6 @@
     1.4  package auth
     1.5  
     1.6  import (
     1.7 -	"crypto/sha256"
     1.8 -	"encoding/hex"
     1.9  	"encoding/json"
    1.10  	"errors"
    1.11  	"html/template"
    1.12 @@ -12,7 +10,6 @@
    1.13  	"sync"
    1.14  	"time"
    1.15  
    1.16 -	"code.secondbit.org/pass"
    1.17  	"code.secondbit.org/uuid"
    1.18  
    1.19  	"github.com/gorilla/mux"
    1.20 @@ -129,61 +126,6 @@
    1.21  	return true
    1.22  }
    1.23  
    1.24 -func checkCookie(r *http.Request, context Context) (Session, error) {
    1.25 -	cookie, err := r.Cookie(authCookieName)
    1.26 -	if err == http.ErrNoCookie {
    1.27 -		return Session{}, ErrNoSession
    1.28 -	} else if err != nil {
    1.29 -		log.Println(err)
    1.30 -		return Session{}, err
    1.31 -	}
    1.32 -	sess, err := context.GetSession(cookie.Value)
    1.33 -	if err == ErrSessionNotFound {
    1.34 -		return Session{}, ErrInvalidSession
    1.35 -	} else if err != nil {
    1.36 -		return Session{}, err
    1.37 -	}
    1.38 -	if !sess.Active {
    1.39 -		return Session{}, ErrInvalidSession
    1.40 -	}
    1.41 -	return sess, nil
    1.42 -}
    1.43 -
    1.44 -func buildLoginRedirect(r *http.Request, context Context) string {
    1.45 -	if context.loginURI == nil {
    1.46 -		return ""
    1.47 -	}
    1.48 -	uri := *context.loginURI
    1.49 -	q := uri.Query()
    1.50 -	q.Set("from", r.URL.String())
    1.51 -	uri.RawQuery = q.Encode()
    1.52 -	return uri.String()
    1.53 -}
    1.54 -
    1.55 -func authenticate(user, passphrase string, context Context) (Profile, error) {
    1.56 -	profile, err := context.GetProfileByLogin(user)
    1.57 -	if err != nil {
    1.58 -		if err == ErrProfileNotFound || err == ErrLoginNotFound {
    1.59 -			return Profile{}, ErrIncorrectAuth
    1.60 -		}
    1.61 -		return Profile{}, err
    1.62 -	}
    1.63 -	switch profile.PassphraseScheme {
    1.64 -	case 1:
    1.65 -		realPass, err := hex.DecodeString(profile.Passphrase)
    1.66 -		if err != nil {
    1.67 -			return Profile{}, err
    1.68 -		}
    1.69 -		candidate := pass.Check(sha256.New, profile.Iterations, []byte(passphrase), []byte(profile.Salt))
    1.70 -		if !pass.Compare(candidate, realPass) {
    1.71 -			return Profile{}, ErrIncorrectAuth
    1.72 -		}
    1.73 -	default:
    1.74 -		return Profile{}, ErrInvalidPassphraseScheme
    1.75 -	}
    1.76 -	return profile, nil
    1.77 -}
    1.78 -
    1.79  func wrap(context Context, f func(w http.ResponseWriter, r *http.Request, context Context)) http.Handler {
    1.80  	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    1.81  		f(w, r, context)