auth

Paddy 2015-04-11 Parent:379702564771 Child:48200d8c4036

159:cf6c1f05eb21 Go to Latest

auth/profile_postgres.go

Enable terminating sessions through the API. Add a terminateSession method to the sessionStore that sets the Active property of the Session to false. Create a Context.TerminateSession wrapper for the terminateSession method on the sessionStore. Add a Sessions property to our response type so we can return a []Session in API responses. Use the URL-safe encoding when base64 encoding our session ID and CSRFToken, so the ID can be passed in the URL and so our encodings are consistent. Add a TerminateSessionHandler function that will extract a Session ID from the request URL, authenticate the user, check that the authenticated user owns the session in question, and terminate the session. Add implementations for our new terminateSession method for the memstore and postgres types. Test both the memstore and postgres implementation of our terminateSession helper in session_test.go.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import (
4 "time"
5
6 "code.secondbit.org/uuid.hg"
7 "github.com/lib/pq"
8 "github.com/secondbit/pan"
9 )
10
11 func (p Profile) GetSQLTableName() string {
12 return "profiles"
13 }
14
15 func (l Login) GetSQLTableName() string {
16 return "logins"
17 }
18
19 func (p *postgres) getProfileByIDSQL(id uuid.ID) *pan.Query {
20 var profile Profile
21 fields, _ := pan.GetFields(profile)
22 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(profile))
23 query.IncludeWhere()
24 query.Include(pan.GetUnquotedColumn(profile, "ID")+" = ? AND "+pan.GetUnquotedColumn(profile, "Deleted")+" = ?", id, false)
25 return query.FlushExpressions(" ")
26 }
27
28 func (p *postgres) getProfileByID(id uuid.ID) (Profile, error) {
29 query := p.getProfileByIDSQL(id)
30 rows, err := p.db.Query(query.String(), query.Args...)
31 if err != nil {
32 return Profile{}, err
33 }
34 var profile Profile
35 var found bool
36 for rows.Next() {
37 err := pan.Unmarshal(rows, &profile)
38 if err != nil {
39 return Profile{}, err
40 }
41 found = true
42 }
43 if err := rows.Err(); err != nil {
44 return Profile{}, err
45 }
46 if !found {
47 return profile, ErrProfileNotFound
48 }
49 return profile, nil
50 }
51
52 func (p *postgres) getProfileByLoginSQL(value string) *pan.Query {
53 var profile Profile
54 var login Login
55 fields, _ := pan.GetUnquotedAbsoluteFields(profile)
56 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(profile))
57 query.Include("INNER JOIN " + pan.GetTableName(login))
58 query.Include("ON " + pan.GetUnquotedAbsoluteColumn(profile, "ID") + " = " + pan.GetUnquotedAbsoluteColumn(login, "ProfileID"))
59 query.IncludeWhere()
60 query.Include(pan.GetUnquotedAbsoluteColumn(login, "Value")+" = ? AND "+pan.GetUnquotedAbsoluteColumn(profile, "Deleted")+" = ?", value, false)
61 return query.FlushExpressions(" ")
62 }
63
64 func (p *postgres) getProfileByLogin(value string) (Profile, error) {
65 query := p.getProfileByLoginSQL(value)
66 rows, err := p.db.Query(query.String(), query.Args...)
67 if err != nil {
68 return Profile{}, err
69 }
70 var profile Profile
71 var found bool
72 for rows.Next() {
73 err := pan.Unmarshal(rows, &profile)
74 if err != nil {
75 return Profile{}, err
76 }
77 found = true
78 }
79 if err := rows.Err(); err != nil {
80 return Profile{}, err
81 }
82 if !found {
83 return profile, ErrProfileNotFound
84 }
85 return profile, nil
86 }
87
88 func (p *postgres) saveProfileSQL(profile Profile) *pan.Query {
89 fields, values := pan.GetFields(profile)
90 query := pan.New(pan.POSTGRES, "INSERT INTO "+pan.GetTableName(profile))
91 query.Include("(" + pan.QueryList(fields) + ")")
92 query.Include("VALUES")
93 query.Include("("+pan.VariableList(len(values))+")", values...)
94 return query.FlushExpressions(" ")
95 }
96
97 func (p *postgres) saveProfile(profile Profile) error {
98 query := p.saveProfileSQL(profile)
99 _, err := p.db.Exec(query.String(), query.Args...)
100 if e, ok := err.(*pq.Error); ok && e.Constraint == "profiles_pkey" {
101 err = ErrProfileAlreadyExists
102 }
103 return err
104 }
105
106 func (p *postgres) updateProfileSQL(id uuid.ID, change ProfileChange) *pan.Query {
107 var profile Profile
108 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(profile)+" SET ")
109 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Name")+" = ?", change.Name)
110 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Passphrase")+" = ?", change.Passphrase)
111 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Iterations")+" = ?", change.Iterations)
112 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Salt")+" = ?", change.Salt)
113 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "PassphraseScheme")+" = ?", change.PassphraseScheme)
114 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Compromised")+" = ?", change.Compromised)
115 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "LockedUntil")+" = ?", change.LockedUntil)
116 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "PassphraseReset")+" = ?", change.PassphraseReset)
117 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "PassphraseResetCreated")+" = ?", change.PassphraseResetCreated)
118 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "LastSeen")+" = ?", change.LastSeen)
119 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Deleted")+" = ?", change.Deleted)
120 query.FlushExpressions(", ")
121 query.IncludeWhere()
122 query.Include(pan.GetUnquotedColumn(profile, "ID")+" = ?", id)
123 return query.FlushExpressions(" ")
124 }
125
126 func (p *postgres) updateProfile(id uuid.ID, change ProfileChange) error {
127 if change.Empty() {
128 return nil
129 }
130 query := p.updateProfileSQL(id, change)
131 _, err := p.db.Exec(query.String(), query.Args...)
132 return err
133 }
134
135 func (p *postgres) updateProfilesSQL(ids []uuid.ID, change BulkProfileChange) *pan.Query {
136 if change.Empty() {
137 return nil
138 }
139 var profile Profile
140 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(profile)+" SET ")
141 query.IncludeIfNotNil(pan.GetUnquotedColumn(profile, "Compromised")+" = ?", change.Compromised)
142 query.FlushExpressions(", ")
143 query.IncludeWhere()
144 intids := make([]interface{}, len(ids))
145 for pos, id := range ids {
146 intids[pos] = id
147 }
148 query.Include(pan.GetUnquotedColumn(profile, "ID")+" IN ("+pan.VariableList(len(ids))+")", intids...)
149 return query.FlushExpressions(" ")
150 }
151
152 func (p *postgres) updateProfiles(ids []uuid.ID, change BulkProfileChange) error {
153 query := p.updateProfilesSQL(ids, change)
154 _, err := p.db.Exec(query.String(), query.Args...)
155 return err
156 }
157
158 func (p *postgres) addLoginSQL(login Login) *pan.Query {
159 fields, values := pan.GetFields(login)
160 query := pan.New(pan.POSTGRES, "INSERT INTO "+pan.GetTableName(login))
161 query.Include("(" + pan.QueryList(fields) + ")")
162 query.Include("VALUES")
163 query.Include("("+pan.VariableList(len(values))+")", values...)
164 return query.FlushExpressions(" ")
165 }
166
167 func (p *postgres) addLogin(login Login) error {
168 query := p.addLoginSQL(login)
169 _, err := p.db.Exec(query.String(), query.Args...)
170 if e, ok := err.(*pq.Error); ok && e.Constraint == "logins_pkey" {
171 return ErrLoginAlreadyExists
172 }
173 return err
174 }
175
176 func (p *postgres) removeLoginSQL(value string, profile uuid.ID) *pan.Query {
177 var login Login
178 query := pan.New(pan.POSTGRES, "DELETE FROM "+pan.GetTableName(login))
179 query.IncludeWhere()
180 query.Include(pan.GetUnquotedColumn(login, "Value")+" = ? AND "+pan.GetUnquotedColumn(login, "ProfileID")+" = ?", value, profile)
181 return query.FlushExpressions(" ")
182 }
183
184 func (p *postgres) removeLogin(value string, profile uuid.ID) error {
185 query := p.removeLoginSQL(value, profile)
186 res, err := p.db.Exec(query.String(), query.Args...)
187 if err != nil {
188 return err
189 }
190 rows, err := res.RowsAffected()
191 if err != nil {
192 return err
193 }
194 if rows == 0 {
195 return ErrLoginNotFound
196 }
197 return nil
198 }
199
200 func (p *postgres) recordLoginUseSQL(value string, when time.Time) *pan.Query {
201 var login Login
202 query := pan.New(pan.POSTGRES, "UPDATE "+pan.GetTableName(login)+" SET ")
203 query.Include(pan.GetUnquotedColumn(login, "LastUsed")+" = ?", when)
204 query.IncludeWhere()
205 query.Include(pan.GetUnquotedColumn(login, "Value")+" = ?", value)
206 return query.FlushExpressions(" ")
207 }
208
209 func (p *postgres) recordLoginUse(value string, when time.Time) error {
210 query := p.recordLoginUseSQL(value, when)
211 _, err := p.db.Exec(query.String(), query.Args...)
212 return err
213 }
214
215 func (p *postgres) listLoginsSQL(profile uuid.ID, num, offset int) *pan.Query {
216 var login Login
217 fields, _ := pan.GetFields(login)
218 query := pan.New(pan.POSTGRES, "SELECT "+pan.QueryList(fields)+" FROM "+pan.GetTableName(login))
219 query.IncludeWhere()
220 query.Include(pan.GetUnquotedColumn(login, "ProfileID")+" = ?", profile)
221 query.IncludeLimit(int64(num))
222 query.IncludeOffset(int64(offset))
223 return query.FlushExpressions(" ")
224 }
225
226 func (p *postgres) listLogins(profile uuid.ID, num, offset int) ([]Login, error) {
227 query := p.listLoginsSQL(profile, num, offset)
228 rows, err := p.db.Query(query.String(), query.Args...)
229 if err != nil {
230 return []Login{}, err
231 }
232 var logins []Login
233 for rows.Next() {
234 var login Login
235 err = pan.Unmarshal(rows, &login)
236 if err != nil {
237 return logins, err
238 }
239 logins = append(logins, login)
240 }
241 if err := rows.Err(); err != nil {
242 return logins, err
243 }
244 return logins, nil
245 }