include full *LoginSession

authStore.go

@@ -37,9 +37,9 @@ type AuthStorer interface {
 	GetSession(w http.ResponseWriter, r *http.Request) (*LoginSession, error)
 	GetBasicAuth(w http.ResponseWriter, r *http.Request) (*LoginSession, error)
 	OAuthLogin(w http.ResponseWriter, r *http.Request) (string, error)
-	Login(w http.ResponseWriter, r *http.Request) (string, error)
+	Login(w http.ResponseWriter, r *http.Request) (*LoginSession, error)
 	Register(w http.ResponseWriter, r *http.Request) error
-	CreateProfile(w http.ResponseWriter, r *http.Request) (string, error)
+	CreateProfile(w http.ResponseWriter, r *http.Request) (*LoginSession, error)
 	VerifyEmail(w http.ResponseWriter, r *http.Request) (string, string, error)
 	CreateSecondaryEmail(w http.ResponseWriter, r *http.Request) error
 	SetPrimaryEmail(w http.ResponseWriter, r *http.Request) error
@@ -183,16 +183,16 @@ func (s *authStore) renewSession(w http.ResponseWriter, r *http.Request, session
 }
 
 /******************************** Login ***********************************************/
-func (s *authStore) Login(w http.ResponseWriter, r *http.Request) (string, error) {
+func (s *authStore) Login(w http.ResponseWriter, r *http.Request) (*LoginSession, error) {
 	credentials, err := getCredentials(r)
 	if err != nil {
-		return "", newAuthError("Unable to get credentials", err)
+		return nil, newAuthError("Unable to get credentials", err)
 	}
 	session, err := s.login(w, r, credentials.Email, credentials.Password, credentials.RememberMe)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
-	return session.CSRFToken, err
+	return session, err
 }
 
 func (s *authStore) login(w http.ResponseWriter, r *http.Request, email, password string, rememberMe bool) (*LoginSession, error) {
@@ -413,59 +413,59 @@ func (s *authStore) addEmailSession(email, destinationURL string) (string, error
 	return verifyCode, nil
 }
 
-func (s *authStore) CreateProfile(w http.ResponseWriter, r *http.Request) (string, error) {
+func (s *authStore) CreateProfile(w http.ResponseWriter, r *http.Request) (*LoginSession, error) {
 	profile, err := getProfile(r)
 	if err != nil {
-		return "", newAuthError("Unable to get profile information from form", err)
+		return nil, newAuthError("Unable to get profile information from form", err)
 	}
 	csrfToken := r.Header.Get("X-CSRF-Token")
 	if csrfToken == "" {
-		return "", errMissingCSRF
+		return nil, errMissingCSRF
 	}
 	return s.createProfile(w, r, csrfToken, profile.FullName, profile.Organization, profile.Password, profile.PicturePath)
 }
 
-func (s *authStore) createProfile(w http.ResponseWriter, r *http.Request, csrfToken, fullName, organization, password, picturePath string) (string, error) {
+func (s *authStore) createProfile(w http.ResponseWriter, r *http.Request, csrfToken, fullName, organization, password, picturePath string) (*LoginSession, error) {
 	emailCookie, err := s.getEmailCookie(w, r)
 	if err != nil || emailCookie.EmailVerificationCode == "" {
-		return "", newLoggedError("Unable to get email verification cookie", err)
+		return nil, newLoggedError("Unable to get email verification cookie", err)
 	}
 
 	emailVerifyHash, err := decodeStringToHash(emailCookie.EmailVerificationCode) // base64 decode and hash
 	if err != nil {
-		return "", newLoggedError("Invalid email verification cookie", err)
+		return nil, newLoggedError("Invalid email verification cookie", err)
 	}
 
 	session, err := s.backend.GetEmailSession(emailVerifyHash)
 	if err != nil {
-		return "", newLoggedError("Invalid email verification", err)
+		return nil, newLoggedError("Invalid email verification", err)
 	}
 	if session.CSRFToken != csrfToken {
-		return "", errInvalidCSRF
+		return nil, errInvalidCSRF
 	}
 
 	err = s.backend.UpdateUser(session.UserID, fullName, organization, picturePath)
 	if err != nil {
-		return "", newLoggedError("Unable to update user", err)
+		return nil, newLoggedError("Unable to update user", err)
 	}
 
 	err = s.backend.DeleteEmailSession(session.EmailVerifyHash)
 	if err != nil {
-		return "", newLoggedError("Error while creating profile", err)
+		return nil, newLoggedError("Error while creating profile", err)
 	}
 
 	_, err = s.backend.CreateLogin(session.UserID, session.Email, password, fullName)
 	if err != nil {
-		return "", newLoggedError("Unable to create login", err)
+		return nil, newLoggedError("Unable to create login", err)
 	}
 
 	ls, err := s.createSession(w, r, session.Email, session.UserID, fullName, false)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	s.deleteEmailCookie(w)
-	return ls.CSRFToken, nil
+	return ls, nil
 }
 
 // move to sessionStore

authStore_e2e_test.go

@@ -167,7 +167,7 @@ func _createProfile(fullName, password string, emailCookie *emailCookie, b *back
 	}
 
 	// create profile
-	newToken, err := s.createProfile(nil, r, csrfToken, fullName, "company", password, "picturePath")
+	newSession, err := s.createProfile(nil, r, csrfToken, fullName, "company", password, "picturePath")
 	if err != nil {
 		return "", nil, err
 	}
@@ -198,7 +198,7 @@ func _createProfile(fullName, password string, emailCookie *emailCookie, b *back
 	if session == nil || session.SessionHash != sessionHash || session.Email != oldEmailSession.Email || session.UserID != oldEmailSession.UserID || session.FullName != fullName {
 		return "", nil, errors.Errorf("expected session to be created, %v", session)
 	}
-	return newToken, sessionCookie, nil
+	return newSession.CSRFToken, sessionCookie, nil
 }
 
 func _login(email, password string, remember bool, clientSessionCookie *sessionCookie, rememberCookie *rememberMeCookie, b *backendMemory, m *TextMailer) (string, *sessionCookie, *rememberMeCookie, error) {

backend.go

@@ -97,9 +97,9 @@ type user struct {
 
 // UserLogin is the struct which holds login information
 type UserLogin struct {
-	UserID   string
-	Email    string
-	FullName string
+	UserID   string `json:"userID"`
+	Email    string `json:"email"`
+	FullName string `json:"fullName"`
 }
 
 // LoginSession is the struct which holds session information

nginx/nginxauth.go

@@ -236,15 +236,15 @@ func oauthLogin(authStore auth.AuthStorer, w http.ResponseWriter, r *http.Reques
 }
 
 func login(authStore auth.AuthStorer, w http.ResponseWriter, r *http.Request) {
-	runWithCSRF("login", authStore.Login, w, r)
+	runWithProfile(authStore.Login, w, r)
 }
 
 func register(authStore auth.AuthStorer, w http.ResponseWriter, r *http.Request) {
 	run("register", authStore.Register, w, r)
 }
 
 func createProfile(authStore auth.AuthStorer, w http.ResponseWriter, r *http.Request) {
-	runWithCSRF("createProfile", authStore.CreateProfile, w, r)
+	runWithProfile(authStore.CreateProfile, w, r)
 }
 
 func createSecondaryEmail(authStore auth.AuthStorer, w http.ResponseWriter, r *http.Request) {
@@ -268,6 +268,22 @@ func run(name string, method func(http.ResponseWriter, *http.Request) error, w h
 	writeOutput(w, `{ "result": "Success" }`, method(w, r))
 }
 
+func runWithProfile(method func(http.ResponseWriter, *http.Request) (*auth.LoginSession, error), w http.ResponseWriter, r *http.Request) {
+	s, err := method(w, r)
+	if err != nil {
+		authErr(w, r, err)
+		return
+	}
+
+	user, err := json.Marshal(&auth.UserLogin{Email: s.Email, UserID: s.UserID, FullName: s.FullName})
+	if err != nil {
+		authErr(w, r, err)
+		return
+	}
+
+	writeOutput(w, string(user), nil)
+}
+
 func runWithCSRF(name string, method func(http.ResponseWriter, *http.Request) (string, error), w http.ResponseWriter, r *http.Request) {
 	csrfToken, err := method(w, r)
 	writeOutput(w, fmt.Sprintf(`{ "result": "Success", "csrfToken": "%s" }`, csrfToken), err)

nginx/nginxauth_test.go

@@ -184,17 +184,17 @@ func (s *mockAuthStorer) OAuthLogin(w http.ResponseWriter, r *http.Request) (str
 	s.LastRun = "OAuthLogin"
 	return "csrfToken", s.ErrReturn
 }
-func (s *mockAuthStorer) Login(w http.ResponseWriter, r *http.Request) (string, error) {
+func (s *mockAuthStorer) Login(w http.ResponseWriter, r *http.Request) (*auth.LoginSession, error) {
 	s.LastRun = "Login"
-	return "csrfToken", s.ErrReturn
+	return s.SessionReturn, s.ErrReturn
 }
 func (s *mockAuthStorer) Register(w http.ResponseWriter, r *http.Request) error {
 	s.LastRun = "Register"
 	return s.ErrReturn
 }
-func (s *mockAuthStorer) CreateProfile(w http.ResponseWriter, r *http.Request) (string, error) {
+func (s *mockAuthStorer) CreateProfile(w http.ResponseWriter, r *http.Request) (*auth.LoginSession, error) {
 	s.LastRun = "CreateProfile"
-	return "csrfToken", s.ErrReturn
+	return s.SessionReturn, s.ErrReturn
 }
 func (s *mockAuthStorer) VerifyEmail(w http.ResponseWriter, r *http.Request) (string, string, error) {
 	s.LastRun = "VerifyEmail"