feat: add support to get logged user as json

[perenecabuto]

No description provided.

[magikstm]

This PR should be turned down.

It would be an information exposure vulnerability.

[perenecabuto]

This PR should be turned down.

It would be an information exposure vulnerability.

Hi, @magikstm.
The same route exposes the user data as text/html. I agree that parsing json is easier, but if someone have a stolen token it is possible to extract the the data using jwt.io, jwtlib or parsing html, even if it is a XSS vulnerability. I've checked and there is no jsonp support, so it is not possible to inject script tags to run malicious code.

I've implemented it because it's really useful to get verified logged user data without need to implement it on my APIs and use some basic user data on js web app.

[magikstm]

@perenecabuto could you please specify the route that exposes it?

Default template does show it after logon:
https://github.com/tarent/loginsrv/blob/master/login/login_form.go#L56

But, it can be hidden with a template change using -template. Is it this one?

I'll review the PR more thoroughly.

[coveralls]

Coverage increased (+0.04%) to 90.605% when pulling 746c3bd on perenecabuto:master into 23bd16e on tarent:master.

[magikstm]

@perenecabuto would PR #96 related to issue #94 help?

Could PR #96 be used in your API to get logged in user?

[smancke]

@perenecabuto Thank you for the feature!
I overworked it a little bit and merged into master.

1. I changed it to return the JSON if the Accept header is JSON. The Content-Type is not relevant for that.
2. I have added some doku ..