-
Notifications
You must be signed in to change notification settings - Fork 60
/
login_handler.go
98 lines (91 loc) · 2.65 KB
/
login_handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package uadmin
import (
"net/http"
"strings"
)
// loginHandler HTTP handeler for verifying login data and creating sessions for users
func loginHandler(w http.ResponseWriter, r *http.Request) {
type Context struct {
Err string
ErrExists bool
SiteName string
Languages []Language
RootURL string
OTPRequired bool
Language Language
Username string
Password string
}
c := Context{}
c.SiteName = SiteName
c.RootURL = RootURL
c.Language = getLanguage(r)
if r.Method == cPOST {
if r.FormValue("save") == "Send Request" {
// This is a password reset request
IncrementMetric("uadmin/security/passwordreset/request")
email := r.FormValue("email")
user := User{}
Get(&user, "Email = ?", email)
if user.ID != 0 {
IncrementMetric("uadmin/security/passwordreset/emailsent")
c.ErrExists = true
c.Err = "Password recovery request sent. Please check email to reset your password"
forgotPasswordHandler(&user, r)
} else {
IncrementMetric("uadmin/security/passwordreset/invalidemail")
c.ErrExists = true
c.Err = "Please check email address. Email address must be associated with the account to be recovered."
}
} else {
// This is a login request
username := r.PostFormValue("username")
username = strings.TrimSpace(strings.ToLower(username))
password := r.PostFormValue("password")
otp := r.PostFormValue("otp")
lang := r.PostFormValue("language")
session := Login2FA(r, username, password, otp)
if session == nil || !session.User.Active {
c.ErrExists = true
c.Err = "Invalid username/password or inactive user"
} else {
if session.PendingOTP {
Trail(INFO, "User: %s OTP: %s", session.User.Username, session.User.GetOTP())
}
cookie, _ := r.Cookie("session")
if cookie == nil {
cookie = &http.Cookie{}
}
cookie.Name = "session"
cookie.Value = session.Key
cookie.Path = "/"
cookie.SameSite = http.SameSiteStrictMode
http.SetCookie(w, cookie)
// set language cookie
cookie, _ = r.Cookie("language")
if cookie == nil {
cookie = &http.Cookie{}
}
cookie.Name = "language"
cookie.Value = lang
cookie.Path = "/"
http.SetCookie(w, cookie)
// Check for OTP
if session.PendingOTP {
c.Username = username
c.Password = password
c.OTPRequired = true
} else {
if r.URL.Query().Get("next") == "" {
http.Redirect(w, r, strings.TrimSuffix(r.RequestURI, "logout"), 303)
return
}
http.Redirect(w, r, r.URL.Query().Get("next"), 303)
return
}
}
}
}
c.Languages = activeLangs
RenderHTML(w, r, "./templates/uadmin/"+Theme+"/login.html", c)
}