miniflux-v2/ui/login.go

// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.

package ui

import (
	"github.com/miniflux/miniflux/http/cookie"
	"github.com/miniflux/miniflux/http/handler"
	"github.com/miniflux/miniflux/logger"
	"github.com/miniflux/miniflux/ui/form"

	"github.com/tomasen/realip"
)

// ShowLoginPage shows the login form.
func (c *Controller) ShowLoginPage(ctx *handler.Context, request *handler.Request, response *handler.Response) {
	if ctx.IsAuthenticated() {
		response.Redirect(ctx.Route("unread"))
		return
	}

	response.HTML().Render("login", ctx.UserLanguage(), tplParams{
		"csrf": ctx.CSRF(),
	})
}

// CheckLogin validates the username/password and redirects the user to the unread page.
func (c *Controller) CheckLogin(ctx *handler.Context, request *handler.Request, response *handler.Response) {
	authForm := form.NewAuthForm(request.Request())
	tplParams := tplParams{
		"errorMessage": "Invalid username or password.",
		"csrf":         ctx.CSRF(),
		"form":         authForm,
	}

	if err := authForm.Validate(); err != nil {
		logger.Error("[Controller:CheckLogin] %v", err)
		response.HTML().Render("login", ctx.UserLanguage(), tplParams)
		return
	}

	if err := c.store.CheckPassword(authForm.Username, authForm.Password); err != nil {
		logger.Error("[Controller:CheckLogin] %v", err)
		response.HTML().Render("login", ctx.UserLanguage(), tplParams)
		return
	}

	sessionToken, err := c.store.CreateUserSession(
		authForm.Username,
		request.Request().UserAgent(),
		realip.RealIP(request.Request()),
	)

	if err != nil {
		response.HTML().ServerError(err)
		return
	}

	logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username)

	response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, c.cfg.IsHTTPS, c.cfg.BasePath()))
	response.Redirect(ctx.Route("unread"))
}

// Logout destroy the session and redirects the user to the login page.
func (c *Controller) Logout(ctx *handler.Context, request *handler.Request, response *handler.Response) {
	user := ctx.LoggedUser()

	if err := c.store.UpdateSessionField(ctx.SessionID(), "language", user.Language); err != nil {
		logger.Error("[Controller:Logout] %v", err)
	}

	if err := c.store.RemoveUserSessionByToken(user.ID, ctx.UserSessionToken()); err != nil {
		logger.Error("[Controller:Logout] %v", err)
	}

	response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, c.cfg.IsHTTPS, c.cfg.BasePath()))
	response.Redirect(ctx.Route("login"))
}
First commit 2017-11-19 21:10:04 -08:00			`// Copyright 2017 Frédéric Guillot. All rights reserved.`
			`// Use of this source code is governed by the Apache 2.0`
			`// license that can be found in the LICENSE file.`

Refactor packages to have more idiomatic code base 2018-01-02 22:04:48 -08:00			`package ui`
First commit 2017-11-19 21:10:04 -08:00
			`import (`
Refactor packages to have more idiomatic code base 2018-01-02 22:04:48 -08:00			`"github.com/miniflux/miniflux/http/cookie"`
			`"github.com/miniflux/miniflux/http/handler"`
Add logger 2017-12-15 18:55:57 -08:00			`"github.com/miniflux/miniflux/logger"`
Refactor packages to have more idiomatic code base 2018-01-02 22:04:48 -08:00			`"github.com/miniflux/miniflux/ui/form"`
Add OAuth2 authentication 2017-11-22 22:22:33 -08:00
First commit 2017-11-19 21:10:04 -08:00			`"github.com/tomasen/realip"`
			`)`

Add OAuth2 authentication 2017-11-22 22:22:33 -08:00			`// ShowLoginPage shows the login form.`
Refactor packages to have more idiomatic code base 2018-01-02 22:04:48 -08:00			`func (c Controller) ShowLoginPage(ctx handler.Context, request handler.Request, response handler.Response) {`
First commit 2017-11-19 21:10:04 -08:00			`if ctx.IsAuthenticated() {`
Improve Context to be more idiomatic 2017-11-21 18:37:08 -08:00			`response.Redirect(ctx.Route("unread"))`
First commit 2017-11-19 21:10:04 -08:00			`return`
			`}`

Do not use shared variable to translate templates 2018-04-27 22:07:46 -07:00			`response.HTML().Render("login", ctx.UserLanguage(), tplParams{`
Session management refactoring 2017-12-16 18:07:53 -08:00			`"csrf": ctx.CSRF(),`
First commit 2017-11-19 21:10:04 -08:00			`})`
			`}`

Add OAuth2 authentication 2017-11-22 22:22:33 -08:00			`// CheckLogin validates the username/password and redirects the user to the unread page.`
Refactor packages to have more idiomatic code base 2018-01-02 22:04:48 -08:00			`func (c Controller) CheckLogin(ctx handler.Context, request handler.Request, response handler.Response) {`
Improve Request to be more idiomatic 2017-11-21 18:14:45 -08:00			`authForm := form.NewAuthForm(request.Request())`
First commit 2017-11-19 21:10:04 -08:00			`tplParams := tplParams{`
			`"errorMessage": "Invalid username or password.",`
Session management refactoring 2017-12-16 18:07:53 -08:00			`"csrf": ctx.CSRF(),`
Fill login form on failed sign in 2017-12-22 16:30:17 -08:00			`"form": authForm,`
First commit 2017-11-19 21:10:04 -08:00			`}`

			`if err := authForm.Validate(); err != nil {`
Add logger 2017-12-15 18:55:57 -08:00			`logger.Error("[Controller:CheckLogin] %v", err)`
Do not use shared variable to translate templates 2018-04-27 22:07:46 -07:00			`response.HTML().Render("login", ctx.UserLanguage(), tplParams)`
First commit 2017-11-19 21:10:04 -08:00			`return`
			`}`

			`if err := c.store.CheckPassword(authForm.Username, authForm.Password); err != nil {`
Add logger 2017-12-15 18:55:57 -08:00			`logger.Error("[Controller:CheckLogin] %v", err)`
Do not use shared variable to translate templates 2018-04-27 22:07:46 -07:00			`response.HTML().Render("login", ctx.UserLanguage(), tplParams)`
First commit 2017-11-19 21:10:04 -08:00			`return`
			`}`

Rename sessions table to user_sessions 2017-12-16 12:15:33 -08:00			`sessionToken, err := c.store.CreateUserSession(`
First commit 2017-11-19 21:10:04 -08:00			`authForm.Username,`
Improve Request to be more idiomatic 2017-11-21 18:14:45 -08:00			`request.Request().UserAgent(),`
			`realip.RealIP(request.Request()),`
First commit 2017-11-19 21:10:04 -08:00			`)`
Add OAuth2 authentication 2017-11-22 22:22:33 -08:00
First commit 2017-11-19 21:10:04 -08:00			`if err != nil {`
Improve Response to be more idiomatic 2017-11-21 18:30:16 -08:00			`response.HTML().ServerError(err)`
First commit 2017-11-19 21:10:04 -08:00			`return`
			`}`

Add logger 2017-12-15 18:55:57 -08:00			`logger.Info("[Controller:CheckLogin] username=%s just logged in", authForm.Username)`
First commit 2017-11-19 21:10:04 -08:00
Add support for base URLs with subfolders 2018-02-03 15:33:17 -08:00			`response.SetCookie(cookie.New(cookie.CookieUserSessionID, sessionToken, c.cfg.IsHTTPS, c.cfg.BasePath()))`
Improve Context to be more idiomatic 2017-11-21 18:37:08 -08:00			`response.Redirect(ctx.Route("unread"))`
First commit 2017-11-19 21:10:04 -08:00			`}`

Add OAuth2 authentication 2017-11-22 22:22:33 -08:00			`// Logout destroy the session and redirects the user to the login page.`
Refactor packages to have more idiomatic code base 2018-01-02 22:04:48 -08:00			`func (c Controller) Logout(ctx handler.Context, request handler.Request, response handler.Response) {`
Improve Context to be more idiomatic 2017-11-21 18:37:08 -08:00			`user := ctx.LoggedUser()`
First commit 2017-11-19 21:10:04 -08:00
Store language in session to show the login page translated 2018-01-18 21:53:31 -08:00			`if err := c.store.UpdateSessionField(ctx.SessionID(), "language", user.Language); err != nil {`
			`logger.Error("[Controller:Logout] %v", err)`
			`}`

Session management refactoring 2017-12-16 18:07:53 -08:00			`if err := c.store.RemoveUserSessionByToken(user.ID, ctx.UserSessionToken()); err != nil {`
Add logger 2017-12-15 18:55:57 -08:00			`logger.Error("[Controller:Logout] %v", err)`
First commit 2017-11-19 21:10:04 -08:00			`}`

Add support for base URLs with subfolders 2018-02-03 15:33:17 -08:00			`response.SetCookie(cookie.Expired(cookie.CookieUserSessionID, c.cfg.IsHTTPS, c.cfg.BasePath()))`
Improve Context to be more idiomatic 2017-11-21 18:37:08 -08:00			`response.Redirect(ctx.Route("login"))`
First commit 2017-11-19 21:10:04 -08:00			`}`