github.com/fanux/shipyard@v0.0.0-20161009071005-6515ce223235/controller/api/login.go

github.com/fanux/shipyard@v0.0.0-20161009071005-6515ce223235/controller/api/login.go (about)

     1  package api
     2  
     3  import (
     4  	"encoding/json"
     5  	"net/http"
     6  
     7  	log "github.com/Sirupsen/logrus"
     8  	"github.com/shipyard/shipyard/auth"
     9  	"github.com/shipyard/shipyard/auth/ldap"
    10  	"github.com/shipyard/shipyard/controller/manager"
    11  )
    12  
    13  func (a *Api) login(w http.ResponseWriter, r *http.Request) {
    14  	var creds *Credentials
    15  	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
    16  		http.Error(w, err.Error(), http.StatusInternalServerError)
    17  		return
    18  	}
    19  
    20  	loginSuccessful, err := a.manager.Authenticate(creds.Username, creds.Password)
    21  	if err != nil {
    22  		log.Errorf("error during login for %s from %s: %s", creds.Username, r.RemoteAddr, err)
    23  		http.Error(w, err.Error(), http.StatusInternalServerError)
    24  		return
    25  	}
    26  
    27  	if !loginSuccessful {
    28  		log.Warnf("invalid login for %s from %s", creds.Username, r.RemoteAddr)
    29  		http.Error(w, "invalid username/password", http.StatusForbidden)
    30  		return
    31  	}
    32  
    33  	// check for ldap and autocreate for users
    34  	if a.manager.GetAuthenticator().Name() == "ldap" {
    35  		if a.manager.GetAuthenticator().(*ldap.LdapAuthenticator).AutocreateUsers {
    36  			defaultAccessLevel := a.manager.GetAuthenticator().(*ldap.LdapAuthenticator).DefaultAccessLevel
    37  			log.Debug("ldap: checking for existing user account and creating if necessary")
    38  			// give default users readonly access to containers
    39  			acct := &auth.Account{
    40  				Username: creds.Username,
    41  				Roles:    []string{defaultAccessLevel},
    42  			}
    43  
    44  			// check for existing account
    45  			if _, err := a.manager.Account(creds.Username); err != nil {
    46  				if err == manager.ErrAccountDoesNotExist {
    47  					log.Debugf("autocreating user for ldap: username=%s access=%s", creds.Username, defaultAccessLevel)
    48  					if err := a.manager.SaveAccount(acct); err != nil {
    49  						log.Errorf("error autocreating ldap user %s: %s", creds.Username, err)
    50  						http.Error(w, err.Error(), http.StatusInternalServerError)
    51  						return
    52  					}
    53  				} else {
    54  					log.Errorf("error checking user for autocreate: %s", err)
    55  					http.Error(w, err.Error(), http.StatusInternalServerError)
    56  					return
    57  				}
    58  			}
    59  
    60  		}
    61  	}
    62  
    63  	// return token
    64  	token, err := a.manager.NewAuthToken(creds.Username, r.UserAgent())
    65  	if err != nil {
    66  		http.Error(w, err.Error(), http.StatusInternalServerError)
    67  		return
    68  	}
    69  	if err := json.NewEncoder(w).Encode(token); err != nil {
    70  		http.Error(w, err.Error(), http.StatusInternalServerError)
    71  		return
    72  	}
    73  }
    74  
    75  func (a *Api) changePassword(w http.ResponseWriter, r *http.Request) {
    76  	session, _ := a.manager.Store().Get(r, a.manager.StoreKey())
    77  	var creds *Credentials
    78  	if err := json.NewDecoder(r.Body).Decode(&creds); err != nil {
    79  		http.Error(w, err.Error(), http.StatusInternalServerError)
    80  		return
    81  	}
    82  	username := session.Values["username"].(string)
    83  	if username == "" {
    84  		http.Error(w, "unauthorized", http.StatusInternalServerError)
    85  		return
    86  	}
    87  	if err := a.manager.ChangePassword(username, creds.Password); err != nil {
    88  		http.Error(w, err.Error(), http.StatusInternalServerError)
    89  		return
    90  	}
    91  }