nicoeri/filebrowser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adjustment based on the review

Browse Source
This commit is contained in:
Marvin Weck 2018-08-06 16:12:36 +02:00
parent d821395097
commit 94fc3f03d5
1 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
http/auth.go
View File

@ -54,30 +54,40 @@ func authHandler(c *fb.Context, w http.ResponseWriter, r *http.Request) (int, er
if c.NoAuth { if c.NoAuth {
// NoAuth instances shouldn't call this method. // NoAuth instances shouldn't call this method.
return 0, nil return 0, nil
} else if c.AuthMethod == "proxy" { }
// Receive the Username from the Header.
cred.Username = r.Header.Get(c.LoginHeader) if c.AuthMethod == "proxy" {
} else { // Receive the Username from the Header and check if it exists.
// Receive the credentials from the request and unmarshal them. u, err := c.Store.Users.GetByUsername(r.Header.Get(c.LoginHeader), c.NewFS)
if r.Body == nil { if err != nil {
return http.StatusForbidden, nil return http.StatusForbidden, nil
} }
err := json.NewDecoder(r.Body).Decode(&cred) c.User = u
return printToken(c, w)
}
// Receive the credentials from the request and unmarshal them.
var cred cred
if r.Body == nil {
return http.StatusForbidden, nil
}
err := json.NewDecoder(r.Body).Decode(&cred)
if err != nil {
return http.StatusForbidden, err
}
// If ReCaptcha is enabled, check the code.
if len(c.ReCaptchaSecret) > 0 {
ok, err := reCaptcha(c.ReCaptchaHost, c.ReCaptchaSecret, cred.ReCaptcha)
if err != nil { if err != nil {
return http.StatusForbidden, err return http.StatusForbidden, err
} }
// If ReCaptcha is enabled, check the code. if !ok {
if len(c.ReCaptchaSecret) > 0 { return http.StatusForbidden, nil
ok, err := reCaptcha(c.ReCaptchaHost, c.ReCaptchaSecret, cred.ReCaptcha)
if err != nil {
return http.StatusForbidden, err
}
if !ok {
return http.StatusForbidden, nil
}
} }
} }
@ -87,11 +97,9 @@ func authHandler(c *fb.Context, w http.ResponseWriter, r *http.Request) (int, er
return http.StatusForbidden, nil return http.StatusForbidden, nil
} }
if c.AuthMethod != "proxy" { // Checks if the password is correct.
// Checks if the password is correct. if !fb.CheckPasswordHash(cred.Password, u.Password) {
if !fb.CheckPasswordHash(cred.Password, u.Password) { return http.StatusForbidden, nil
return http.StatusForbidden, nil
}
} }
c.User = u c.User = u