... | ... |
@@ -11,6 +11,18 @@ type AuthenticationHandler interface { |
11 | 11 |
AuthenticationError(err error, w http.ResponseWriter, req *http.Request) |
12 | 12 |
} |
13 | 13 |
|
14 |
+// AuthenticationSucceeded is called when a user was successfully authenticated |
|
15 |
+// The user object may not be nil |
|
16 |
+type AuthenticationSucceeded interface { |
|
17 |
+ AuthenticationSucceeded(user api.UserInfo, w http.ResponseWriter, req *http.Request) error |
|
18 |
+} |
|
19 |
+ |
|
20 |
+// InvalidateAuthentication is called when an authentication is being invalidated (e.g. session timeout or log out) |
|
21 |
+// The user parameter may be nil if unknown |
|
22 |
+type AuthenticationInvalidator interface { |
|
23 |
+ InvalidateAuthentication(user api.UserInfo, w http.ResponseWriter, req *http.Request) error |
|
24 |
+} |
|
25 |
+ |
|
14 | 26 |
type GrantChecker interface { |
15 | 27 |
HasAuthorizedClient(client api.Client, user api.UserInfo, grant *api.Grant) (bool, error) |
16 | 28 |
} |
... | ... |
@@ -52,3 +52,12 @@ func (a *SessionAuthenticator) AuthenticationSucceeded(user api.UserInfo, w http |
52 | 52 |
values[UserNameKey] = user.GetName() |
53 | 53 |
return a.store.Save(w, req) |
54 | 54 |
} |
55 |
+ |
|
56 |
+func (a *SessionAuthenticator) InvalidateAuthentication(context api.UserInfo, w http.ResponseWriter, req *http.Request) error { |
|
57 |
+ session, err := a.store.Get(req, a.name) |
|
58 |
+ if err != nil { |
|
59 |
+ return err |
|
60 |
+ } |
|
61 |
+ session.Values()[UserNameKey] = "" |
|
62 |
+ return a.store.Save(w, req) |
|
63 |
+} |
... | ... |
@@ -141,18 +141,18 @@ func (emptyPasswordAuth) AuthenticatePassword(user, password string) (api.UserIn |
141 | 141 |
// Saves the username of any successful password authentication in the session |
142 | 142 |
// |
143 | 143 |
type sessionPasswordAuthenticator struct { |
144 |
- passwordAuthenticator authenticator.Password |
|
145 |
- sessionAuthenticator *session.SessionAuthenticator |
|
144 |
+ password authenticator.Password |
|
145 |
+ success handlers.AuthenticationSucceeded |
|
146 | 146 |
} |
147 | 147 |
|
148 | 148 |
// for login.PasswordAuthenticator |
149 | 149 |
func (auth *sessionPasswordAuthenticator) AuthenticatePassword(user, password string) (api.UserInfo, bool, error) { |
150 |
- return auth.passwordAuthenticator.AuthenticatePassword(user, password) |
|
150 |
+ return auth.password.AuthenticatePassword(user, password) |
|
151 | 151 |
} |
152 | 152 |
|
153 | 153 |
// for login.PasswordAuthenticator |
154 | 154 |
func (auth *sessionPasswordAuthenticator) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) { |
155 |
- err := auth.sessionAuthenticator.AuthenticationSucceeded(user, w, req) |
|
155 |
+ err := auth.success.AuthenticationSucceeded(user, w, req) |
|
156 | 156 |
if err != nil { |
157 | 157 |
fmt.Fprintf(w, "<body>Could not save session, err=%#v</body>", err) |
158 | 158 |
return |