Browse code
Move auth success/invalidate to interface
Jordan Liggitt authored on 2014/10/21 07:24:44Showing 3 changed files
- pkg/auth/oauth/handlers/interfaces.go
- pkg/auth/server/session/authenticator.go
- pkg/cmd/server/origin/auth.go
| ... | ... |
@@ -11,6 +11,18 @@ type AuthenticationHandler interface {
|
| 11 | 11 |
AuthenticationError(err error, w http.ResponseWriter, req *http.Request) |
| 12 | 12 |
} |
| 13 | 13 |
|
| 14 |
+// AuthenticationSucceeded is called when a user was successfully authenticated |
|
| 15 |
+// The user object may not be nil |
|
| 16 |
+type AuthenticationSucceeded interface {
|
|
| 17 |
+ AuthenticationSucceeded(user api.UserInfo, w http.ResponseWriter, req *http.Request) error |
|
| 18 |
+} |
|
| 19 |
+ |
|
| 20 |
+// InvalidateAuthentication is called when an authentication is being invalidated (e.g. session timeout or log out) |
|
| 21 |
+// The user parameter may be nil if unknown |
|
| 22 |
+type AuthenticationInvalidator interface {
|
|
| 23 |
+ InvalidateAuthentication(user api.UserInfo, w http.ResponseWriter, req *http.Request) error |
|
| 24 |
+} |
|
| 25 |
+ |
|
| 14 | 26 |
type GrantChecker interface {
|
| 15 | 27 |
HasAuthorizedClient(client api.Client, user api.UserInfo, grant *api.Grant) (bool, error) |
| 16 | 28 |
} |
| ... | ... |
@@ -52,3 +52,12 @@ func (a *SessionAuthenticator) AuthenticationSucceeded(user api.UserInfo, w http |
| 52 | 52 |
values[UserNameKey] = user.GetName() |
| 53 | 53 |
return a.store.Save(w, req) |
| 54 | 54 |
} |
| 55 |
+ |
|
| 56 |
+func (a *SessionAuthenticator) InvalidateAuthentication(context api.UserInfo, w http.ResponseWriter, req *http.Request) error {
|
|
| 57 |
+ session, err := a.store.Get(req, a.name) |
|
| 58 |
+ if err != nil {
|
|
| 59 |
+ return err |
|
| 60 |
+ } |
|
| 61 |
+ session.Values()[UserNameKey] = "" |
|
| 62 |
+ return a.store.Save(w, req) |
|
| 63 |
+} |
| ... | ... |
@@ -141,18 +141,18 @@ func (emptyPasswordAuth) AuthenticatePassword(user, password string) (api.UserIn |
| 141 | 141 |
// Saves the username of any successful password authentication in the session |
| 142 | 142 |
// |
| 143 | 143 |
type sessionPasswordAuthenticator struct {
|
| 144 |
- passwordAuthenticator authenticator.Password |
|
| 145 |
- sessionAuthenticator *session.SessionAuthenticator |
|
| 144 |
+ password authenticator.Password |
|
| 145 |
+ success handlers.AuthenticationSucceeded |
|
| 146 | 146 |
} |
| 147 | 147 |
|
| 148 | 148 |
// for login.PasswordAuthenticator |
| 149 | 149 |
func (auth *sessionPasswordAuthenticator) AuthenticatePassword(user, password string) (api.UserInfo, bool, error) {
|
| 150 |
- return auth.passwordAuthenticator.AuthenticatePassword(user, password) |
|
| 150 |
+ return auth.password.AuthenticatePassword(user, password) |
|
| 151 | 151 |
} |
| 152 | 152 |
|
| 153 | 153 |
// for login.PasswordAuthenticator |
| 154 | 154 |
func (auth *sessionPasswordAuthenticator) AuthenticationSucceeded(user api.UserInfo, then string, w http.ResponseWriter, req *http.Request) {
|
| 155 |
- err := auth.sessionAuthenticator.AuthenticationSucceeded(user, w, req) |
|
| 155 |
+ err := auth.success.AuthenticationSucceeded(user, w, req) |
|
| 156 | 156 |
if err != nil {
|
| 157 | 157 |
fmt.Fprintf(w, "<body>Could not save session, err=%#v</body>", err) |
| 158 | 158 |
return |