Login handles login requests from clients.
(ctx context.Context, request *api.LoginRequest)
| 40 | |
| 41 | // Login handles login requests from clients. |
| 42 | func (s *Server) Login(ctx context.Context, |
| 43 | request *api.LoginRequest) (*api.Response, error) { |
| 44 | |
| 45 | if !shouldAllowAcls(request.GetNamespace()) { |
| 46 | return nil, errors.New("operation is not allowed in shared cloud mode") |
| 47 | } |
| 48 | |
| 49 | if err := x.HealthCheck(); err != nil { |
| 50 | return nil, err |
| 51 | } |
| 52 | |
| 53 | ctx, span := otrace.StartSpan(ctx, "server.Login") |
| 54 | defer span.End() |
| 55 | |
| 56 | // record the client ip for this login request |
| 57 | var addr string |
| 58 | if ipAddr, err := hasAdminAuth(ctx, "Login"); err != nil { |
| 59 | return nil, err |
| 60 | } else { |
| 61 | addr = ipAddr.String() |
| 62 | span.Annotate([]otrace.Attribute{ |
| 63 | otrace.StringAttribute("client_ip", addr), |
| 64 | }, "client ip for login") |
| 65 | } |
| 66 | |
| 67 | user, err := s.authenticateLogin(ctx, request) |
| 68 | if err != nil { |
| 69 | glog.Errorf("Authentication from address %s failed: %v", addr, err) |
| 70 | return nil, x.ErrorInvalidLogin |
| 71 | } |
| 72 | glog.Infof("%s logged in successfully", user.UserID) |
| 73 | |
| 74 | resp := &api.Response{} |
| 75 | accessJwt, err := getAccessJwt(user.UserID, user.Groups, user.Namespace) |
| 76 | if err != nil { |
| 77 | errMsg := fmt.Sprintf("unable to get access jwt (userid=%s,addr=%s):%v", |
| 78 | user.UserID, addr, err) |
| 79 | glog.Errorf(errMsg) |
| 80 | return nil, errors.Errorf("%v", errMsg) |
| 81 | } |
| 82 | |
| 83 | refreshJwt, err := getRefreshJwt(user.UserID, user.Namespace) |
| 84 | if err != nil { |
| 85 | errMsg := fmt.Sprintf("unable to get refresh jwt (userid=%s,addr=%s):%v", |
| 86 | user.UserID, addr, err) |
| 87 | glog.Errorf(errMsg) |
| 88 | return nil, errors.Errorf("%v", errMsg) |
| 89 | } |
| 90 | |
| 91 | loginJwt := api.Jwt{ |
| 92 | AccessJwt: accessJwt, |
| 93 | RefreshJwt: refreshJwt, |
| 94 | } |
| 95 | |
| 96 | jwtBytes, err := proto.Marshal(&loginJwt) |
| 97 | if err != nil { |
| 98 | errMsg := fmt.Sprintf("unable to marshal jwt (userid=%s,addr=%s):%v", |
| 99 | user.UserID, addr, err) |