authenticateLogin authenticates the login request using either the refresh token if present, or the pair. If authentication passes, it queries the user's uid and associated groups from DB and returns the user object
(ctx context.Context, request *api.LoginRequest)
| 108 | // the <userId, password> pair. If authentication passes, it queries the user's uid and associated |
| 109 | // groups from DB and returns the user object |
| 110 | func (s *Server) authenticateLogin(ctx context.Context, request *api.LoginRequest) (*acl.User, error) { |
| 111 | if err := validateLoginRequest(request); err != nil { |
| 112 | return nil, errors.Wrapf(err, "invalid login request") |
| 113 | } |
| 114 | |
| 115 | var user *acl.User |
| 116 | if len(request.RefreshToken) > 0 { |
| 117 | userData, err := validateToken(request.RefreshToken) |
| 118 | if err != nil { |
| 119 | return nil, errors.Wrapf(err, "unable to authenticate the refresh token %v", |
| 120 | request.RefreshToken) |
| 121 | } |
| 122 | |
| 123 | userId := userData.userId |
| 124 | ctx = x.AttachNamespace(ctx, userData.namespace) |
| 125 | user, err = authorizeUser(ctx, userId, "") |
| 126 | if err != nil { |
| 127 | return nil, errors.Wrapf(err, "while querying user with id %v", userId) |
| 128 | } |
| 129 | |
| 130 | if user == nil { |
| 131 | return nil, errors.Errorf("unable to authenticate: invalid credentials") |
| 132 | } |
| 133 | |
| 134 | user.Namespace = userData.namespace |
| 135 | glog.Infof("Authenticated user %s through refresh token", userId) |
| 136 | return user, nil |
| 137 | } |
| 138 | |
| 139 | // In case of login, we can't extract namespace from JWT because we have not yet given JWT |
| 140 | // to the user, so the login request should contain the namespace, which is then set to ctx. |
| 141 | ctx = x.AttachNamespace(ctx, request.Namespace) |
| 142 | |
| 143 | // authorize the user using password |
| 144 | var err error |
| 145 | user, err = authorizeUser(ctx, request.Userid, request.Password) |
| 146 | if err != nil { |
| 147 | return nil, errors.Wrapf(err, "while querying user with id %v", |
| 148 | request.Userid) |
| 149 | } |
| 150 | |
| 151 | if user == nil { |
| 152 | return nil, errors.Errorf("unable to authenticate: invalid credentials") |
| 153 | } |
| 154 | if !user.PasswordMatch { |
| 155 | return nil, x.ErrorInvalidLogin |
| 156 | } |
| 157 | user.Namespace = request.Namespace |
| 158 | return user, nil |
| 159 | } |
| 160 | |
| 161 | type userData struct { |
| 162 | namespace uint64 |
no test coverage detected