MCPcopy
hub / github.com/dgraph-io/dgraph / authenticateLogin

Method authenticateLogin

edgraph/access.go:110–159  ·  view source on GitHub ↗

authenticateLogin authenticates the login request using either the refresh token if present, or the pair. If authentication passes, it queries the user's uid and associated groups from DB and returns the user object

(ctx context.Context, request *api.LoginRequest)

Source from the content-addressed store, hash-verified

108// the <userId, password> pair. If authentication passes, it queries the user's uid and associated
109// groups from DB and returns the user object
110func (s *Server) authenticateLogin(ctx context.Context, request *api.LoginRequest) (*acl.User, error) {
111 if err := validateLoginRequest(request); err != nil {
112 return nil, errors.Wrapf(err, "invalid login request")
113 }
114
115 var user *acl.User
116 if len(request.RefreshToken) > 0 {
117 userData, err := validateToken(request.RefreshToken)
118 if err != nil {
119 return nil, errors.Wrapf(err, "unable to authenticate the refresh token %v",
120 request.RefreshToken)
121 }
122
123 userId := userData.userId
124 ctx = x.AttachNamespace(ctx, userData.namespace)
125 user, err = authorizeUser(ctx, userId, "")
126 if err != nil {
127 return nil, errors.Wrapf(err, "while querying user with id %v", userId)
128 }
129
130 if user == nil {
131 return nil, errors.Errorf("unable to authenticate: invalid credentials")
132 }
133
134 user.Namespace = userData.namespace
135 glog.Infof("Authenticated user %s through refresh token", userId)
136 return user, nil
137 }
138
139 // In case of login, we can't extract namespace from JWT because we have not yet given JWT
140 // to the user, so the login request should contain the namespace, which is then set to ctx.
141 ctx = x.AttachNamespace(ctx, request.Namespace)
142
143 // authorize the user using password
144 var err error
145 user, err = authorizeUser(ctx, request.Userid, request.Password)
146 if err != nil {
147 return nil, errors.Wrapf(err, "while querying user with id %v",
148 request.Userid)
149 }
150
151 if user == nil {
152 return nil, errors.Errorf("unable to authenticate: invalid credentials")
153 }
154 if !user.PasswordMatch {
155 return nil, x.ErrorInvalidLogin
156 }
157 user.Namespace = request.Namespace
158 return user, nil
159}
160
161type userData struct {
162 namespace uint64

Callers 1

LoginMethod · 0.95

Calls 6

AttachNamespaceFunction · 0.92
validateLoginRequestFunction · 0.85
validateTokenFunction · 0.85
authorizeUserFunction · 0.85
InfofMethod · 0.80
ErrorfMethod · 0.45

Tested by

no test coverage detected