Auth authenticates the user via a json in content body.
(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server)
| 37 | |
| 38 | // Auth authenticates the user via a json in content body. |
| 39 | func (a *HookAuth) Auth(r *http.Request, usr users.Store, stg *settings.Settings, srv *settings.Server) (*users.User, error) { |
| 40 | var cred hookCred |
| 41 | |
| 42 | if r.Body == nil { |
| 43 | return nil, os.ErrPermission |
| 44 | } |
| 45 | |
| 46 | err := json.NewDecoder(r.Body).Decode(&cred) |
| 47 | if err != nil { |
| 48 | return nil, os.ErrPermission |
| 49 | } |
| 50 | |
| 51 | a.Users = usr |
| 52 | a.Settings = stg |
| 53 | a.Server = srv |
| 54 | a.Cred = cred |
| 55 | |
| 56 | action, err := a.RunCommand() |
| 57 | if err != nil { |
| 58 | return nil, err |
| 59 | } |
| 60 | |
| 61 | switch action { |
| 62 | case "auth": |
| 63 | u, err := a.SaveUser() |
| 64 | if err != nil { |
| 65 | return nil, err |
| 66 | } |
| 67 | return u, nil |
| 68 | case "block": |
| 69 | return nil, os.ErrPermission |
| 70 | case "pass": |
| 71 | u, err := a.Users.Get(a.Server.Root, a.Server.FollowExternalSymlinks, a.Cred.Username) |
| 72 | if err != nil || !users.CheckPwd(a.Cred.Password, u.Password) { |
| 73 | return nil, os.ErrPermission |
| 74 | } |
| 75 | return u, nil |
| 76 | default: |
| 77 | return nil, fmt.Errorf("invalid hook action: %s", action) |
| 78 | } |
| 79 | } |
| 80 | |
| 81 | // LoginPage tells that hook auth requires a login page. |
| 82 | func (a *HookAuth) LoginPage() bool { |
nothing calls this directly
no test coverage detected