(w http.ResponseWriter, r *http.Request)
| 177 | } |
| 178 | |
| 179 | func (m *basicAuthAndSessionMiddleware) passwordAuthHandler(w http.ResponseWriter, r *http.Request) { |
| 180 | var req struct { |
| 181 | Username string |
| 182 | Password string |
| 183 | StayLoggedIn bool |
| 184 | } |
| 185 | if err := unmarshalTo(http.MaxBytesReader(w, r.Body, maxLoginRequestSize), &req); err != nil { |
| 186 | l.Debugln("Failed to parse username and password:", err) |
| 187 | http.Error(w, "Failed to parse username and password.", http.StatusBadRequest) |
| 188 | return |
| 189 | } |
| 190 | |
| 191 | if auth(req.Username, req.Password, m.guiCfg, m.ldapCfg) { |
| 192 | m.tokenCookieManager.createSession(req.Username, req.StayLoggedIn, w, r) |
| 193 | w.WriteHeader(http.StatusNoContent) |
| 194 | return |
| 195 | } |
| 196 | |
| 197 | emitLoginAttempt(false, req.Username, r, m.evLogger) |
| 198 | antiBruteForceSleep() |
| 199 | forbidden(w) |
| 200 | } |
| 201 | |
| 202 | func attemptBasicAuth(r *http.Request, guiCfg config.GUIConfiguration, ldapCfg config.LDAPConfiguration, evLogger events.Logger) (string, bool) { |
| 203 | username, password, ok := r.BasicAuth() |
nothing calls this directly
no test coverage detected