Authenticate checks validity of provided short code. The secret is structured as : : , "123456:email:alice@example.com".
(secret []byte, remoteAddr string)
| 87 | // Authenticate checks validity of provided short code. |
| 88 | // The secret is structured as <code>:<cred_method>:<cred_value>, "123456:email:alice@example.com". |
| 89 | func (ca *authenticator) Authenticate(secret []byte, remoteAddr string) (*auth.Rec, []byte, error) { |
| 90 | parts := strings.SplitN(string(secret), ":", 2) |
| 91 | if len(parts) != 2 { |
| 92 | return nil, nil, types.ErrMalformed |
| 93 | } |
| 94 | |
| 95 | code, cred := parts[0], parts[1] |
| 96 | key := sanitizeKey(realName + "_" + cred) |
| 97 | |
| 98 | value, err := store.PCache.Get(key) |
| 99 | if err != nil { |
| 100 | if err == types.ErrNotFound { |
| 101 | err = types.ErrFailed |
| 102 | } |
| 103 | return nil, nil, err |
| 104 | } |
| 105 | |
| 106 | // code:count:uid |
| 107 | parts = strings.Split(value, ":") |
| 108 | if len(parts) != 3 { |
| 109 | return nil, nil, types.ErrInternal |
| 110 | } |
| 111 | |
| 112 | count, err := strconv.Atoi(parts[1]) |
| 113 | if err != nil { |
| 114 | return nil, nil, types.ErrInternal |
| 115 | } |
| 116 | |
| 117 | if count >= ca.maxRetries { |
| 118 | return nil, nil, types.ErrFailed |
| 119 | } |
| 120 | |
| 121 | if parts[0] != code { |
| 122 | // Update count of attempts. If the update fails, the error is ignored. |
| 123 | store.PCache.Upsert(key, parts[0]+":"+strconv.Itoa(count+1)+":"+parts[2], false) |
| 124 | return nil, nil, types.ErrFailed |
| 125 | } |
| 126 | |
| 127 | // Success. Remove no longer needed entry. The error is ignored here. |
| 128 | if err = store.PCache.Delete(key); err != nil { |
| 129 | logs.Warn.Println("code_auth: error deleting key", key, err) |
| 130 | } |
| 131 | |
| 132 | return &auth.Rec{ |
| 133 | Uid: types.ParseUid(parts[2]), |
| 134 | AuthLevel: auth.LevelNone, |
| 135 | Lifetime: auth.Duration(ca.lifetime), |
| 136 | Features: auth.FeatureNoLogin, |
| 137 | State: types.StateUndefined, |
| 138 | Credential: cred}, nil, nil |
| 139 | } |
| 140 | |
| 141 | // GenSecret generates a new code. |
| 142 | func (ca *authenticator) GenSecret(rec *auth.Rec) ([]byte, time.Time, error) { |