Authenticate
(msg *ClientComMessage)
| 918 | |
| 919 | // Authenticate |
| 920 | func (s *Session) login(msg *ClientComMessage) { |
| 921 | // msg.from is ignored here |
| 922 | |
| 923 | if msg.Login.Scheme == "reset" { |
| 924 | if err := s.authSecretReset(msg.Login.Secret); err != nil { |
| 925 | s.queueOut(decodeStoreError(err, msg.Id, msg.Timestamp, nil)) |
| 926 | } else { |
| 927 | s.queueOut(InfoAuthReset(msg.Id, msg.Timestamp)) |
| 928 | } |
| 929 | return |
| 930 | } |
| 931 | |
| 932 | if !s.uid.IsZero() { |
| 933 | // TODO: change error to notice InfoNoChange and return current user ID & auth level |
| 934 | // params := map[string]interface{}{"user": s.uid.UserId(), "authlvl": s.authLevel.String()} |
| 935 | s.queueOut(ErrAlreadyAuthenticated(msg.Id, "", msg.Timestamp)) |
| 936 | return |
| 937 | } |
| 938 | |
| 939 | handler := store.Store.GetLogicalAuthHandler(msg.Login.Scheme) |
| 940 | if handler == nil { |
| 941 | logs.Warn.Println("s.login: unknown authentication scheme", msg.Login.Scheme, s.sid) |
| 942 | s.queueOut(ErrAuthUnknownScheme(msg.Id, "", msg.Timestamp)) |
| 943 | return |
| 944 | } |
| 945 | |
| 946 | rec, challenge, err := handler.Authenticate(msg.Login.Secret, s.remoteAddr) |
| 947 | if err != nil { |
| 948 | resp := decodeStoreError(err, msg.Id, msg.Timestamp, nil) |
| 949 | if resp.Ctrl.Code >= 500 { |
| 950 | // Log internal errors |
| 951 | logs.Warn.Println("s.login: internal", err, s.sid) |
| 952 | } |
| 953 | s.queueOut(resp) |
| 954 | return |
| 955 | } |
| 956 | |
| 957 | // If authenticator did not check user state, it returns state "undef". If so, check user state here. |
| 958 | if rec.State == types.StateUndefined { |
| 959 | rec.State, err = userGetState(rec.Uid) |
| 960 | } |
| 961 | if err == nil && rec.State != types.StateOK { |
| 962 | err = types.ErrPermissionDenied |
| 963 | } |
| 964 | |
| 965 | if err != nil { |
| 966 | logs.Warn.Println("s.login: user state check failed", rec.Uid, err, s.sid) |
| 967 | s.queueOut(decodeStoreError(err, msg.Id, msg.Timestamp, nil)) |
| 968 | return |
| 969 | } |
| 970 | |
| 971 | if challenge != nil { |
| 972 | // Multi-stage authentication. Issue challenge to the client. |
| 973 | s.queueOut(InfoChallenge(msg.Id, msg.Timestamp, challenge)) |
| 974 | return |
| 975 | } |
| 976 | |
| 977 | var missing []string |
nothing calls this directly
no test coverage detected