Mirrors/gomuks
1
0
Fork 1
mirror of https://github.com/tulir/gomuks.git synced 2025-04-20 10:33:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

server: log auth result

Browse source
This commit is contained in:
Tulir Asokan 2024-10-28 18:02:54 +02:00
parent 97b9f3248f
commit 709428616b
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/gomuks/server.go
View file

@ -178,9 +178,11 @@ func (gmx *Gomuks) writeTokenCookie(w http.ResponseWriter) {
func (gmx *Gomuks) Authenticate(w http.ResponseWriter, r *http.Request) { func (gmx *Gomuks) Authenticate(w http.ResponseWriter, r *http.Request) {
authCookie, err := r.Cookie("gomuks_auth") authCookie, err := r.Cookie("gomuks_auth")
if err == nil && gmx.validateAuth(authCookie.Value, false) { if err == nil && gmx.validateAuth(authCookie.Value, false) {
hlog.FromRequest(r).Debug().Msg("Authentication successful with existing cookie")
gmx.writeTokenCookie(w) gmx.writeTokenCookie(w)
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
} else if username, password, ok := r.BasicAuth(); !ok { } else if username, password, ok := r.BasicAuth(); !ok {
hlog.FromRequest(r).Debug().Msg("Requesting credentials for auth request")
w.Header().Set("WWW-Authenticate", `Basic realm="gomuks web" charset="UTF-8"`) w.Header().Set("WWW-Authenticate", `Basic realm="gomuks web" charset="UTF-8"`)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
} else { } else {
@ -189,9 +191,11 @@ func (gmx *Gomuks) Authenticate(w http.ResponseWriter, r *http.Request) {
usernameCorrect := hmac.Equal(usernameHash[:], expectedUsernameHash[:]) usernameCorrect := hmac.Equal(usernameHash[:], expectedUsernameHash[:])
passwordCorrect := bcrypt.CompareHashAndPassword([]byte(gmx.Config.Web.PasswordHash), []byte(password)) == nil passwordCorrect := bcrypt.CompareHashAndPassword([]byte(gmx.Config.Web.PasswordHash), []byte(password)) == nil
if usernameCorrect && passwordCorrect { if usernameCorrect && passwordCorrect {
hlog.FromRequest(r).Debug().Msg("Authentication successful with username and password")
gmx.writeTokenCookie(w) gmx.writeTokenCookie(w)
w.WriteHeader(http.StatusCreated) w.WriteHeader(http.StatusCreated)
} else { } else {
hlog.FromRequest(r).Debug().Msg("Authentication failed with username and password, re-requesting credentials")
w.Header().Set("WWW-Authenticate", `Basic realm="gomuks web" charset="UTF-8"`) w.Header().Set("WWW-Authenticate", `Basic realm="gomuks web" charset="UTF-8"`)
w.WriteHeader(http.StatusUnauthorized) w.WriteHeader(http.StatusUnauthorized)
} }