From 63a690903c029fd70b093fd5d51de0053acf472c Mon Sep 17 00:00:00 2001
From: Matthew Dillon <mrdillon@alaska.edu>
Date: Tue, 13 Jan 2015 15:57:17 -0900
Subject: [PATCH] Dropping cookie, stick with headers.
---
api/auth.go | 18 +++++-------------
api/server_for_test.go | 15 ++++++++++-----
api/users.go | 11 +++--------
models/users.go | 1 +
4 files changed, 19 insertions(+), 26 deletions(-)
diff --git a/api/auth.go b/api/auth.go
index baf647d..6dbb074 100644
--- a/api/auth.go
+++ b/api/auth.go
@@ -6,6 +6,7 @@ import (
"io/ioutil"
"log"
"net/http"
+ "strings"
"github.com/dgrijalva/jwt-go"
"github.com/gorilla/mux"
@@ -56,26 +57,17 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Even though writeJSON sets the content type, we need to set it here because
// calls to WriteHeader write out the entire header.
w.Header().Set("content-type", "application/json; charset=utf-8")
- tokenCookie, err := r.Cookie(tokenName)
- switch {
- case err == http.ErrNoCookie:
- w.WriteHeader(http.StatusUnauthorized)
- writeJSON(w, Error{errPleaseLogIn})
- return
- case err != nil:
- w.WriteHeader(http.StatusInternalServerError)
- writeJSON(w, Error{errWhileParsingCookie})
- return
- }
- if tokenCookie.Value == "" {
+ authHeader := r.Header.Get("Authorization")
+ if authHeader == "" {
w.WriteHeader(http.StatusUnauthorized)
writeJSON(w, Error{errPleaseLogIn})
return
}
+ s := strings.Split(authHeader, " ")
// Validate the token
- token, err := jwt.Parse(tokenCookie.Value, func(token *jwt.Token) (interface{}, error) {
+ token, err := jwt.Parse(s[1], func(token *jwt.Token) (interface{}, error) {
return verifyKey, nil
})
diff --git a/api/server_for_test.go b/api/server_for_test.go
index 04b9d78..f5f9361 100644
--- a/api/server_for_test.go
+++ b/api/server_for_test.go
@@ -2,9 +2,10 @@ package api
import (
"bytes"
+ "encoding/json"
+ "fmt"
"io/ioutil"
"net/http"
- "net/http/cookiejar"
"net/http/httptest"
"net/url"
@@ -18,13 +19,12 @@ func init() {
}
var (
- serveMux = http.NewServeMux()
- cookieJar, _ = cookiejar.New(nil)
- httpClient = http.Client{
+ serveMux = http.NewServeMux()
+ httpClient = http.Client{
Transport: (*muxTransport)(serveMux),
- Jar: cookieJar,
}
apiClient = models.NewClient(&httpClient)
+ testToken models.UserSession
)
func setup() {
@@ -34,6 +34,10 @@ func setup() {
resp, _ := httpClient.PostForm(u.String(),
url.Values{"username": {"test_user"}, "password": {"password"}})
defer resp.Body.Close()
+
+ if err := json.NewDecoder(resp.Body).Decode(&testToken); err != nil {
+ panic(err)
+ }
}
type muxTransport http.ServeMux
@@ -43,6 +47,7 @@ type muxTransport http.ServeMux
func (t *muxTransport) RoundTrip(req *http.Request) (*http.Response, error) {
rw := httptest.NewRecorder()
rw.Body = new(bytes.Buffer)
+ req.Header.Set("Authorization", fmt.Sprintf("Bearer %v", testToken.Token))
(*http.ServeMux)(t).ServeHTTP(rw, req)
return &http.Response{
StatusCode: rw.Code,
diff --git a/api/users.go b/api/users.go
index c354275..c53f5c5 100644
--- a/api/users.go
+++ b/api/users.go
@@ -68,6 +68,7 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) error {
user_session, err := store.Users.Authenticate(username, password)
if err != nil {
+ w.WriteHeader(http.StatusUnauthorized)
return err
}
@@ -77,16 +78,10 @@ func serveAuthenticateUser(w http.ResponseWriter, r *http.Request) error {
t.Claims["exp"] = time.Now().Add(time.Minute * 1).Unix()
tokenString, err := t.SignedString(signKey)
if err != nil {
- w.WriteHeader(http.StatusInternalServerError)
+ w.WriteHeader(http.StatusUnauthorized)
return err
}
-
- http.SetCookie(w, &http.Cookie{
- Name: tokenName,
- Value: tokenString,
- Path: "/",
- RawExpires: "0",
- })
+ user_session.Token = tokenString
return writeJSON(w, user_session)
}
diff --git a/models/users.go b/models/users.go
index 5a95df1..3b23b35 100644
--- a/models/users.go
+++ b/models/users.go
@@ -53,6 +53,7 @@ type UsersService interface {
}
type UserSession struct {
+ Token string `json:"token"`
AccessLevel string `json:"access_level"`
Genus string `json:"genus"`
}