Documentation ¶
Overview ¶
Package lgn implements an internal login database; users are stored in a JSON file; contains convenience handlers for user retrieval and password change; contains login by hashed URL and login by hash ID; contains profiles - groups of attributes for users. Filename must be given as command line argument or environment variable. Access to the logins data is threadsafe.
Index ¶
- Variables
- func AddTestLogin()
- func ChangePassword(w http.ResponseWriter, r *http.Request) (string, error)
- func ChangePasswordPrimitiveCoreH(w http.ResponseWriter, r *http.Request)
- func ChangePasswordPrimitiveH(w http.ResponseWriter, r *http.Request)
- func ComputeMD5Password(u, p, salt string) string
- func CreateAnonymousIDCoreH(w http.ResponseWriter, r *http.Request)
- func CreateAnonymousIDH(w http.ResponseWriter, r *http.Request)
- func Example() *loginsT
- func FormToken() string
- func GenerateHashIDs(w http.ResponseWriter, r *http.Request)
- func GenerateHashesH(w http.ResponseWriter, r *http.Request)
- func GeneratePassword(length int) string
- func GeneratePasswordH(w http.ResponseWriter, r *http.Request)
- func GeneratePwFromChars(chars []byte, length int) string
- func Get() *loginsT
- func HashIDDecodeFirst(encoded string) int
- func IsFound(err error) bool
- func Load(r io.Reader)
- func LoadH(w http.ResponseWriter, req *http.Request)
- func LoginByHash(w http.ResponseWriter, r *http.Request) (bool, error)
- func LoginPrimitiveCoreH(w http.ResponseWriter, r *http.Request)
- func LoginPrimitiveH(w http.ResponseWriter, r *http.Request)
- func LoginURL(userName, surveyID, waveID, profile string, optHash ...string) string
- func LoginWithoutID(w http.ResponseWriter, r *http.Request)
- func LogoutH(w http.ResponseWriter, r *http.Request) error
- func Md5Str(buf []byte) string
- func OuterHTMLPost(htmlTitle, content string) string
- func Query(userName, surveyID, waveID, profile string, optHash ...string) string
- func ReloadH(w http.ResponseWriter, r *http.Request)
- func SaveH(w http.ResponseWriter, r *http.Request)
- func ShufflesToCSV(w http.ResponseWriter, req *http.Request)
- func ValidateAndLogin(w http.ResponseWriter, r *http.Request) error
- func ValidateFormToken(arg string) error
- type LoginT
Constants ¶
This section is empty.
Variables ¶
var LgnsPath = path.Join(".", "logins.json")
LgnsPath is obtained by ENV variable or command line flag in main package. Being set from the main package. Holds the relative path and filename to look for; could be ".lgn/logins.json". Relative to the app main dir.
Functions ¶
func AddTestLogin ¶
func AddTestLogin()
AddTestLogin adds a systemtest login. This func is only called by test funcs.
func ChangePassword ¶
ChangePassword takes values from request.Form and tries change the user's password. The result is updated in the session "login" type.
func ChangePasswordPrimitiveCoreH ¶
func ChangePasswordPrimitiveCoreH(w http.ResponseWriter, r *http.Request)
ChangePasswordPrimitiveCoreH has *no* outer HTML scaffold - for more, see ChangePasswordPrimitive
func ChangePasswordPrimitiveH ¶
func ChangePasswordPrimitiveH(w http.ResponseWriter, r *http.Request)
ChangePasswordPrimitiveH has outer HTML scaffold - for more, see ChangePasswordPrimitive
func ComputeMD5Password ¶
ComputeMD5Password is deliberately not a method
func CreateAnonymousIDCoreH ¶
func CreateAnonymousIDCoreH(w http.ResponseWriter, r *http.Request)
CreateAnonymousIDCoreH has *no* outer HTML scaffold - for more, see CreateAnonymousID seems unused
func CreateAnonymousIDH ¶
func CreateAnonymousIDH(w http.ResponseWriter, r *http.Request)
CreateAnonymousIDH has outer HTML scaffold - for more, see CreateAnonymousID
func Example ¶
func Example() *loginsT
Example writes a single login to file, to be extended or adapted
func FormToken ¶
func FormToken() string
FormToken returns a form token. User independent. Should we add the user name into the hashed base?
func GenerateHashIDs ¶
func GenerateHashIDs(w http.ResponseWriter, r *http.Request)
GenerateHashIDs encodes integer IDs into a kind of base64 encoded string.
func GenerateHashesH ¶
func GenerateHashesH(w http.ResponseWriter, r *http.Request)
GenerateHashesH is a admin UI to create login hashes for specific survey and user profile. See LoginByHash() for the construction of the check string.
func GeneratePassword ¶
GeneratePassword creates a password of requested length
func GeneratePasswordH ¶
func GeneratePasswordH(w http.ResponseWriter, r *http.Request)
GeneratePasswordH is a convenience func to generate passwords via http request. URL parameter len specifies the password length.
func GeneratePwFromChars ¶
GeneratePwFromChars uses chars to create a password of requested length
func Get ¶
func Get() *loginsT
Get provides access to the logins data. It is essential to return a pointer, otherwise the unlocking of the returned struct does not work.
func HashIDDecodeFirst ¶
HashIDDecodeFirst turns a string into a slice of integers and returns the first integer
func Load ¶
Load reads from a JSON file. No method to loginsT, no pointer receiver; We could only *copy*: *c = *newCfg
func LoadH ¶
func LoadH(w http.ResponseWriter, req *http.Request)
LoadH is a convenience func to reload logins via http request. It reloads logins from json file and checks for a specific login
func LoginByHash ¶
LoginByHash first checks for direct login; extra short and preconfigured in config.json; last part of the path - moved into h;
LoginByHash then takes request values "u" and hash "h" - and not any password; it checks the hash against the values except "h"; any other request parameters are sorted and included into the hashing check; extended by loginsT.Salt. reduced by those in 'exempted';
request values "h" without an "u" are considered direct login attempts, where the hash actually represents a user ID.
On success, function creates a logged in user out of nothing by the name of u. This user gets assigned the params/values as role-names/values.
On wrong hashes, it returns the difference as error. Be careful not to show the error to the end user.
func LoginPrimitiveCoreH ¶
func LoginPrimitiveCoreH(w http.ResponseWriter, r *http.Request)
LoginPrimitiveCoreH has *no* outer HTML scaffold - for more, see loginPrimitive
func LoginPrimitiveH ¶
func LoginPrimitiveH(w http.ResponseWriter, r *http.Request)
LoginPrimitiveH has outer HTML scaffold - for more, see loginPrimitive
func LoginWithoutID ¶
func LoginWithoutID(w http.ResponseWriter, r *http.Request)
LoginWithoutID creates a hash ID and forwards to direct login /d - LoginByHashID
the user ID is created from unix time; plus some in-memory counter
it's called permalink in subsequent logic
it's related to CreateAnonymousID but the ID comes from an internal timestamp plus atomic counter, it is not created from coarse personal attributes (such as first letter of father's name)
func LogoutH ¶
func LogoutH(w http.ResponseWriter, r *http.Request) error
LogoutH is a convenience handler to logout via http request
func Md5Str ¶
Md5Str computes the MD5 hash of a byte slice; MD5 consists 16 bytes of number. We encode these 16 bytes into a Base64 encoded string suitable for URLs. Such Base64-for-URL encoded MD5 hash consist of 23 characters.
Now we want to reduce that length to get short login URLs. The safe line length for emails is 70 character. stackoverflow.com/questions/11794698 suggests maximum size of 70 or 76 characters
We can simply cut off some of the 23 characters, since MD5 has good avalanching properties.
For questionnaires without large monetary rewards, a hash length of 5 => 64^^5 = 1.073.741.824 combinations is sufficient to discourage brute force attacks.
Our URL now has 64 characters: https://survey2.zew.de/?u=1000&sid=fmt&wid=2019-06&h=57I7U&p=12
func OuterHTMLPost ¶
OuterHTMLPost wraps parameter content into a HTML 5 scaffold and a form tag
func Query ¶
Query returns a query fragment, using the expected param names u, sid, wid, h See also userAttrs{}
func ReloadH ¶
func ReloadH(w http.ResponseWriter, r *http.Request)
ReloadH removes the existing questioniare from the session, reading it anew from the questionnaire template JSON file, allowing to start anew
func SaveH ¶
func SaveH(w http.ResponseWriter, r *http.Request)
SaveH is a convenience func to save logins file via http request.
func ShufflesToCSV ¶
func ShufflesToCSV(w http.ResponseWriter, req *http.Request)
ShufflesToCSV computes random but deterministic shufflings for usage outside the app
func ValidateAndLogin ¶
func ValidateAndLogin(w http.ResponseWriter, r *http.Request) error
ValidateAndLogin takes request values "username" and "password". Searches for matching user in the internal JSON database and stores that user into the session under key "login".
func ValidateFormToken ¶
ValidateFormToken checks tokens against current hour - back to n previous hours. Plus one more for bounding glitches / border crossing when the rounding jumps from 12:59 to 13:00. i.e. FormTimeout := 2 lower bound := -4 => Checking token against current hour, previous hour, second previous hour, third previous hour
Types ¶
type LoginT ¶
type LoginT struct { User string `json:"user"` Email string `json:"email"` Group string `json:"-"` // Derived from email domain - or LDAP org Provider string `json:"-"` // twitter, facebook, ... or hash, anonymous/direct, JSON, LDAP Roles map[string]string `json:"roles"` // i.e. admin: true, can only be set via JSON config; therefore safe Attrs map[string]string `json:"attrs"` // i.e. country: Poland, gender: female, height: 188, a few keys can set via URL params, these are unsafe. PassInitial string `json:"pass_initial"` // For first login - unencrypted - grants restricted access to change password only IsInitPassword bool `json:"is_init_password"` // Indicates authentication against PassInitial PassMd5 string `json:"pass_md5,omitempty"` // Encrypted password, created from login, permanent password, salt }
LoginT must be exported, *not* because we need to pass a type to sessx.GetObject
loginIntf, ok := sess.EffectiveObj(key) if !ok { // log.Printf("key %v for LoginT{} is not in session", key) return &LoginT{}, false, nil } l, ok := loginIntf.(LoginT) if !ok { return &LoginT{}, false, fmt.Errorf("key %v for LoginT{} does not point to lgn.LoginT{} - but to %T", key, loginIntf) }
but because we need to declare variables of this type
type TplDataT struct { ... L lgn.LoginT ... }
func FromSession ¶
FromSession loads a login from session; second return value contains 'is set'.
func LoggedInCheck ¶
func LoggedInCheck(w io.Writer, r *http.Request, roles ...string) (l *LoginT, loggedIn bool, err error)
LoggedInCheck checks, whether as user is logged in, and checks whether he has the required roles; l is always initialized and never nil
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package shuffler creates slices of integers random, but reproducible; based on the ID of the user; classes of users see the same random order each time they visit; each page has a different randomization of appropriate length.
|
Package shuffler creates slices of integers random, but reproducible; based on the ID of the user; classes of users see the same random order each time they visit; each page has a different randomization of appropriate length. |