From 1fc12dd8ba2238eba7d154eee55e1381e7415372 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Tue, 20 Oct 2015 14:49:42 -0700 Subject: Multi-session login --- api/context.go | 124 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 73 insertions(+), 51 deletions(-) (limited to 'api/context.go') diff --git a/api/context.go b/api/context.go index e5ef8b312..28d6951da 100644 --- a/api/context.go +++ b/api/context.go @@ -8,6 +8,7 @@ import ( "net" "net/http" "net/url" + "strconv" "strings" l4g "code.google.com/p/log4go" @@ -19,23 +20,24 @@ import ( var sessionCache *utils.Cache = utils.NewLru(model.SESSION_CACHE_SIZE) type Context struct { - Session model.Session - RequestId string - IpAddress string - Path string - Err *model.AppError - teamURLValid bool - teamURL string - siteURL string + Session model.Session + RequestId string + IpAddress string + Path string + Err *model.AppError + teamURLValid bool + teamURL string + siteURL string + SessionTokenIndex int64 } type Page struct { - TemplateName string - Props map[string]string - ClientCfg map[string]string - User *model.User - Team *model.Team - SessionTokenHash string + TemplateName string + Props map[string]string + ClientCfg map[string]string + User *model.User + Team *model.Team + SessionTokenIndex int64 } func ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { @@ -99,29 +101,37 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // Attempt to parse the token from the cookie if len(token) == 0 { - if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { - multiToken := cookie.Value - - fmt.Println(">>>>>>>> multiToken: " + multiToken) - - if len(multiToken) > 0 { - tokens := strings.Split(multiToken, " ") - - // If there is only 1 token in the cookie then just use it like normal - if len(tokens) == 1 { - token = multiToken + tokens := GetMultiSessionCookie(r) + if len(tokens) > 0 { + // If there is only 1 token in the cookie then just use it like normal + if len(tokens) == 1 { + token = tokens[0] + } else { + // If it is a multi-session token then find the correct session + sessionTokenIndexStr := r.URL.Query().Get(model.SESSION_TOKEN_INDEX) + sessionTokenIndex := int64(-1) + if len(sessionTokenIndexStr) > 0 { + if index, err := strconv.ParseInt(sessionTokenIndexStr, 10, 64); err == nil { + sessionTokenIndex = index + } } else { - // If it is a multi-session token then find the correct session - sessionTokenHash := r.Header.Get(model.HEADER_MM_SESSION_TOKEN_HASH) - fmt.Println(">>>>>>>> sessionHash: " + sessionTokenHash + " url=" + r.URL.Path) - for _, t := range tokens { - if sessionTokenHash == model.HashPassword(t) { - token = token - break + sessionTokenIndexStr := r.Header.Get(model.HEADER_MM_SESSION_TOKEN_INDEX) + if len(sessionTokenIndexStr) > 0 { + if index, err := strconv.ParseInt(sessionTokenIndexStr, 10, 64); err == nil { + sessionTokenIndex = index } } } + + if sessionTokenIndex >= 0 && sessionTokenIndex < int64(len(tokens)) { + token = tokens[sessionTokenIndex] + c.SessionTokenIndex = sessionTokenIndex + } else { + c.SessionTokenIndex = -1 + } } + } else { + c.SessionTokenIndex = -1 } } @@ -200,7 +210,6 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Write([]byte(c.Err.ToJson())) } else { if c.Err.StatusCode == http.StatusUnauthorized { - fmt.Println("!!!!!!!!!!!!!!!! url=" + r.URL.Path) http.Redirect(w, r, c.GetTeamURL()+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect) } else { RenderWebError(c.Err, w, r) @@ -332,20 +341,30 @@ func (c *Context) IsTeamAdmin() bool { func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) { - multiToken := "" - if oldMultiCookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { - multiToken = oldMultiCookie.Value - } + // multiToken := "" + // if oldMultiCookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { + // multiToken = oldMultiCookie.Value + // } - multiCookie := &http.Cookie{ + // multiCookie := &http.Cookie{ + // Name: model.SESSION_COOKIE_TOKEN, + // Value: strings.TrimSpace(strings.Replace(multiToken, c.Session.Token, "", -1)), + // Path: "/", + // MaxAge: model.SESSION_TIME_WEB_IN_SECS, + // HttpOnly: true, + // } + + //http.SetCookie(w, multiCookie) + + cookie := &http.Cookie{ Name: model.SESSION_COOKIE_TOKEN, - Value: strings.TrimSpace(strings.Replace(multiToken, c.Session.Token, "", -1)), + Value: "", Path: "/", - MaxAge: model.SESSION_TIME_WEB_IN_SECS, + MaxAge: -1, HttpOnly: true, } - http.SetCookie(w, multiCookie) + http.SetCookie(w, cookie) } func (c *Context) SetInvalidParam(where string, name string) { @@ -508,24 +527,27 @@ func GetSession(token string) *model.Session { return session } -func FindMultiSessionForTeamId(r *http.Request, teamId string) *model.Session { - +func GetMultiSessionCookie(r *http.Request) []string { if multiCookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { multiToken := multiCookie.Value if len(multiToken) > 0 { - tokens := strings.Split(multiToken, " ") + return strings.Split(multiToken, " ") + } + } - for _, token := range tokens { - s := GetSession(token) - if s != nil && !s.IsExpired() && s.TeamId == teamId { - return s - } - } + return []string{} +} + +func FindMultiSessionForTeamId(r *http.Request, teamId string) (int64, *model.Session) { + for index, token := range GetMultiSessionCookie(r) { + s := GetSession(token) + if s != nil && !s.IsExpired() && s.TeamId == teamId { + return int64(index), s } } - return nil + return -1, nil } func AddSessionToCache(session *model.Session) { -- cgit v1.2.3-1-g7c22