diff --git a/src/bunker.go b/src/bunker.go index 5d4694a..b347b90 100644 --- a/src/bunker.go +++ b/src/bunker.go @@ -132,8 +132,8 @@ func (e mainEnv) setupRouter() *httprouter.Router { router.GET("/v1/login/:mode/:address", e.userLogin) router.GET("/v1/enter/:mode/:address/:tmp", e.userLoginEnter) - router.POST("/v1/xtoken/:token", e.userNewToken) - router.GET("/v1/xtoken/:xtoken", e.userCheckToken) + router.POST("/v1/xtoken/:token", e.userNewXtoken) + router.GET("/v1/xtoken/:xtoken", e.userCheckXtoken) router.GET("/v1/consent/:mode/:address", e.consentAllUserRecords) router.GET("/v1/consent/:mode/:address/:brief", e.consentUserRecord) diff --git a/src/bunker_test.go b/src/bunker_test.go index 26cd1ab..c877157 100644 --- a/src/bunker_test.go +++ b/src/bunker_test.go @@ -63,7 +63,7 @@ func TestCreateAPIUser(t *testing.T) { request.Header.Set("X-Bunker-Token", rootToken) //var resp http.ResponseWriter rr = httptest.NewRecorder() - e.userNewToken(rr, request, ps2) + e.userNewXtoken(rr, request, ps2) //fmt.Printf("after create token------------------\n%s\n\n\n", rr.Body) err = json.Unmarshal(rr.Body.Bytes(), &raw) if err != nil { @@ -91,7 +91,7 @@ func TestCreateAPIUser(t *testing.T) { p3 := httprouter.Param{"xtoken", tokenUUID} ps3 := []httprouter.Param{p3} - e.userCheckToken(rr, request, ps3) + e.userCheckXtoken(rr, request, ps3) fmt.Printf("get by token------------------\n%s\n\n\n", rr.Body) err = json.Unmarshal(rr.Body.Bytes(), &raw) if err != nil { diff --git a/src/consent_api.go b/src/consent_api.go index 8dca0c5..dffb4ee 100644 --- a/src/consent_api.go +++ b/src/consent_api.go @@ -104,9 +104,9 @@ func (e mainEnv) consentCancel(w http.ResponseWriter, r *http.Request, ps httpro } } // make sure that user is logged in here, unless he wants to cancel emails - if e.enforceAuth(w, r, event) == false { - return - } + //if e.enforceAuth(w, r, event) == false { + // return + //} switch mode { case "email": address = normalizeEmail(address) diff --git a/src/users_api.go b/src/users_api.go index 685c210..9350a07 100644 --- a/src/users_api.go +++ b/src/users_api.go @@ -257,32 +257,28 @@ func (e mainEnv) userLoginEnter(w http.ResponseWriter, r *http.Request, ps httpr } userBson, err := e.db.lookupUserRecordByIndex(mode, address, e.conf) - if err != nil { + if userBson == nil || err != nil { returnError(w, r, "internal error", 405, err, event) return } - if userBson != nil { - userTOKEN := userBson["token"].(string) - event.Record = userTOKEN - fmt.Printf("Found user record: %s\n", userTOKEN) - tmpCode := userBson["tempcode"].(string) - if tmp == tmpCode { - // user ented correct key - // generate temp user access code - xtoken, err := e.db.generateUserLoginXToken(userTOKEN) - fmt.Printf("generate user access token: %s\n", xtoken) - if err != nil { - returnError(w, r, "internal error", 405, err, event) - return - } - w.Header().Set("Content-Type", "application/json; charset=utf-8") - w.WriteHeader(200) - fmt.Fprintf(w, `{"status":"ok","xtoken":"%s","token":"%s"}`, xtoken, userTOKEN) + userTOKEN := userBson["token"].(string) + event.Record = userTOKEN + fmt.Printf("Found user record: %s\n", userTOKEN) + tmpCode := userBson["tempcode"].(string) + if tmp == tmpCode { + // user ented correct key + // generate temp user access code + xtoken, err := e.db.generateUserLoginXToken(userTOKEN) + fmt.Printf("generate user access token: %s\n", xtoken) + if err != nil { + returnError(w, r, "internal error", 405, err, event) return } + w.Header().Set("Content-Type", "application/json; charset=utf-8") + w.WriteHeader(200) + fmt.Fprintf(w, `{"status":"ok","xtoken":"%s","token":"%s"}`, xtoken, userTOKEN) + return } - w.Header().Set("Content-Type", "application/json; charset=utf-8") - w.WriteHeader(200) - fmt.Fprintf(w, `{"status":"ok","token":""}`) + returnError(w, r, "internal error", 405, nil, event) } diff --git a/src/utils.go b/src/utils.go index ef8d87b..ef3d791 100644 --- a/src/utils.go +++ b/src/utils.go @@ -222,7 +222,7 @@ func (e mainEnv) enforceAuth(w http.ResponseWriter, r *http.Request, event *audi } } /* - if e.db.checkToken(token[0]) == true { + if e.db.checkXtoken(token[0]) == true { if event != nil { event.Identity = "admin" } diff --git a/src/xtokens_api.go b/src/xtokens_api.go index f3522f8..3a3a021 100644 --- a/src/xtokens_api.go +++ b/src/xtokens_api.go @@ -11,9 +11,9 @@ import ( "github.com/tidwall/gjson" ) -func (e mainEnv) userNewToken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (e mainEnv) userNewXtoken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { userTOKEN := ps.ByName("token") - event := audit("create user temp access by token", userTOKEN, "token", userTOKEN) + event := audit("create xtoken for user token", userTOKEN, "token", userTOKEN) defer func() { event.submit(e.db) }() if enforceUUID(w, userTOKEN, event) == false { @@ -71,9 +71,9 @@ func (e mainEnv) userNewToken(w http.ResponseWriter, r *http.Request, ps httprou fmt.Fprintf(w, `{"status":"ok","xtoken":%q}`, xtokenUUID) } -func (e mainEnv) userCheckToken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { +func (e mainEnv) userCheckXtoken(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { xtoken := ps.ByName("xtoken") - event := audit("get record by user temp access token", xtoken, "xtoken", xtoken) + event := audit("get record by xtoken", xtoken, "xtoken", xtoken) defer func() { event.submit(e.db) }() if enforceUUID(w, xtoken, event) == false { diff --git a/src/xtokens_db.go b/src/xtokens_db.go index ef2194d..dde8f13 100644 --- a/src/xtokens_db.go +++ b/src/xtokens_db.go @@ -116,7 +116,7 @@ func (dbobj dbcon) generateUserLoginXToken(userTOKEN string) (string, error) { return tokenUUID, nil } -func (dbobj dbcon) checkToken(tokenUUID string) bool { +func (dbobj dbcon) checkXtoken(tokenUUID string) bool { //fmt.Printf("Token0 %s\n", tokenUUID) if isValidUUID(tokenUUID) == false { return false @@ -153,7 +153,7 @@ func (dbobj dbcon) checkUserAuthXToken(xtokenUUID string) (tokenAuthResult, erro // tokenType = temp now := int32(time.Now().Unix()) if now > record["endtime"].(int32) { - return result, errors.New("token expired") + return result, errors.New("xtoken expired") } result.token = record["token"].(string) if value, ok := record["fields"]; ok {