fix: cookie-auth-issues (#365)

* fix session clearing on error * use singleton context to manage user state * implement remember-me functionality * fix errors * fix more errors
2023-03-22 21:52:25 -08:00 · 2023-03-22 21:52:25 -08:00 · faed343eda
commit faed343eda
parent ed1230e17d
24 changed files with 175 additions and 89 deletions
--- a/backend/app/api/demo.go
+++ b/backend/app/api/demo.go
@ -25,7 +25,7 @@ func (a *app) SetupDemo() {
 	}

 	// First check if we've already setup a demo user and skip if so
-	_, err := a.services.User.Login(context.Background(), registration.Email, registration.Password)
+	_, err := a.services.User.Login(context.Background(), registration.Email, registration.Password, false)
 	if err == nil {
 		return
 	}
@ -36,7 +36,7 @@ func (a *app) SetupDemo() {
 		log.Fatal().Msg("Failed to setup demo")
 	}

-	token, _ := a.services.User.Login(context.Background(), registration.Email, registration.Password)
+	token, _ := a.services.User.Login(context.Background(), registration.Email, registration.Password, false)
 	self, _ := a.services.User.GetSelf(context.Background(), token.Raw)

 	_, err = a.services.Items.CsvImport(context.Background(), self.GroupID, strings.NewReader(csvText))
--- a/backend/app/api/handlers/v1/v1_ctrl_auth.go
+++ b/backend/app/api/handlers/v1/v1_ctrl_auth.go
@ -21,8 +21,9 @@ type (
 	}

 	LoginForm struct {
-		Username string `json:"username"`
-		Password string `json:"password"`
+		Username     string `json:"username"`
+		Password     string `json:"password"`
+		StayLoggedIn bool   `json:"stayLoggedIn"`
 	}
 )

@ -34,6 +35,7 @@ type (
 //	@Accept  application/json
 //	@Param   username formData string false "string" example(admin@admin.com)
 //	@Param   password formData string false "string" example(admin)
+//	@Param    payload body     LoginForm true "Login Data"
 //	@Produce json
 //	@Success 200 {object} TokenResponse
 //	@Router  /v1/users/login [POST]
@ -50,6 +52,7 @@ func (ctrl *V1Controller) HandleAuthLogin() errchain.HandlerFunc {

 			loginForm.Username = r.PostFormValue("username")
 			loginForm.Password = r.PostFormValue("password")
+			loginForm.StayLoggedIn = r.PostFormValue("stayLoggedIn") == "true"
 		case "application/json":
 			err := server.Decode(r, loginForm)
 			if err != nil {
@ -73,7 +76,7 @@ func (ctrl *V1Controller) HandleAuthLogin() errchain.HandlerFunc {
 			)
 		}

-		newToken, err := ctrl.svc.User.Login(r.Context(), strings.ToLower(loginForm.Username), loginForm.Password)
+		newToken, err := ctrl.svc.User.Login(r.Context(), strings.ToLower(loginForm.Username), loginForm.Password, loginForm.StayLoggedIn)
 		if err != nil {
 			return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
 		}
--- a/backend/app/api/static/docs/docs.go
+++ b/backend/app/api/static/docs/docs.go
@ -1575,6 +1575,15 @@ const docTemplate = `{
                        "description": "string",
                        "name": "password",
                        "in": "formData"
+                    },
+                    {
+                        "description": "Login Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/v1.LoginForm"
+                        }
                    }
                ],
                "responses": {
@ -2761,6 +2770,20 @@ const docTemplate = `{
                }
            }
        },
+        "v1.LoginForm": {
+            "type": "object",
+            "properties": {
+                "password": {
+                    "type": "string"
+                },
+                "stayLoggedIn": {
+                    "type": "boolean"
+                },
+                "username": {
+                    "type": "string"
+                }
+            }
+        },
        "v1.TokenResponse": {
            "type": "object",
            "properties": {
--- a/backend/app/api/static/docs/swagger.json
+++ b/backend/app/api/static/docs/swagger.json
@ -1567,6 +1567,15 @@
                        "description": "string",
                        "name": "password",
                        "in": "formData"
+                    },
+                    {
+                        "description": "Login Data",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/v1.LoginForm"
+                        }
                    }
                ],
                "responses": {
@ -2753,6 +2762,20 @@
                }
            }
        },
+        "v1.LoginForm": {
+            "type": "object",
+            "properties": {
+                "password": {
+                    "type": "string"
+                },
+                "stayLoggedIn": {
+                    "type": "boolean"
+                },
+                "username": {
+                    "type": "string"
+                }
+            }
+        },
        "v1.TokenResponse": {
            "type": "object",
            "properties": {
--- a/backend/app/api/static/docs/swagger.yaml
+++ b/backend/app/api/static/docs/swagger.yaml
@ -676,6 +676,15 @@ definitions:
      token:
        type: string
    type: object
+  v1.LoginForm:
+    properties:
+      password:
+        type: string
+      stayLoggedIn:
+        type: boolean
+      username:
+        type: string
+    type: object
  v1.TokenResponse:
    properties:
      attachmentToken:
@ -1642,6 +1651,12 @@ paths:
        in: formData
        name: password
        type: string
+      - description: Login Data
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/v1.LoginForm'
      produces:
      - application/json
      responses: