Example #1
0
bool Utility::isAuthenticated(Poco::OSP::Web::WebSession::Ptr pSession, const Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
	if (!pSession || !pSession->has("username") || request.get("X-XSRF-TOKEN", "") != pSession->csrfToken())
	{
		response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED);
		response.setContentLength(0);
		response.setChunkedTransferEncoding(false);
		response.send();
		return false;
	}
	return true;
}
Example #2
0
bool Utility::isAuthenticated(Poco::OSP::Web::WebSession::Ptr pSession, Poco::Net::HTTPServerResponse& response)
{
    if (!pSession || !pSession->has("username"))
    {
        response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED);
        response.setContentLength(0);
        response.setChunkedTransferEncoding(false);
        response.send();
        return false;
    }
    return true;
}
void ControllerRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
	if (request.getURI() == "/favicon.ico")
	{
		return response.redirect("/images/favicon.ico", Poco::Net::HTTPResponse::HTTP_SEE_OTHER);
	}

	Poco::OSP::Web::WebSession::Ptr pSession = _pSessionManager->get(_sessionId, request, _sessionTimeout, context());

	const std::string loginPage = "/macchina/login";
	const std::string launcherPage = "/macchina/launcher";

	std::string message;
	std::string nextPage;
	std::string username;
	Poco::Net::HTMLForm form(request, request.stream());
	std::string action(form.get("action", ""));
	
	if (action == "login")
	{
		username = form.get("username", "");
		std::string password = form.get("password", "");
		if (_pAuthService->authenticate(username, password))
		{
			if (_logger.information())
			{
				_logger.information(format("User %s successfully logged in.", username));
			}
			nextPage = launcherPage;
			pSession->set("username", username);
		}
		else
		{
			if (_logger.warning())
			{
				_logger.warning(format("User %s failed authentication.", username));
			}
			message = "The given username is not known, the password is wrong or the account has been disabled.";
		}
	}
	else if (action == "logout")
	{
		username = pSession->getValue<std::string>("username", "");
		if (!username.empty())
		{
			if (_logger.information())
			{
				_logger.information(format("User %s logged out.", username));
			}
			_pSessionManager->remove(pSession);
		}
	}
	else
	{
		username = pSession->getValue<std::string>("username", "");
		if (!username.empty())
		{
			nextPage = launcherPage;
		}
	}
	
	if (!message.empty())
	{
		pSession->set("message", message);
	}
	else
	{
		pSession->erase("message");
	}
	
	if (nextPage.empty())
	{
		nextPage = loginPage;
	}
	response.setContentLength(0);
	response.redirect(nextPage, Poco::Net::HTTPResponse::HTTP_SEE_OTHER);
	response.set("Cache-Control", "no-cache");
}