bool Utility::isAuthenticated(Poco::OSP::Web::WebSession::Ptr pSession, const Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
if (!pSession || !pSession->has("username") || request.get("X-XSRF-TOKEN", "") != pSession->csrfToken())
{
response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED);
response.setContentLength(0);
response.setChunkedTransferEncoding(false);
response.send();
return false;
}
return true;
}
bool Utility::isAuthenticated(Poco::OSP::Web::WebSession::Ptr pSession, Poco::Net::HTTPServerResponse& response)
{
if (!pSession || !pSession->has("username"))
{
response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_UNAUTHORIZED);
response.setContentLength(0);
response.setChunkedTransferEncoding(false);
response.send();
return false;
}
return true;
}
void ControllerRequestHandler::handleRequest(Poco::Net::HTTPServerRequest& request, Poco::Net::HTTPServerResponse& response)
{
if (request.getURI() == "/favicon.ico")
{
return response.redirect("/images/favicon.ico", Poco::Net::HTTPResponse::HTTP_SEE_OTHER);
}
Poco::OSP::Web::WebSession::Ptr pSession = _pSessionManager->get(_sessionId, request, _sessionTimeout, context());
const std::string loginPage = "/macchina/login";
const std::string launcherPage = "/macchina/launcher";
std::string message;
std::string nextPage;
std::string username;
Poco::Net::HTMLForm form(request, request.stream());
std::string action(form.get("action", ""));
if (action == "login")
{
username = form.get("username", "");
std::string password = form.get("password", "");
if (_pAuthService->authenticate(username, password))
{
if (_logger.information())
{
_logger.information(format("User %s successfully logged in.", username));
}
nextPage = launcherPage;
pSession->set("username", username);
}
else
{
if (_logger.warning())
{
_logger.warning(format("User %s failed authentication.", username));
}
message = "The given username is not known, the password is wrong or the account has been disabled.";
}
}
else if (action == "logout")
{
username = pSession->getValue<std::string>("username", "");
if (!username.empty())
{
if (_logger.information())
{
_logger.information(format("User %s logged out.", username));
}
_pSessionManager->remove(pSession);
}
}
else
{
username = pSession->getValue<std::string>("username", "");
if (!username.empty())
{
nextPage = launcherPage;
}
}
if (!message.empty())
{
pSession->set("message", message);
}
else
{
pSession->erase("message");
}
if (nextPage.empty())
{
nextPage = loginPage;
}
response.setContentLength(0);
response.redirect(nextPage, Poco::Net::HTTPResponse::HTTP_SEE_OTHER);
response.set("Cache-Control", "no-cache");
}
