-
Notifications
You must be signed in to change notification settings - Fork 209
Remember me module
frederikhors edited this page Apr 11, 2019
·
2 revisions
Page under construction...
Discussed here: https://github.com/volatiletech/authboss/issues/227.
Reading this answer (https://stackoverflow.com/questions/244882/what-is-the-best-way-to-implement-remember-me-for-a-website/244907#244907) we can do something like this in authboss:
If the series is present but the token does not match, a theft is assumed. The user receives a strongly worded warning and all of the user's remembered sessions are deleted.
The below code comes from https://github.com/volatiletech/authboss-sample.
func (m DBStorer) DelRememberTokens(ctx context.Context, pid string) error {
authToken := new(AuthToken)
if _, err := DB.Model(authToken).Where("pid = ?", pid).Delete(); err != nil {
return err
}
return nil
}
func (m DBStorer) UseRememberToken(ctx context.Context, pid, token string) error {
authToken := new(AuthToken)
// -------> JUST SEARCH FOR PID HERE
if err := DB.Model(authToken).Where("pid = ?", pid).Limit(1); err != nil {
log.Println(err)
return authboss.ErrTokenNotFound
}
// theft prevention (https://stackoverflow.com/a/244907/10088259)
// -------> SEARCH FOR PID AND TOKEN HERE
if err := DB.Model(authToken).Where("pid = ?", pid).Where("token = ?", token).Select(); err != nil {
// ----------------> IF NO TOKEN FOR THIS PID DELETE ALL!
_ = m.DelRememberTokens(ctx, pid)
log.Println(err)
return authboss.ErrTokenNotFound
}
if _, err := DB.Model(authToken).Where("pid = ?", pid).Where("token = ?", token).Delete(); err != nil {
log.Println(err)
return err
}
return nil
}