1package webauth

2

3import (

4 "context"

5 "errors"

6

7 "github.com/mjl-/mox/mlog"

8 "github.com/mjl-/mox/store"

9)

10

11// AccountAuth is for user accounts, with username/password, and sessions stored in

12// memory and in the database with lifetimes that are automatically extended.

13var Accounts SessionAuth = accountSessionAuth{}

14

15type accountSessionAuth struct{}

16

17func (accountSessionAuth) login(ctx context.Context, log mlog.Log, username, password string) (valid, disabled bool, accName string, rerr error) {

18 acc, accName, err := store.OpenEmailAuth(log, username, password, true)

19 if err != nil && errors.Is(err, store.ErrUnknownCredentials) {

20 return false, false, accName, nil

21 } else if err != nil && errors.Is(err, store.ErrLoginDisabled) {

22 return false, true, accName, err // Returning error, for its message.

23 } else if err != nil {

24 return false, false, accName, err

25 }

26 defer func() {

27 err := acc.Close()

28 log.Check(err, "closing account")

29 }()

30 return true, false, accName, nil

31}

32

33func (accountSessionAuth) add(ctx context.Context, log mlog.Log, accountName string, loginAddress string) (sessionToken store.SessionToken, csrfToken store.CSRFToken, rerr error) {

34 return store.SessionAdd(ctx, log, accountName, loginAddress)

35}

36

37func (accountSessionAuth) use(ctx context.Context, log mlog.Log, accountName string, sessionToken store.SessionToken, csrfToken store.CSRFToken) (loginAddress string, rerr error) {

38 ls, err := store.SessionUse(ctx, log, accountName, sessionToken, csrfToken)

39 if err != nil {

40 return "", err

41 }

42 return ls.LoginAddress, nil

43}

44

45func (accountSessionAuth) remove(ctx context.Context, log mlog.Log, accountName string, sessionToken store.SessionToken) error {

46 return store.SessionRemove(ctx, log, accountName, sessionToken)

47}

48