Add authenticated user to context

2025-04-03 20:47:35 +03:00 · 2020-01-20 18:12:17 -05:00 · 2020-01-20 18:12:17 -05:00 · 2cc983638c
commit 2cc983638c
parent 28cd3ec3e4
2 changed files with 14 additions and 8 deletions
--- a/server/subsonic/middlewares.go
+++ b/server/subsonic/middlewares.go
@ -32,10 +32,10 @@ func checkRequiredParameters(next http.Handler) http.Handler {
 		client := ParamString(r, "c")
 		version := ParamString(r, "v")
 		ctx := r.Context()
-		ctx = context.WithValue(ctx, "user", user)
+		ctx = context.WithValue(ctx, "username", user)
 		ctx = context.WithValue(ctx, "client", client)
 		ctx = context.WithValue(ctx, "version", version)
-		log.Info(ctx, "New Subsonic API request", "user", user, "client", client, "version", version, "path", r.URL.Path)
+		log.Info(ctx, "New Subsonic API request", "username", user, "client", client, "version", version, "path", r.URL.Path)

 		r = r.WithContext(ctx)
 		next.ServeHTTP(w, r)
@ -45,24 +45,28 @@ func checkRequiredParameters(next http.Handler) http.Handler {
 func authenticate(users engine.Users) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			user := ParamString(r, "u")
+			username := ParamString(r, "u")
 			pass := ParamString(r, "p")
 			token := ParamString(r, "t")
 			salt := ParamString(r, "s")

-			_, err := users.Authenticate(user, pass, token, salt)
+			usr, err := users.Authenticate(username, pass, token, salt)
 			if err == model.ErrInvalidAuth {
-				log.Warn(r, "Invalid login", "user", user, err)
+				log.Warn(r, "Invalid login", "username", username, err)
 			} else if err != nil {
-				log.Error(r, "Error authenticating user", "user", user, err)
+				log.Error(r, "Error authenticating username", "username", username, err)
 			}

 			if err != nil {
-				log.Warn(r, "Invalid login", "user", user)
+				log.Warn(r, "Invalid login", "username", username)
 				SendError(w, r, NewError(responses.ErrorAuthenticationFail))
 				return
 			}

+			ctx := r.Context()
+			ctx = context.WithValue(ctx, "user", usr)
+			r = r.WithContext(ctx)
+
 			next.ServeHTTP(w, r)
 		})
 	}
--- a/server/subsonic/middlewares_test.go
+++ b/server/subsonic/middlewares_test.go
@ -33,7 +33,7 @@ var _ = Describe("Middlewares", func() {
 			cp := checkRequiredParameters(next)
 			cp.ServeHTTP(w, r)

-			Expect(next.req.Context().Value("user")).To(Equal("user"))
+			Expect(next.req.Context().Value("username")).To(Equal("user"))
 			Expect(next.req.Context().Value("version")).To(Equal("1.15"))
 			Expect(next.req.Context().Value("client")).To(Equal("test"))
 			Expect(next.called).To(BeTrue())
@ -83,6 +83,8 @@ var _ = Describe("Middlewares", func() {
 			Expect(mockedUser.token).To(Equal("token"))
 			Expect(mockedUser.salt).To(Equal("salt"))
 			Expect(next.called).To(BeTrue())
+			user := next.req.Context().Value("user").(*model.User)
+			Expect(user.UserName).To(Equal("valid"))
 		})

 		It("fails authentication with wrong password", func() {