File: login-controller.hpp

package info (click to toggle)
libzeep 7.3.2-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,372 kB
  • sloc: cpp: 17,430; javascript: 180; makefile: 12; sh: 11
file content (77 lines) | stat: -rw-r--r-- 2,644 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
// Copyright Maarten L. Hekkelman, Radboud University 2008-2013.
//        Copyright Maarten L. Hekkelman, 2014-2026
//   Distributed under the Boost Software License, Version 1.0.
//      (See accompanying file LICENSE_1_0.txt or copy at
//            http://www.boost.org/LICENSE_1_0.txt)

#pragma once

/// \file
/// definition of the zeep::login_controller class. This class inherits from
/// html::controller and provides a default for /login and /logout handling.

#include "zeep/http/html-controller.hpp"
#include "zeep/http/reply.hpp"

#include <zeem/document.hpp>

#include <string>

// --------------------------------------------------------------------
//

namespace zeep::http
{

class request;
class scope;

// --------------------------------------------------------------------

/// \brief http controller that handles login and logout
///
/// There is a html version of this controller as well, that one is a bit nicer

class login_controller : public html_controller
{
  public:
	login_controller(const std::string &prefix_path = "/");

	/// \brief bind this controller to \a server
	///
	/// Makes sure the server has a security context and adds rules
	/// to this security context to allow access to the /login page
	void set_server(basic_server *server) override;

	/// \brief return the XHTML login form, subclasses can override this to provide custom login forms
	///
	/// The document returned should have input fields for 'username', 'password' and a hidden '_csrf'
	/// and 'uri' value.
	///
	/// The _csrf value is used to guard against CSRF attacks. The uri is the location to redirect to
	/// in case of a valid login.
	///
	/// \param req		The request that triggered this call
	[[nodiscard]] virtual zeem::document load_login_form(const request &req) const;

	/// \brief Create an error reply for an unauthorized access
	///
	/// An error handler may call this method to create a decent login screen.
	/// \param req		The request that triggered this call
	/// \param rep		Write the reply in this object
	virtual void create_unauth_reply(const request &req, reply &rep);

	/// \brief Handle a GET on /login
	[[nodiscard]] reply handle_get_login(const scope &scope_);

	/// \brief Handle a POST on /login
	[[nodiscard]] reply handle_post_login(const scope &scope_, const std::string &username, const std::string &password);

	/// \brief Handle a GET or POST on /logout
	[[nodiscard]] reply handle_logout(const scope &scope_);

	/// \brief Return a reply for a redirect to the requested or default destination.
	[[nodiscard]] reply create_redirect_for_request(const request &req) const;
};

} // namespace zeep::http