|
|
@ -18,6 +18,7 @@ import (
|
|
|
|
"io/ioutil"
|
|
|
|
"io/ioutil"
|
|
|
|
"net/http"
|
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"os"
|
|
|
|
|
|
|
|
"sort"
|
|
|
|
"strconv"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"strings"
|
|
|
|
"time"
|
|
|
|
"time"
|
|
|
@ -61,11 +62,14 @@ const (
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
|
|
|
|
func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(http.ResponseWriter, *http.Request)) {
|
|
|
|
|
|
|
|
emailsTried := make(map[string]bool)
|
|
|
|
for _, cert := range r.TLS.PeerCertificates {
|
|
|
|
for _, cert := range r.TLS.PeerCertificates {
|
|
|
|
for _, extKeyUsage := range cert.ExtKeyUsage {
|
|
|
|
for _, extKeyUsage := range cert.ExtKeyUsage {
|
|
|
|
if extKeyUsage == x509.ExtKeyUsageClientAuth {
|
|
|
|
if extKeyUsage == x509.ExtKeyUsageClientAuth {
|
|
|
|
for _, emailAddress := range cert.EmailAddresses {
|
|
|
|
for _, emailAddress := range cert.EmailAddresses {
|
|
|
|
voter, err := FindVoterByAddress(emailAddress)
|
|
|
|
emailLower := strings.ToLower(emailAddress)
|
|
|
|
|
|
|
|
emailsTried[emailLower] = true
|
|
|
|
|
|
|
|
voter, err := FindVoterByAddress(emailLower)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
return
|
|
|
@ -82,8 +86,18 @@ func authenticateRequest(w http.ResponseWriter, r *http.Request, handler func(ht
|
|
|
|
}
|
|
|
|
}
|
|
|
|
needsAuth, ok := r.Context().Value(ctxNeedsAuth).(bool)
|
|
|
|
needsAuth, ok := r.Context().Value(ctxNeedsAuth).(bool)
|
|
|
|
if ok && needsAuth {
|
|
|
|
if ok && needsAuth {
|
|
|
|
|
|
|
|
var templateContext struct {
|
|
|
|
|
|
|
|
PageTitle string
|
|
|
|
|
|
|
|
Voter *Voter
|
|
|
|
|
|
|
|
Flashes interface{}
|
|
|
|
|
|
|
|
Emails []string
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
for k := range emailsTried {
|
|
|
|
|
|
|
|
templateContext.Emails = append(templateContext.Emails, k)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
sort.Strings(templateContext.Emails)
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
w.WriteHeader(http.StatusForbidden)
|
|
|
|
renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, nil)
|
|
|
|
renderTemplate(w, []string{"denied.html", "header.html", "footer.html"}, templateContext)
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
handler(w, r)
|
|
|
|
handler(w, r)
|
|
|
|