Commit 7c359bdb authored by ale's avatar ale

Log keystore.Open on successful login

parent a7e8bbce
Pipeline #1561 passed with stages
in 1 minute and 34 seconds
......@@ -146,15 +146,17 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
func (h *Server) loginCallback(w http.ResponseWriter, req *http.Request, username, password string, userinfo *auth.UserInfo) error {
log.Printf("successful login for user %s", username)
// Open the keystore for this user with the password used to
// authenticate. Set the TTL to the duration of the
// authenticated session.
var kmsg string
if h.keystore != nil {
var shard string
if userinfo != nil {
shard = userinfo.Shard
kmsg = fmt.Sprintf(" (unlocked key on shard %s)", shard)
} else {
kmsg = " (unlocked key)"
if err := h.keystore.Open(req.Context(), shard, username, password, int(h.authSessionLifetime.Seconds())); err != nil {
log.Printf("failed to unlock keystore for user %s: %v", username, err)
......@@ -162,6 +164,8 @@ func (h *Server) loginCallback(w http.ResponseWriter, req *http.Request, usernam
log.Printf("successful login for user %s%s", username, kmsg)
// Create cookie-based session for the authenticated user.
session := newAuthSession(h.authSessionLifetime, username, userinfo)
httpSession, _ := h.authSessionStore.Get(req, authSessionKey) // nolint
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment