Pass through the ResponseWriter to allow cookie renewal

Signed-off-by: Knut Ahlers <knut@ahlers.me>

auth_simple.go

@@ -53,7 +53,7 @@ func (a *authSimple) Configure(yamlSource []byte) error {
 // a cookie, header or other methods
 // If no user was detected the errNoValidUserFound needs to be
 // returned
-func (a authSimple) DetectUser(r *http.Request) (string, []string, error) {
+func (a authSimple) DetectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) {
 	var user string
 
 	if a.EnableBasicAuth {

auth_token.go

@@ -47,7 +47,7 @@ func (a *authToken) Configure(yamlSource []byte) error {
 // a cookie, header or other methods
 // If no user was detected the errNoValidUserFound needs to be
 // returned
-func (a authToken) DetectUser(r *http.Request) (string, []string, error) {
+func (a authToken) DetectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) {
 	authHeader := r.Header.Get("Authorization")
 
 	if !strings.HasPrefix(authHeader, "Token ") {

auth_yubikey.go

@@ -55,7 +55,7 @@ func (a *authYubikey) Configure(yamlSource []byte) error {
 // a cookie, header or other methods
 // If no user was detected the errNoValidUserFound needs to be
 // returned
-func (a authYubikey) DetectUser(r *http.Request) (string, []string, error) {
+func (a authYubikey) DetectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) {
 	sess, err := cookieStore.Get(r, strings.Join([]string{mainCfg.Cookie.Prefix, a.AuthenticatorID()}, "-"))
 	if err != nil {
 		return "", nil, errNoValidUserFound

main.go

@@ -106,7 +106,7 @@ func main() {
 }
 
 func handleAuthRequest(res http.ResponseWriter, r *http.Request) {
-	user, groups, err := detectUser(r)
+	user, groups, err := detectUser(res, r)
 
 	switch err {
 	case errNoValidUserFound:
@@ -128,7 +128,7 @@ func handleAuthRequest(res http.ResponseWriter, r *http.Request) {
 }
 
 func handleLoginRequest(res http.ResponseWriter, r *http.Request) {
-	if _, _, err := detectUser(r); err == nil {
+	if _, _, err := detectUser(res, r); err == nil {
 		// There is already a valid user
 		http.Redirect(res, r, r.URL.Query().Get("go"), http.StatusFound)
 		return

registry.go

@@ -24,7 +24,7 @@ type authenticator interface {
 	// a cookie, header or other methods
 	// If no user was detected the errNoValidUserFound needs to be
 	// returned
-	DetectUser(r *http.Request) (user string, groups []string, err error)
+	DetectUser(res http.ResponseWriter, r *http.Request) (user string, groups []string, err error)
 
 	// Login is called when the user submits the login form and needs
 	// to authenticate the user or throw an error. If the user has
@@ -94,12 +94,12 @@ func initializeAuthenticators(yamlSource []byte) error {
 	return nil
 }
 
-func detectUser(r *http.Request) (string, []string, error) {
+func detectUser(res http.ResponseWriter, r *http.Request) (string, []string, error) {
 	authenticatorRegistryMutex.RLock()
 	defer authenticatorRegistryMutex.RUnlock()
 
 	for _, a := range activeAuthenticators {
-		user, groups, err := a.DetectUser(r)
+		user, groups, err := a.DetectUser(res, r)
 		switch err {
 		case nil:
 			return user, groups, err