funkythings
/
api
forked from vikunja/vikunja
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix(user): allow openid users to request their deletion 

Resolves https://community.vikunja.io/t/delete-user-not-possible-when-using-oidc/1689/4
This commit is contained in:
kolaente 2023-10-11 19:06:59 +02:00
parent 58497f29e6
commit 9a29b29a04
Signed by untrusted user: konrad
GPG Key ID: F40E70337AB24C9B
2 changed files with 39 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
pkg/routes/api/v1/user_deletion.go
View File

@ -47,20 +47,11 @@ type UserDeletionRequestConfirm struct {
// @Failure 500 {object} models.Message "Internal error" // @Failure 500 {object} models.Message "Internal error"
// @Router /user/deletion/request [post] // @Router /user/deletion/request [post]
func UserRequestDeletion(c echo.Context) error { func UserRequestDeletion(c echo.Context) error {
var deletionRequest UserPasswordConfirmation
if err := c.Bind(&deletionRequest); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err := c.Validate(deletionRequest)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err)
}
s := db.NewSession() s := db.NewSession()
defer s.Close() defer s.Close()
err = s.Begin() err := s.Begin()
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
@ -71,10 +62,22 @@ func UserRequestDeletion(c echo.Context) error {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
err = user.CheckUserPassword(u, deletionRequest.Password) if u.IsLocalUser() {
if err != nil { var deletionRequest UserPasswordConfirmation
_ = s.Rollback() if err := c.Bind(&deletionRequest); err != nil {
return handler.HandleHTTPError(err, c) return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(deletionRequest)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err)
}
err = user.CheckUserPassword(u, deletionRequest.Password)
if err != nil {
_ = s.Rollback()
return handler.HandleHTTPError(err, c)
}
} }
err = user.RequestDeletion(s, u) err = user.RequestDeletion(s, u)
@ -155,20 +158,11 @@ func UserConfirmDeletion(c echo.Context) error {
// @Failure 500 {object} models.Message "Internal error" // @Failure 500 {object} models.Message "Internal error"
// @Router /user/deletion/cancel [post] // @Router /user/deletion/cancel [post]
func UserCancelDeletion(c echo.Context) error { func UserCancelDeletion(c echo.Context) error {
var deletionRequest UserPasswordConfirmation
if err := c.Bind(&deletionRequest); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err := c.Validate(deletionRequest)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err)
}
s := db.NewSession() s := db.NewSession()
defer s.Close() defer s.Close()
err = s.Begin() err := s.Begin()
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
@ -179,10 +173,22 @@ func UserCancelDeletion(c echo.Context) error {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
err = user.CheckUserPassword(u, deletionRequest.Password) if u.IsLocalUser() {
if err != nil { var deletionRequest UserPasswordConfirmation
_ = s.Rollback() if err := c.Bind(&deletionRequest); err != nil {
return handler.HandleHTTPError(err, c) return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(deletionRequest)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, err)
}
err = user.CheckUserPassword(u, deletionRequest.Password)
if err != nil {
_ = s.Rollback()
return handler.HandleHTTPError(err, c)
}
} }
err = user.CancelDeletion(s, u) err = user.CancelDeletion(s, u)

6
pkg/user/user.go
View File

@ -154,7 +154,7 @@ func (u *User) GetID() int64 {
} }
// TableName returns the table name for users // TableName returns the table name for users
func (User) TableName() string { func (*User) TableName() string {
return "users" return "users"
} }
@ -353,6 +353,10 @@ func CheckUserCredentials(s *xorm.Session, u *Login) (*User, error) {
return user, nil return user, nil
} }
func (u *User) IsLocalUser() bool {
return u.Issuer == IssuerLocal
}
func handleFailedPassword(user *User) { func handleFailedPassword(user *User) {
key := user.GetFailedPasswordAttemptsKey() key := user.GetFailedPasswordAttemptsKey()
err := keyvalue.IncrBy(key, 1) err := keyvalue.IncrBy(key, 1)