shilch
/
api
forked from vikunja/vikunja
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: don't require a password for data export from users authenticated with third-party auth

This commit is contained in:
kolaente 2021-10-31 12:37:08 +01:00
parent cc612d505f
commit 9eca971c93
Signed by untrusted user: konrad
GPG Key ID: F40E70337AB24C9B
2 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/routes/api/v1/user_export.go
View File

@ -30,16 +30,6 @@ import (
)
func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err error) {
var pass UserPasswordConfirmation
if err := c.Bind(&pass); err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(pass)
if err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err)
}
s = db.NewSession()
defer s.Close()
@ -54,6 +44,21 @@ func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err erro
return nil, nil, handler.HandleHTTPError(err, c)
}
// Users authenticated with a third-party are unable to provide their password.
if u.Issuer != user.IssuerLocal {
return
}
var pass UserPasswordConfirmation
if err := c.Bind(&pass); err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(pass)
if err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err)
}
err = user.CheckUserPassword(u, pass.Password)
if err != nil {
_ = s.Rollback()

16
pkg/user/user_create.go
View File

@ -24,13 +24,13 @@ import (
"xorm.io/xorm"
)
const issuerLocal = `local`
const IssuerLocal = `local`
// CreateUser creates a new user and inserts it into the database
func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
if user.Issuer == "" {
user.Issuer = issuerLocal
user.Issuer = IssuerLocal
}
// Check if we have all needed information
@ -45,7 +45,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
return nil, err
}
if user.Issuer == issuerLocal {
if user.Issuer == IssuerLocal {
// Hash the password
user.Password, err = HashPassword(user.Password)
if err != nil {
@ -76,7 +76,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
}
// Dont send a mail if no mailer is configured
if !config.MailerEnabled.GetBool() || user.Issuer != issuerLocal {
if !config.MailerEnabled.GetBool() || user.Issuer != IssuerLocal {
return newUserOut, err
}
@ -112,8 +112,8 @@ func HashPassword(password string) (string, error) {
func checkIfUserIsValid(user *User) error {
if user.Email == "" ||
(user.Issuer != issuerLocal && user.Subject == "") ||
(user.Issuer == issuerLocal && (user.Password == "" ||
(user.Issuer != IssuerLocal && user.Subject == "") ||
(user.Issuer == IssuerLocal && (user.Password == "" ||
user.Username == "")) {
return ErrNoUsernamePassword{}
}
@ -143,7 +143,7 @@ func checkIfUserExists(s *xorm.Session, user *User) (err error) {
Subject: user.Subject,
}
if user.Issuer != issuerLocal {
if user.Issuer != IssuerLocal {
userToCheck.Email = ""
}
@ -155,7 +155,7 @@ func checkIfUserExists(s *xorm.Session, user *User) (err error) {
return err
}
}
if exists && user.Issuer == issuerLocal {
if exists && user.Issuer == IssuerLocal {
return ErrUserEmailExists{user.ID, user.Email}
}