From 9eca971c938699d481915fb6e14c765aea1fa3b5 Mon Sep 17 00:00:00 2001 From: kolaente Date: Sun, 31 Oct 2021 12:37:08 +0100 Subject: [PATCH] feat: don't require a password for data export from users authenticated with third-party auth --- pkg/routes/api/v1/user_export.go | 25 +++++++++++++++---------- pkg/user/user_create.go | 16 ++++++++-------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/pkg/routes/api/v1/user_export.go b/pkg/routes/api/v1/user_export.go index c731d0cf33..dc88851bfe 100644 --- a/pkg/routes/api/v1/user_export.go +++ b/pkg/routes/api/v1/user_export.go @@ -30,16 +30,6 @@ import ( ) func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err error) { - var pass UserPasswordConfirmation - if err := c.Bind(&pass); err != nil { - return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.") - } - - err = c.Validate(pass) - if err != nil { - return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err) - } - s = db.NewSession() defer s.Close() @@ -54,6 +44,21 @@ func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err erro return nil, nil, handler.HandleHTTPError(err, c) } + // Users authenticated with a third-party are unable to provide their password. + if u.Issuer != user.IssuerLocal { + return + } + + var pass UserPasswordConfirmation + if err := c.Bind(&pass); err != nil { + return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.") + } + + err = c.Validate(pass) + if err != nil { + return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err) + } + err = user.CheckUserPassword(u, pass.Password) if err != nil { _ = s.Rollback() diff --git a/pkg/user/user_create.go b/pkg/user/user_create.go index f445eb884b..1ccecdafdb 100644 --- a/pkg/user/user_create.go +++ b/pkg/user/user_create.go @@ -24,13 +24,13 @@ import ( "xorm.io/xorm" ) -const issuerLocal = `local` +const IssuerLocal = `local` // CreateUser creates a new user and inserts it into the database func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) { if user.Issuer == "" { - user.Issuer = issuerLocal + user.Issuer = IssuerLocal } // Check if we have all needed information @@ -45,7 +45,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) { return nil, err } - if user.Issuer == issuerLocal { + if user.Issuer == IssuerLocal { // Hash the password user.Password, err = HashPassword(user.Password) if err != nil { @@ -76,7 +76,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) { } // Dont send a mail if no mailer is configured - if !config.MailerEnabled.GetBool() || user.Issuer != issuerLocal { + if !config.MailerEnabled.GetBool() || user.Issuer != IssuerLocal { return newUserOut, err } @@ -112,8 +112,8 @@ func HashPassword(password string) (string, error) { func checkIfUserIsValid(user *User) error { if user.Email == "" || - (user.Issuer != issuerLocal && user.Subject == "") || - (user.Issuer == issuerLocal && (user.Password == "" || + (user.Issuer != IssuerLocal && user.Subject == "") || + (user.Issuer == IssuerLocal && (user.Password == "" || user.Username == "")) { return ErrNoUsernamePassword{} } @@ -143,7 +143,7 @@ func checkIfUserExists(s *xorm.Session, user *User) (err error) { Subject: user.Subject, } - if user.Issuer != issuerLocal { + if user.Issuer != IssuerLocal { userToCheck.Email = "" } @@ -155,7 +155,7 @@ func checkIfUserExists(s *xorm.Session, user *User) (err error) { return err } } - if exists && user.Issuer == issuerLocal { + if exists && user.Issuer == IssuerLocal { return ErrUserEmailExists{user.ID, user.Email} }