Fix getting the user and validating the request
This commit is contained in:
parent
6b02671dbd
commit
523aaa9090
GPG Key ID:
F40E70337AB24C9B
|
|
@ -28,11 +28,11 @@ import (
|
|||
)
|
||||
|
||||
type UserDeletionRequest struct {
|
||||
Password string `json:"password"`
|
||||
Password string `json:"password" valid:"required"`
|
||||
}
|
||||
|
||||
type UserDeletionRequestConfirm struct {
|
||||
Token string `json:"token"`
|
||||
Token string `json:"token" valid:"required"`
|
||||
}
|
||||
|
||||
// UserRequestDeletion is the handler to request a user deletion process (sends a mail)
|
||||
|
|
@ -52,15 +52,20 @@ func UserRequestDeletion(c echo.Context) error {
|
|||
return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
|
||||
}
|
||||
|
||||
err := c.Validate(deletionRequest)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusBadRequest, err)
|
||||
}
|
||||
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
err := s.Begin()
|
||||
err = s.Begin()
|
||||
if err != nil {
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
|
||||
u, err := user.GetCurrentUser(c)
|
||||
u, err := user.GetCurrentUserFromDB(s, c)
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
return handler.HandleHTTPError(err, c)
|
||||
|
|
@ -104,15 +109,20 @@ func UserConfirmDeletion(c echo.Context) error {
|
|||
return echo.NewHTTPError(http.StatusBadRequest, "No token provided.")
|
||||
}
|
||||
|
||||
err := c.Validate(deleteConfirmation)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusBadRequest, err)
|
||||
}
|
||||
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
err := s.Begin()
|
||||
err = s.Begin()
|
||||
if err != nil {
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
|
||||
u, err := user.GetCurrentUser(c)
|
||||
u, err := user.GetCurrentUserFromDB(s, c)
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
return handler.HandleHTTPError(err, c)
|
||||
|
|
@ -150,15 +160,20 @@ func UserCancelDeletion(c echo.Context) error {
|
|||
return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
|
||||
}
|
||||
|
||||
err := c.Validate(deletionRequest)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusBadRequest, err)
|
||||
}
|
||||
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
err := s.Begin()
|
||||
err = s.Begin()
|
||||
if err != nil {
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
|
||||
u, err := user.GetCurrentUser(c)
|
||||
u, err := user.GetCurrentUserFromDB(s, c)
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
return handler.HandleHTTPError(err, c)
|
||||
|
|
|
|||
|
|
@ -370,6 +370,16 @@ func CheckUserPassword(user *User, password string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// GetCurrentUserFromDB gets a user from jwt claims and returns the full user from the db.
|
||||
func GetCurrentUserFromDB(s *xorm.Session, c echo.Context) (user *User, err error) {
|
||||
u, err := GetCurrentUser(c)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return GetUserByID(s, u.ID)
|
||||
}
|
||||
|
||||
// GetCurrentUser returns the current user based on its jwt token
|
||||
func GetCurrentUser(c echo.Context) (user *User, err error) {
|
||||
jwtinf := c.Get("user").(*jwt.Token)
|
||||
|
|
|
|||
Loading…
Reference in New Issue