diff --git a/Featurecreep.md b/Featurecreep.md index 67ab4f66c..9eca58d90 100644 --- a/Featurecreep.md +++ b/Featurecreep.md @@ -86,7 +86,7 @@ Sorry for some of them being in German, I'll tranlate them at some point. * [ ] Namespace teams * [ ] Teams * [ ] Team member handling -* [ ] Add a `User.AfterLoad()` which obfuscates the email address +* [x] Add a `User.AfterLoad()` which obfuscates the email address * [ ] Sometimes `done` from a task is not updated (returns `done: false` but `done:true` is being sent to the server) ### Docs diff --git a/pkg/models/label_task_test.go b/pkg/models/label_task_test.go index 60b53b283..f4d857a4e 100644 --- a/pkg/models/label_task_test.go +++ b/pkg/models/label_task_test.go @@ -49,7 +49,6 @@ func TestLabelTask_ReadAll(t *testing.T) { ID: 2, Username: "user2", Password: "1234", - Email: "user2@example.com", }, }, }, diff --git a/pkg/models/label_test.go b/pkg/models/label_test.go index 07c78f7b0..008e345ab 100644 --- a/pkg/models/label_test.go +++ b/pkg/models/label_test.go @@ -46,7 +46,6 @@ func TestLabel_ReadAll(t *testing.T) { ID: 1, Username: "user1", Password: "1234", - Email: "user1@example.com", } tests := []struct { name string @@ -87,7 +86,6 @@ func TestLabel_ReadAll(t *testing.T) { ID: 2, Username: "user2", Password: "1234", - Email: "user2@example.com", }, }, }, @@ -141,7 +139,6 @@ func TestLabel_ReadOne(t *testing.T) { ID: 1, Username: "user1", Password: "1234", - Email: "user1@example.com", } tests := []struct { name string @@ -196,7 +193,6 @@ func TestLabel_ReadOne(t *testing.T) { ID: 2, Username: "user2", Password: "1234", - Email: "user2@example.com", }, }, auth: &User{ID: 1}, diff --git a/pkg/models/list_users_test.go b/pkg/models/list_users_test.go index 6f60a89d9..ca7059a8c 100644 --- a/pkg/models/list_users_test.go +++ b/pkg/models/list_users_test.go @@ -160,7 +160,6 @@ func TestListUser_ReadAll(t *testing.T) { ID: 1, Username: "user1", Password: "1234", - Email: "user1@example.com", }, Right: RightRead, }, @@ -169,7 +168,6 @@ func TestListUser_ReadAll(t *testing.T) { ID: 2, Username: "user2", Password: "1234", - Email: "user2@example.com", }, Right: RightRead, }, diff --git a/pkg/models/namespace_users_test.go b/pkg/models/namespace_users_test.go index ec0265f3a..492f076d9 100644 --- a/pkg/models/namespace_users_test.go +++ b/pkg/models/namespace_users_test.go @@ -161,7 +161,6 @@ func TestNamespaceUser_ReadAll(t *testing.T) { ID: 1, Username: "user1", Password: "1234", - Email: "user1@example.com", }, Right: RightRead, }, @@ -170,7 +169,6 @@ func TestNamespaceUser_ReadAll(t *testing.T) { ID: 2, Username: "user2", Password: "1234", - Email: "user2@example.com", }, Right: RightRead, }, diff --git a/pkg/models/user.go b/pkg/models/user.go index 14ffadfef..3f79b06b4 100644 --- a/pkg/models/user.go +++ b/pkg/models/user.go @@ -44,7 +44,7 @@ type User struct { Username string `xorm:"varchar(250) not null unique" json:"username" valid:"length(3|250)" minLength:"3" maxLength:"250"` Password string `xorm:"varchar(250) not null" json:"-"` // The user's email address. - Email string `xorm:"varchar(250) null" json:"email" valid:"email,length(0|250)" maxLength:"250"` + Email string `xorm:"varchar(250) null" json:"email,omitonempty" valid:"email,length(0|250)" maxLength:"250"` IsActive bool `xorm:"null" json:"-"` PasswordResetToken string `xorm:"varchar(450) null" json:"-"` @@ -58,6 +58,11 @@ type User struct { web.Auth `xorm:"-" json:"-"` } +// AfterLoad is used to delete all emails to not have them leaked to the user +func (u *User) AfterLoad() { + u.Email = "" +} + // AuthDummy implements the auth of the crud handler func (User) AuthDummy() {} diff --git a/pkg/swagger/docs.go b/pkg/swagger/docs.go index 7fe3fa143..4bc8cfb8a 100644 --- a/pkg/swagger/docs.go +++ b/pkg/swagger/docs.go @@ -1,6 +1,6 @@ // GENERATED BY THE COMMAND ABOVE; DO NOT EDIT // This file was generated by swaggo/swag at -// 2019-03-21 18:42:06.413170199 +0100 CET m=+0.170405951 +// 2019-04-01 20:03:30.060598671 +0200 CEST m=+0.311389858 package swagger @@ -14,7 +14,7 @@ import ( var doc = `{ "swagger": "2.0", "info": { - "description": "This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. \u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e\n# Authorization\n**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + "`" + `Authorization: Bearer \u003cjwt-token\u003e` + "`" + `-header to authenticate successfully.\n\n**BasicAuth:** Only used when requesting tasks via caldav.\n\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e", + "description": "\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e", "title": "Vikunja API", "contact": { "name": "General Vikunja contact", @@ -391,7 +391,7 @@ var doc = `{ "JWTKeyAuth": [] } ], - "description": "Returns a list by its ID.", + "description": "Returns a team by its ID.", "consumes": [ "application/json" ], @@ -399,13 +399,13 @@ var doc = `{ "application/json" ], "tags": [ - "list" + "team" ], - "summary": "Gets one list", + "summary": "Gets one team", "parameters": [ { "type": "integer", - "description": "List ID", + "description": "Team ID", "name": "id", "in": "path", "required": true @@ -413,14 +413,14 @@ var doc = `{ ], "responses": { "200": { - "description": "The list", + "description": "The team", "schema": { "type": "object", - "$ref": "#/definitions/models.List" + "$ref": "#/definitions/models.Team" } }, "403": { - "description": "The user does not have access to the list", + "description": "The user does not have access to the team", "schema": { "type": "object", "$ref": "#/definitions/code.vikunja.io.web.HTTPError" diff --git a/pkg/swagger/swagger.json b/pkg/swagger/swagger.json index 3508534a7..1f2ccd5bb 100644 --- a/pkg/swagger/swagger.json +++ b/pkg/swagger/swagger.json @@ -1,7 +1,7 @@ { "swagger": "2.0", "info": { - "description": "This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. \u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e\n# Authorization\n**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + \"`\" + `Authorization: Bearer \u003cjwt-token\u003e` + \"`\" + `-header to authenticate successfully.\n\n**BasicAuth:** Only used when requesting tasks via caldav.\n\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e", + "description": "\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e", "title": "Vikunja API", "contact": { "name": "General Vikunja contact", @@ -378,7 +378,7 @@ "JWTKeyAuth": [] } ], - "description": "Returns a list by its ID.", + "description": "Returns a team by its ID.", "consumes": [ "application/json" ], @@ -386,13 +386,13 @@ "application/json" ], "tags": [ - "list" + "team" ], - "summary": "Gets one list", + "summary": "Gets one team", "parameters": [ { "type": "integer", - "description": "List ID", + "description": "Team ID", "name": "id", "in": "path", "required": true @@ -400,14 +400,14 @@ ], "responses": { "200": { - "description": "The list", + "description": "The team", "schema": { "type": "object", - "$ref": "#/definitions/models.List" + "$ref": "#/definitions/models.Team" } }, "403": { - "description": "The user does not have access to the list", + "description": "The user does not have access to the team", "schema": { "type": "object", "$ref": "#/definitions/code.vikunja.io/web.HTTPError" diff --git a/pkg/swagger/swagger.yaml b/pkg/swagger/swagger.yaml index 48a31f15a..0b155b8ec 100644 --- a/pkg/swagger/swagger.yaml +++ b/pkg/swagger/swagger.yaml @@ -631,13 +631,7 @@ info: email: hello@vikunja.io name: General Vikunja contact url: http://vikunja.io/en/contact/ - description: |- - This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. - # Authorization - **JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + "`" + `Authorization: Bearer ` + "`" + `-header to authenticate successfully. - - **BasicAuth:** Only used when requesting tasks via caldav. - + description: '' license: name: GPLv3 url: http://code.vikunja.io/api/src/branch/master/LICENSE @@ -922,9 +916,9 @@ paths: get: consumes: - application/json - description: Returns a list by its ID. + description: Returns a team by its ID. parameters: - - description: List ID + - description: Team ID in: path name: id required: true @@ -933,12 +927,12 @@ paths: - application/json responses: "200": - description: The list + description: The team schema: - $ref: '#/definitions/models.List' + $ref: '#/definitions/models.Team' type: object "403": - description: The user does not have access to the list + description: The user does not have access to the team schema: $ref: '#/definitions/code.vikunja.io/web.HTTPError' type: object @@ -949,9 +943,9 @@ paths: type: object security: - JWTKeyAuth: [] - summary: Gets one list + summary: Gets one team tags: - - list + - team post: consumes: - application/json