local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Hide a users email everywhere (#69)

Browse source
This commit is contained in:
konrad 2019-04-01 18:19:55 +00:00 committed by Gitea
parent ac5446e4f5
commit 19faee0102
9 changed files with 32 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Featurecreep.md
View file

@ -86,7 +86,7 @@ Sorry for some of them being in German, I'll tranlate them at some point.
* [ ] Namespace teams * [ ] Namespace teams
* [ ] Teams * [ ] Teams
* [ ] Team member handling * [ ] Team member handling
* [ ] Add a `User.AfterLoad()` which obfuscates the email address * [x] Add a `User.AfterLoad()` which obfuscates the email address
* [ ] Sometimes `done` from a task is not updated (returns `done: false` but `done:true` is being sent to the server) * [ ] Sometimes `done` from a task is not updated (returns `done: false` but `done:true` is being sent to the server)
### Docs ### Docs

1
pkg/models/label_task_test.go
View file

@ -49,7 +49,6 @@ func TestLabelTask_ReadAll(t *testing.T) {
ID: 2, ID: 2,
Username: "user2", Username: "user2",
Password: "1234", Password: "1234",
Email: "user2@example.com",
}, },
}, },
}, },

4
pkg/models/label_test.go
View file

@ -46,7 +46,6 @@ func TestLabel_ReadAll(t *testing.T) {
ID: 1, ID: 1,
Username: "user1", Username: "user1",
Password: "1234", Password: "1234",
Email: "user1@example.com",
} }
tests := []struct { tests := []struct {
name string name string
@ -87,7 +86,6 @@ func TestLabel_ReadAll(t *testing.T) {
ID: 2, ID: 2,
Username: "user2", Username: "user2",
Password: "1234", Password: "1234",
Email: "user2@example.com",
}, },
}, },
}, },
@ -141,7 +139,6 @@ func TestLabel_ReadOne(t *testing.T) {
ID: 1, ID: 1,
Username: "user1", Username: "user1",
Password: "1234", Password: "1234",
Email: "user1@example.com",
} }
tests := []struct { tests := []struct {
name string name string
@ -196,7 +193,6 @@ func TestLabel_ReadOne(t *testing.T) {
ID: 2, ID: 2,
Username: "user2", Username: "user2",
Password: "1234", Password: "1234",
Email: "user2@example.com",
}, },
}, },
auth: &User{ID: 1}, auth: &User{ID: 1},

2
pkg/models/list_users_test.go
View file

@ -160,7 +160,6 @@ func TestListUser_ReadAll(t *testing.T) {
ID: 1, ID: 1,
Username: "user1", Username: "user1",
Password: "1234", Password: "1234",
Email: "user1@example.com",
}, },
Right: RightRead, Right: RightRead,
}, },
@ -169,7 +168,6 @@ func TestListUser_ReadAll(t *testing.T) {
ID: 2, ID: 2,
Username: "user2", Username: "user2",
Password: "1234", Password: "1234",
Email: "user2@example.com",
}, },
Right: RightRead, Right: RightRead,
}, },

2
pkg/models/namespace_users_test.go
View file

@ -161,7 +161,6 @@ func TestNamespaceUser_ReadAll(t *testing.T) {
ID: 1, ID: 1,
Username: "user1", Username: "user1",
Password: "1234", Password: "1234",
Email: "user1@example.com",
}, },
Right: RightRead, Right: RightRead,
}, },
@ -170,7 +169,6 @@ func TestNamespaceUser_ReadAll(t *testing.T) {
ID: 2, ID: 2,
Username: "user2", Username: "user2",
Password: "1234", Password: "1234",
Email: "user2@example.com",
}, },
Right: RightRead, Right: RightRead,
}, },

7
pkg/models/user.go
View file

@ -44,7 +44,7 @@ type User struct {
Username string `xorm:"varchar(250) not null unique" json:"username" valid:"length(3|250)" minLength:"3" maxLength:"250"` Username string `xorm:"varchar(250) not null unique" json:"username" valid:"length(3|250)" minLength:"3" maxLength:"250"`
Password string `xorm:"varchar(250) not null" json:"-"` Password string `xorm:"varchar(250) not null" json:"-"`
// The user's email address. // The user's email address.
Email string `xorm:"varchar(250) null" json:"email" valid:"email,length(0|250)" maxLength:"250"` Email string `xorm:"varchar(250) null" json:"email,omitonempty" valid:"email,length(0|250)" maxLength:"250"`
IsActive bool `xorm:"null" json:"-"` IsActive bool `xorm:"null" json:"-"`
PasswordResetToken string `xorm:"varchar(450) null" json:"-"` PasswordResetToken string `xorm:"varchar(450) null" json:"-"`
@ -58,6 +58,11 @@ type User struct {
web.Auth `xorm:"-" json:"-"` web.Auth `xorm:"-" json:"-"`
} }
// AfterLoad is used to delete all emails to not have them leaked to the user
func (u *User) AfterLoad() {
u.Email = ""
}
// AuthDummy implements the auth of the crud handler // AuthDummy implements the auth of the crud handler
func (User) AuthDummy() {} func (User) AuthDummy() {}

18
pkg/swagger/docs.go
View file

@ -1,6 +1,6 @@
// GENERATED BY THE COMMAND ABOVE; DO NOT EDIT // GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
// This file was generated by swaggo/swag at // This file was generated by swaggo/swag at
// 2019-03-21 18:42:06.413170199 +0100 CET m=+0.170405951 // 2019-04-01 20:03:30.060598671 +0200 CEST m=+0.311389858
package swagger package swagger
@ -14,7 +14,7 @@ import (
var doc = `{ var doc = `{
"swagger": "2.0", "swagger": "2.0",
"info": { "info": {
"description": "This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. \u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e\n# Authorization\n**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + "`" + `Authorization: Bearer \u003cjwt-token\u003e` + "`" + `-header to authenticate successfully.\n\n**BasicAuth:** Only used when requesting tasks via caldav.\n\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e", "description": "\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e",
"title": "Vikunja API", "title": "Vikunja API",
"contact": { "contact": {
"name": "General Vikunja contact", "name": "General Vikunja contact",
@ -391,7 +391,7 @@ var doc = `{
"JWTKeyAuth": [] "JWTKeyAuth": []
} }
], ],
"description": "Returns a list by its ID.", "description": "Returns a team by its ID.",
"consumes": [ "consumes": [
"application/json" "application/json"
], ],
@ -399,13 +399,13 @@ var doc = `{
"application/json" "application/json"
], ],
"tags": [ "tags": [
"list" "team"
], ],
"summary": "Gets one list", "summary": "Gets one team",
"parameters": [ "parameters": [
{ {
"type": "integer", "type": "integer",
"description": "List ID", "description": "Team ID",
"name": "id", "name": "id",
"in": "path", "in": "path",
"required": true "required": true
@ -413,14 +413,14 @@ var doc = `{
], ],
"responses": { "responses": {
"200": { "200": {
"description": "The list", "description": "The team",
"schema": { "schema": {
"type": "object", "type": "object",
"$ref": "#/definitions/models.List" "$ref": "#/definitions/models.Team"
} }
}, },
"403": { "403": {
"description": "The user does not have access to the list", "description": "The user does not have access to the team",
"schema": { "schema": {
"type": "object", "type": "object",
"$ref": "#/definitions/code.vikunja.io.web.HTTPError" "$ref": "#/definitions/code.vikunja.io.web.HTTPError"

16
pkg/swagger/swagger.json
View file

@ -1,7 +1,7 @@
{ {
"swagger": "2.0", "swagger": "2.0",
"info": { "info": {
"description": "This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. \u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e\n# Authorization\n**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + \"`\" + `Authorization: Bearer \u003cjwt-token\u003e` + \"`\" + `-header to authenticate successfully.\n\n**BasicAuth:** Only used when requesting tasks via caldav.\n\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e", "description": "\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e",
"title": "Vikunja API", "title": "Vikunja API",
"contact": { "contact": {
"name": "General Vikunja contact", "name": "General Vikunja contact",
@ -378,7 +378,7 @@
"JWTKeyAuth": [] "JWTKeyAuth": []
} }
], ],
"description": "Returns a list by its ID.", "description": "Returns a team by its ID.",
"consumes": [ "consumes": [
"application/json" "application/json"
], ],
@ -386,13 +386,13 @@
"application/json" "application/json"
], ],
"tags": [ "tags": [
"list" "team"
], ],
"summary": "Gets one list", "summary": "Gets one team",
"parameters": [ "parameters": [
{ {
"type": "integer", "type": "integer",
"description": "List ID", "description": "Team ID",
"name": "id", "name": "id",
"in": "path", "in": "path",
"required": true "required": true
@ -400,14 +400,14 @@
], ],
"responses": { "responses": {
"200": { "200": {
"description": "The list", "description": "The team",
"schema": { "schema": {
"type": "object", "type": "object",
"$ref": "#/definitions/models.List" "$ref": "#/definitions/models.Team"
} }
}, },
"403": { "403": {
"description": "The user does not have access to the list", "description": "The user does not have access to the team",
"schema": { "schema": {
"type": "object", "type": "object",
"$ref": "#/definitions/code.vikunja.io/web.HTTPError" "$ref": "#/definitions/code.vikunja.io/web.HTTPError"

22
pkg/swagger/swagger.yaml
View file

@ -631,13 +631,7 @@ info:
email: hello@vikunja.io email: hello@vikunja.io
name: General Vikunja contact name: General Vikunja contact
url: http://vikunja.io/en/contact/ url: http://vikunja.io/en/contact/
description: |- description: '<!-- ReDoc-Inject: <security-definitions> -->'
This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. <!-- ReDoc-Inject: <security-definitions> -->
# Authorization
**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + "`" + `Authorization: Bearer <jwt-token>` + "`" + `-header to authenticate successfully.
**BasicAuth:** Only used when requesting tasks via caldav.
<!-- ReDoc-Inject: <security-definitions> -->
license: license:
name: GPLv3 name: GPLv3
url: http://code.vikunja.io/api/src/branch/master/LICENSE url: http://code.vikunja.io/api/src/branch/master/LICENSE
@ -922,9 +916,9 @@ paths:
get: get:
consumes: consumes:
- application/json - application/json
description: Returns a list by its ID. description: Returns a team by its ID.
parameters: parameters:
- description: List ID - description: Team ID
in: path in: path
name: id name: id
required: true required: true
@ -933,12 +927,12 @@ paths:
- application/json - application/json
responses: responses:
"200": "200":
description: The list description: The team
schema: schema:
$ref: '#/definitions/models.List' $ref: '#/definitions/models.Team'
type: object type: object
"403": "403":
description: The user does not have access to the list description: The user does not have access to the team
schema: schema:
$ref: '#/definitions/code.vikunja.io/web.HTTPError' $ref: '#/definitions/code.vikunja.io/web.HTTPError'
type: object type: object
@ -949,9 +943,9 @@ paths:
type: object type: object
security: security:
- JWTKeyAuth: [] - JWTKeyAuth: []
summary: Gets one list summary: Gets one team
tags: tags:
- list - team
post: post:
consumes: consumes:
- application/json - application/json