Hide a users email everywhere (#69)

This commit is contained in:
konrad 2019-04-01 18:19:55 +00:00 committed by Gitea
parent ac5446e4f5
commit 19faee0102
9 changed files with 32 additions and 42 deletions

View file

@ -86,7 +86,7 @@ Sorry for some of them being in German, I'll tranlate them at some point.
* [ ] Namespace teams
* [ ] Teams
* [ ] Team member handling
* [ ] Add a `User.AfterLoad()` which obfuscates the email address
* [x] Add a `User.AfterLoad()` which obfuscates the email address
* [ ] Sometimes `done` from a task is not updated (returns `done: false` but `done:true` is being sent to the server)
### Docs

View file

@ -49,7 +49,6 @@ func TestLabelTask_ReadAll(t *testing.T) {
ID: 2,
Username: "user2",
Password: "1234",
Email: "user2@example.com",
},
},
},

View file

@ -46,7 +46,6 @@ func TestLabel_ReadAll(t *testing.T) {
ID: 1,
Username: "user1",
Password: "1234",
Email: "user1@example.com",
}
tests := []struct {
name string
@ -87,7 +86,6 @@ func TestLabel_ReadAll(t *testing.T) {
ID: 2,
Username: "user2",
Password: "1234",
Email: "user2@example.com",
},
},
},
@ -141,7 +139,6 @@ func TestLabel_ReadOne(t *testing.T) {
ID: 1,
Username: "user1",
Password: "1234",
Email: "user1@example.com",
}
tests := []struct {
name string
@ -196,7 +193,6 @@ func TestLabel_ReadOne(t *testing.T) {
ID: 2,
Username: "user2",
Password: "1234",
Email: "user2@example.com",
},
},
auth: &User{ID: 1},

View file

@ -160,7 +160,6 @@ func TestListUser_ReadAll(t *testing.T) {
ID: 1,
Username: "user1",
Password: "1234",
Email: "user1@example.com",
},
Right: RightRead,
},
@ -169,7 +168,6 @@ func TestListUser_ReadAll(t *testing.T) {
ID: 2,
Username: "user2",
Password: "1234",
Email: "user2@example.com",
},
Right: RightRead,
},

View file

@ -161,7 +161,6 @@ func TestNamespaceUser_ReadAll(t *testing.T) {
ID: 1,
Username: "user1",
Password: "1234",
Email: "user1@example.com",
},
Right: RightRead,
},
@ -170,7 +169,6 @@ func TestNamespaceUser_ReadAll(t *testing.T) {
ID: 2,
Username: "user2",
Password: "1234",
Email: "user2@example.com",
},
Right: RightRead,
},

View file

@ -44,7 +44,7 @@ type User struct {
Username string `xorm:"varchar(250) not null unique" json:"username" valid:"length(3|250)" minLength:"3" maxLength:"250"`
Password string `xorm:"varchar(250) not null" json:"-"`
// The user's email address.
Email string `xorm:"varchar(250) null" json:"email" valid:"email,length(0|250)" maxLength:"250"`
Email string `xorm:"varchar(250) null" json:"email,omitonempty" valid:"email,length(0|250)" maxLength:"250"`
IsActive bool `xorm:"null" json:"-"`
PasswordResetToken string `xorm:"varchar(450) null" json:"-"`
@ -58,6 +58,11 @@ type User struct {
web.Auth `xorm:"-" json:"-"`
}
// AfterLoad is used to delete all emails to not have them leaked to the user
func (u *User) AfterLoad() {
u.Email = ""
}
// AuthDummy implements the auth of the crud handler
func (User) AuthDummy() {}

View file

@ -1,6 +1,6 @@
// GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
// This file was generated by swaggo/swag at
// 2019-03-21 18:42:06.413170199 +0100 CET m=+0.170405951
// 2019-04-01 20:03:30.060598671 +0200 CEST m=+0.311389858
package swagger
@ -14,7 +14,7 @@ import (
var doc = `{
"swagger": "2.0",
"info": {
"description": "This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. \u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e\n# Authorization\n**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + "`" + `Authorization: Bearer \u003cjwt-token\u003e` + "`" + `-header to authenticate successfully.\n\n**BasicAuth:** Only used when requesting tasks via caldav.\n\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e",
"description": "\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e",
"title": "Vikunja API",
"contact": {
"name": "General Vikunja contact",
@ -391,7 +391,7 @@ var doc = `{
"JWTKeyAuth": []
}
],
"description": "Returns a list by its ID.",
"description": "Returns a team by its ID.",
"consumes": [
"application/json"
],
@ -399,13 +399,13 @@ var doc = `{
"application/json"
],
"tags": [
"list"
"team"
],
"summary": "Gets one list",
"summary": "Gets one team",
"parameters": [
{
"type": "integer",
"description": "List ID",
"description": "Team ID",
"name": "id",
"in": "path",
"required": true
@ -413,14 +413,14 @@ var doc = `{
],
"responses": {
"200": {
"description": "The list",
"description": "The team",
"schema": {
"type": "object",
"$ref": "#/definitions/models.List"
"$ref": "#/definitions/models.Team"
}
},
"403": {
"description": "The user does not have access to the list",
"description": "The user does not have access to the team",
"schema": {
"type": "object",
"$ref": "#/definitions/code.vikunja.io.web.HTTPError"

View file

@ -1,7 +1,7 @@
{
"swagger": "2.0",
"info": {
"description": "This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. \u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e\n# Authorization\n**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + \"`\" + `Authorization: Bearer \u003cjwt-token\u003e` + \"`\" + `-header to authenticate successfully.\n\n**BasicAuth:** Only used when requesting tasks via caldav.\n\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e",
"description": "\u003c!-- ReDoc-Inject: \u003csecurity-definitions\u003e --\u003e",
"title": "Vikunja API",
"contact": {
"name": "General Vikunja contact",
@ -378,7 +378,7 @@
"JWTKeyAuth": []
}
],
"description": "Returns a list by its ID.",
"description": "Returns a team by its ID.",
"consumes": [
"application/json"
],
@ -386,13 +386,13 @@
"application/json"
],
"tags": [
"list"
"team"
],
"summary": "Gets one list",
"summary": "Gets one team",
"parameters": [
{
"type": "integer",
"description": "List ID",
"description": "Team ID",
"name": "id",
"in": "path",
"required": true
@ -400,14 +400,14 @@
],
"responses": {
"200": {
"description": "The list",
"description": "The team",
"schema": {
"type": "object",
"$ref": "#/definitions/models.List"
"$ref": "#/definitions/models.Team"
}
},
"403": {
"description": "The user does not have access to the list",
"description": "The user does not have access to the team",
"schema": {
"type": "object",
"$ref": "#/definitions/code.vikunja.io/web.HTTPError"

View file

@ -631,13 +631,7 @@ info:
email: hello@vikunja.io
name: General Vikunja contact
url: http://vikunja.io/en/contact/
description: |-
This is the documentation for the [Vikunja](http://vikunja.io) API. Vikunja is a cross-plattform Todo-application with a lot of features, such as sharing lists with users or teams. <!-- ReDoc-Inject: <security-definitions> -->
# Authorization
**JWT-Auth:** Main authorization method, used for most of the requests. Needs ` + "`" + `Authorization: Bearer <jwt-token>` + "`" + `-header to authenticate successfully.
**BasicAuth:** Only used when requesting tasks via caldav.
<!-- ReDoc-Inject: <security-definitions> -->
description: '<!-- ReDoc-Inject: <security-definitions> -->'
license:
name: GPLv3
url: http://code.vikunja.io/api/src/branch/master/LICENSE
@ -922,9 +916,9 @@ paths:
get:
consumes:
- application/json
description: Returns a list by its ID.
description: Returns a team by its ID.
parameters:
- description: List ID
- description: Team ID
in: path
name: id
required: true
@ -933,12 +927,12 @@ paths:
- application/json
responses:
"200":
description: The list
description: The team
schema:
$ref: '#/definitions/models.List'
$ref: '#/definitions/models.Team'
type: object
"403":
description: The user does not have access to the list
description: The user does not have access to the team
schema:
$ref: '#/definitions/code.vikunja.io/web.HTTPError'
type: object
@ -949,9 +943,9 @@ paths:
type: object
security:
- JWTKeyAuth: []
summary: Gets one list
summary: Gets one team
tags:
- list
- team
post:
consumes:
- application/json