local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

feat: don't require a password for data export from users authenticated with third-party auth

Browse source
This commit is contained in:
kolaente 2021-10-31 12:37:08 +01:00
parent cc612d505f
commit 9eca971c93
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
2 changed files with 23 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
pkg/routes/api/v1/user_export.go
View file

@ -30,16 +30,6 @@ import (
) )
func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err error) { func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err error) {
var pass UserPasswordConfirmation
if err := c.Bind(&pass); err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(pass)
if err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err)
}
s = db.NewSession() s = db.NewSession()
defer s.Close() defer s.Close()
@ -54,6 +44,21 @@ func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err erro
return nil, nil, handler.HandleHTTPError(err, c) return nil, nil, handler.HandleHTTPError(err, c)
} }
// Users authenticated with a third-party are unable to provide their password.
if u.Issuer != user.IssuerLocal {
return
}
var pass UserPasswordConfirmation
if err := c.Bind(&pass); err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(pass)
if err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err)
}
err = user.CheckUserPassword(u, pass.Password) err = user.CheckUserPassword(u, pass.Password)
if err != nil { if err != nil {
_ = s.Rollback() _ = s.Rollback()

16
pkg/user/user_create.go
View file

@ -24,13 +24,13 @@ import (
"xorm.io/xorm" "xorm.io/xorm"
) )
const issuerLocal = `local` const IssuerLocal = `local`
// CreateUser creates a new user and inserts it into the database // CreateUser creates a new user and inserts it into the database
func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) { func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
if user.Issuer == "" { if user.Issuer == "" {
user.Issuer = issuerLocal user.Issuer = IssuerLocal
} }
// Check if we have all needed information // Check if we have all needed information
@ -45,7 +45,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
return nil, err return nil, err
} }
if user.Issuer == issuerLocal { if user.Issuer == IssuerLocal {
// Hash the password // Hash the password
user.Password, err = HashPassword(user.Password) user.Password, err = HashPassword(user.Password)
if err != nil { if err != nil {
@ -76,7 +76,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
} }
// Dont send a mail if no mailer is configured // Dont send a mail if no mailer is configured
if !config.MailerEnabled.GetBool() || user.Issuer != issuerLocal { if !config.MailerEnabled.GetBool() || user.Issuer != IssuerLocal {
return newUserOut, err return newUserOut, err
} }
@ -112,8 +112,8 @@ func HashPassword(password string) (string, error) {
func checkIfUserIsValid(user *User) error { func checkIfUserIsValid(user *User) error {
if user.Email == "" || if user.Email == "" ||
(user.Issuer != issuerLocal && user.Subject == "") || (user.Issuer != IssuerLocal && user.Subject == "") ||
(user.Issuer == issuerLocal && (user.Password == "" || (user.Issuer == IssuerLocal && (user.Password == "" ||
user.Username == "")) { user.Username == "")) {
return ErrNoUsernamePassword{} return ErrNoUsernamePassword{}
} }
@ -143,7 +143,7 @@ func checkIfUserExists(s *xorm.Session, user *User) (err error) {
Subject: user.Subject, Subject: user.Subject,
} }
if user.Issuer != issuerLocal { if user.Issuer != IssuerLocal {
userToCheck.Email = "" userToCheck.Email = ""
} }
@ -155,7 +155,7 @@ func checkIfUserExists(s *xorm.Session, user *User) (err error) {
return err return err
} }
} }
if exists && user.Issuer == issuerLocal { if exists && user.Issuer == IssuerLocal {
return ErrUserEmailExists{user.ID, user.Email} return ErrUserEmailExists{user.ID, user.Email}
} }