Feature: ban abusive users

dcposch · May 3, 2016 · 91c2f80 · 91c2f80
1 parent aa6531d
commit 91c2f80
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 8 deletions.
diff --git a/src/scramble/auth.go b/src/scramble/auth.go
@@ -29,11 +29,17 @@ func authenticateUserPass(token string, passHash string, passHashOld string) (*U
 	}
 
 	// verify password
-	if passHash == userID.PasswordHash && passHash != "" {
-		return userID, nil
+	if (passHash == "" || passHash != userID.PasswordHash) &&
+	   (passHashOld == "" || passHashOld != userID.PasswordHashOld) {
+		return nil, errors.New("Incorrect passphrase")
 	}
-	if passHashOld == userID.PasswordHashOld && passHashOld != "" {
-		return userID, nil
+
+	// check if the user is banned
+	if (userID.IsBanned) {
+		return nil, errors.New("User " + token + " has been banned. " +
+			"If you think this is in error, please address questions to hello@scramble.io")
 	}
-	return nil, errors.New("Incorrect passphrase")
+
+	// success
+	return userID, nil
 }
diff --git a/src/scramble/migrations.go b/src/scramble/migrations.go
@@ -26,6 +26,7 @@ var migrations = []func() error{
 	migrateBoxRemoveError,
 	migrateAddUserSecondaryEmail,
 	migrateAddUnreadEmail,
+	migrateAddUserBan,
 }
 
 func migrateDb() {
@@ -449,3 +450,10 @@ func migrateAddUnreadEmail() error {
 	`)
 	return err
 }
+
+func migrateAddUserBan() error {
+	_, err := db.Exec(`ALTER TABLE user ADD COLUMN
+		is_banned BOOLEAN NOT NULL DEFAULT FALSE;
+	`)
+	return err
+}
diff --git a/src/scramble/models.go b/src/scramble/models.go
@@ -18,6 +18,7 @@ type UserID struct {
 	PublicHash      string
 	EmailAddress    string
 	EmailHost       string
+	IsBanned	bool
 }
 
 // EmailHeader has standard headers and an PGP-encrypted subject. No body.

diff --git a/src/scramble/repo.go b/src/scramble/repo.go
@@ -108,13 +108,14 @@ func LoadUser(token string) *User {
 func LoadUserID(token string) *UserID {
 	var user UserID
 	user.Token = token
-	err := db.QueryRow("select"+
-		" password_hash, password_hash_old, public_hash, email_host"+
+	err := db.QueryRow("select " +
+		" password_hash, password_hash_old, public_hash, email_host, is_banned" +
 		" from user where token=?", token).Scan(
 		&user.PasswordHash,
 		&user.PasswordHashOld,
 		&user.PublicHash,
-		&user.EmailHost)
+		&user.EmailHost,
+		&user.IsBanned)
 	user.EmailAddress = user.Token + "@" + user.EmailHost
 	if err == sql.ErrNoRows {
 		return nil