Permalink
Browse files

Add support for a system user

This allow us to issue management API tokens when we know the JWT secret.
This in turns will let us give management API access to cloud functions, etc
that needs this to update user app metadata
  • Loading branch information...
biilmann committed Sep 25, 2017
1 parent 9e189c1 commit 21abf0da182b5831fe841a410792174a79a183ed
Showing with 27 additions and 0 deletions.
  1. +7 −0 api/helpers.go
  2. +20 −0 models/user.go
View
@@ -39,6 +39,13 @@ func getUserFromClaims(ctx context.Context, conn storage.Connection) (*models.Us
if claims.Subject == "" {
return nil, errors.New("Invalid claim: id")
}
if claims.Subject == models.SystemUserID {
// System User
instance := getInstance(ctx)
return models.NewSystemUser(instance.ID, claims.Audience), nil
}
return conn.FindUserByID(claims.Subject)
}
View
@@ -2,6 +2,7 @@ package models
import (
"encoding/json"
"errors"
"strings"
"time"
@@ -11,6 +12,8 @@ import (
"golang.org/x/crypto/bcrypt"
)
const SystemUserID = "0"
// User respresents a registered user with email/password authentication
type User struct {
InstanceID string `json:"-"`
@@ -65,6 +68,15 @@ func NewUser(instanceID string, email, password, aud string, userData map[string
return user, nil
}
func NewSystemUser(instanceID, aud string) *User {
return &User{
InstanceID: instanceID,
ID: SystemUserID,
Aud: aud,
IsSuperAdmin: true,
}
}
func (u *User) BeforeCreate(tx *gorm.DB) error {
return u.BeforeUpdate()
}
@@ -86,6 +98,10 @@ func (u *User) AfterFind() (err error) {
}
func (u *User) BeforeUpdate() error {
if u.ID == SystemUserID {
return errors.New("Cannot persist system user")
}
if u.AppMetaData != nil {
data, err := json.Marshal(u.AppMetaData)
if err != nil {
@@ -105,6 +121,10 @@ func (u *User) BeforeUpdate() error {
}
func (u *User) BeforeSave() error {
if u.ID == SystemUserID {
return errors.New("Cannot persist system user")
}
if u.ConfirmedAt != nil && u.ConfirmedAt.IsZero() {
u.ConfirmedAt = nil
}

0 comments on commit 21abf0d

Please sign in to comment.