Permalink
Browse files

Give username to NewUser(), strip permissions on blacklisted user

  • Loading branch information...
lfkeitel committed Oct 30, 2017
1 parent 1742bb5 commit 918adf21820c286ff50ffff43c152e5b3180467a
Showing with 27 additions and 10 deletions.
  1. +1 −2 src/auth/auth_test.go
  2. +16 −0 src/models/stores/blacklistStore.go
  3. +4 −7 src/models/stores/userStore.go
  4. +6 −1 src/models/user.go
@@ -100,8 +100,7 @@ func TestLogoutUser(t *testing.T) {
session.Set("loggedin", true)
session.Set("username", "Tester")
user := models.NewUser(e, stores.NewUserStore(e), stores.NewBlacklistItem(stores.NewBlacklistStore(e)))
user.Username = "Tester"
user := models.NewUser(e, stores.NewUserStore(e), stores.NewBlacklistItem(stores.NewBlacklistStore(e)), "Tester")
req, _ := http.NewRequest("", "", nil)
req = common.SetEnvironmentToContext(req, e)
@@ -28,20 +28,36 @@ func GetBlacklistStore(e *common.Environment) *BlacklistStore {
}
func (b *BlacklistStore) IsBlacklisted(s string) bool {
if s == "" {
return false
}
sql := `SELECT "id" FROM "blacklist" WHERE "value" = ?`
if b.e.DB == nil {
b.e.Log.Alert("Database is nil in blacklist store")
return false
}
var id int
row := b.e.DB.QueryRow(sql, s)
err := row.Scan(&id)
return (err == nil)
}
func (b *BlacklistStore) AddToBlacklist(s string) error {
if s == "" {
return nil
}
sql := `INSERT INTO "blacklist" ("value") VALUES (?)`
_, err := b.e.DB.Exec(sql, s)
return err
}
func (b *BlacklistStore) RemoveFromBlacklist(s string) error {
if s == "" {
return nil
}
sql := `DELETE FROM "blacklist" WHERE "value" = ?`
_, err := b.e.DB.Exec(sql, s)
return err
@@ -34,20 +34,17 @@ func GetUserStore(e *common.Environment) *UserStore {
func (s *UserStore) GetUserByUsername(username string) (*models.User, error) {
if username == "" {
return models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e))), nil
return models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)), ""), nil
}
username = strings.ToLower(username)
sql := `WHERE "username" = ?`
users, err := s.getUsersFromDatabase(sql, username)
if len(users) == 0 {
u := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)))
u.Username = username
u.LoadRights()
u := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)), username)
return u, err
}
users[0].LoadRights()
return users[0], nil
}
@@ -104,9 +101,8 @@ func (s *UserStore) getUsersFromDatabase(where string, values ...interface{}) ([
continue
}
user := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)))
user := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)), username)
user.ID = id
user.Username = username
user.HasPassword = (password != "")
user.DeviceLimit = models.UserDeviceLimit(deviceLimit)
user.ValidStart = time.Unix(validStart, 0)
@@ -126,6 +122,7 @@ func (s *UserStore) getUsersFromDatabase(where string, values ...interface{}) ([
Mode: models.UserExpiration(expirationType),
Value: defaultExpiration,
}
user.LoadRights() // Above all rights are overriden, we need to reapply admin and configured rights
results = append(results, user)
}
return results, nil
@@ -40,7 +40,7 @@ type User struct {
}
// NewUser creates a new base user
func NewUser(e *common.Environment, us UserStore, b BlacklistItem) *User {
func NewUser(e *common.Environment, us UserStore, b BlacklistItem, username string) *User {
// User with the following attributes:
// Device limit is global
// Device Expiration is global
@@ -50,6 +50,7 @@ func NewUser(e *common.Environment, us UserStore, b BlacklistItem) *User {
e: e,
blacklist: b,
store: us,
Username: username,
DeviceLimit: UserDeviceLimitGlobal,
DeviceExpiration: &UserDeviceExpiration{Mode: UserDeviceExpirationGlobal},
ValidStart: time.Unix(0, 0),
@@ -83,6 +84,10 @@ func (u *User) LoadRights() {
u.Rights = u.Rights.With(APIRead)
u.Rights = u.Rights.With(APIWrite)
}
if u.IsBlacklisted() {
u.Rights = u.Rights.Without(ManageOwnRights)
}
}
func (u *User) IsNew() bool {

0 comments on commit 918adf2

Please sign in to comment.