From 918adf21820c286ff50ffff43c152e5b3180467a Mon Sep 17 00:00:00 2001
From: Lee Keitel <lfkeitel@usi.edu>
Date: Mon, 30 Oct 2017 09:27:50 -0500
Subject: [PATCH] Give username to NewUser(), strip permissions on blacklisted
 user

---
 src/auth/auth_test.go               |  3 +--
 src/models/stores/blacklistStore.go | 16 ++++++++++++++++
 src/models/stores/userStore.go      | 11 ++++-------
 src/models/user.go                  |  7 ++++++-
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/src/auth/auth_test.go b/src/auth/auth_test.go
index 5c3c613..822b57c 100644
--- a/src/auth/auth_test.go
+++ b/src/auth/auth_test.go
@@ -100,8 +100,7 @@ func TestLogoutUser(t *testing.T) {
 	session.Set("loggedin", true)
 	session.Set("username", "Tester")
 
-	user := models.NewUser(e, stores.NewUserStore(e), stores.NewBlacklistItem(stores.NewBlacklistStore(e)))
-	user.Username = "Tester"
+	user := models.NewUser(e, stores.NewUserStore(e), stores.NewBlacklistItem(stores.NewBlacklistStore(e)), "Tester")
 
 	req, _ := http.NewRequest("", "", nil)
 	req = common.SetEnvironmentToContext(req, e)
diff --git a/src/models/stores/blacklistStore.go b/src/models/stores/blacklistStore.go
index 245e0cb..074ed50 100644
--- a/src/models/stores/blacklistStore.go
+++ b/src/models/stores/blacklistStore.go
@@ -28,7 +28,15 @@ func GetBlacklistStore(e *common.Environment) *BlacklistStore {
 }
 
 func (b *BlacklistStore) IsBlacklisted(s string) bool {
+	if s == "" {
+		return false
+	}
+
 	sql := `SELECT "id" FROM "blacklist" WHERE "value" = ?`
+	if b.e.DB == nil {
+		b.e.Log.Alert("Database is nil in blacklist store")
+		return false
+	}
 	var id int
 	row := b.e.DB.QueryRow(sql, s)
 	err := row.Scan(&id)
@@ -36,12 +44,20 @@ func (b *BlacklistStore) IsBlacklisted(s string) bool {
 }
 
 func (b *BlacklistStore) AddToBlacklist(s string) error {
+	if s == "" {
+		return nil
+	}
+
 	sql := `INSERT INTO "blacklist" ("value") VALUES (?)`
 	_, err := b.e.DB.Exec(sql, s)
 	return err
 }
 
 func (b *BlacklistStore) RemoveFromBlacklist(s string) error {
+	if s == "" {
+		return nil
+	}
+
 	sql := `DELETE FROM "blacklist" WHERE "value" = ?`
 	_, err := b.e.DB.Exec(sql, s)
 	return err
diff --git a/src/models/stores/userStore.go b/src/models/stores/userStore.go
index a607302..ee003ad 100644
--- a/src/models/stores/userStore.go
+++ b/src/models/stores/userStore.go
@@ -34,7 +34,7 @@ func GetUserStore(e *common.Environment) *UserStore {
 
 func (s *UserStore) GetUserByUsername(username string) (*models.User, error) {
 	if username == "" {
-		return models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e))), nil
+		return models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)), ""), nil
 	}
 
 	username = strings.ToLower(username)
@@ -42,12 +42,9 @@ func (s *UserStore) GetUserByUsername(username string) (*models.User, error) {
 	sql := `WHERE "username" = ?`
 	users, err := s.getUsersFromDatabase(sql, username)
 	if len(users) == 0 {
-		u := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)))
-		u.Username = username
-		u.LoadRights()
+		u := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)), username)
 		return u, err
 	}
-	users[0].LoadRights()
 	return users[0], nil
 }
 
@@ -104,9 +101,8 @@ func (s *UserStore) getUsersFromDatabase(where string, values ...interface{}) ([
 			continue
 		}
 
-		user := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)))
+		user := models.NewUser(s.e, s, NewBlacklistItem(GetBlacklistStore(s.e)), username)
 		user.ID = id
-		user.Username = username
 		user.HasPassword = (password != "")
 		user.DeviceLimit = models.UserDeviceLimit(deviceLimit)
 		user.ValidStart = time.Unix(validStart, 0)
@@ -126,6 +122,7 @@ func (s *UserStore) getUsersFromDatabase(where string, values ...interface{}) ([
 			Mode:  models.UserExpiration(expirationType),
 			Value: defaultExpiration,
 		}
+		user.LoadRights() // Above all rights are overriden, we need to reapply admin and configured rights
 		results = append(results, user)
 	}
 	return results, nil
diff --git a/src/models/user.go b/src/models/user.go
index 63993fa..4d5e6cd 100644
--- a/src/models/user.go
+++ b/src/models/user.go
@@ -40,7 +40,7 @@ type User struct {
 }
 
 // NewUser creates a new base user
-func NewUser(e *common.Environment, us UserStore, b BlacklistItem) *User {
+func NewUser(e *common.Environment, us UserStore, b BlacklistItem, username string) *User {
 	// User with the following attributes:
 	// Device limit is global
 	// Device Expiration is global
@@ -50,6 +50,7 @@ func NewUser(e *common.Environment, us UserStore, b BlacklistItem) *User {
 		e:                e,
 		blacklist:        b,
 		store:            us,
+		Username:         username,
 		DeviceLimit:      UserDeviceLimitGlobal,
 		DeviceExpiration: &UserDeviceExpiration{Mode: UserDeviceExpirationGlobal},
 		ValidStart:       time.Unix(0, 0),
@@ -83,6 +84,10 @@ func (u *User) LoadRights() {
 		u.Rights = u.Rights.With(APIRead)
 		u.Rights = u.Rights.With(APIWrite)
 	}
+
+	if u.IsBlacklisted() {
+		u.Rights = u.Rights.Without(ManageOwnRights)
+	}
 }
 
 func (u *User) IsNew() bool {