PLT-2905 fixing upgrade of SSO accounts (#2962)

* PLT-2905 fixing upgrade of SSO accounts * Fixing multiple Auths mapped to different emails
author: Corey Hulen <corey@hulen.com> 2016-05-11 11:04:30 -0700
committer: Christopher Speller <crspeller@gmail.com> 2016-05-11 14:04:30 -0400
commit: 3928535456f9fcb025ed86edeb4d258f2c524150 (patch)
tree: 010f4bd298f23b92711affcdef81cc329c522e67 /api
parent: a574397a7256bed7738f499019f97ab468b5161d (diff)
download: chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.gz
chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.bz2
chat-3928535456f9fcb025ed86edeb4d258f2c524150.zip
5 files changed, 22 insertions, 15 deletions
diff --git a/api/admin_test.go b/api/admin_test.go
index 933c3d59c..f3d3ec4ed 100644
--- a/api/admin_test.go
+++ b/api/admin_test.go
@@ -457,7 +457,8 @@ func TestAdminResetPassword(t *testing.T) {
 		t.Fatal("Should have errored - password too short")
 	}
 
-	user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"}
+	authData := model.NewId()
+	user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: &authData, AuthService: "random"}
 	user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User)
 	LinkUserToTeam(user2, team)
 	store.Must(Srv.Store.User().VerifyEmail(user2.Id))
diff --git a/api/authentication.go b/api/authentication.go
index 10ed578e1..9243947ad 100644
--- a/api/authentication.go
+++ b/api/authentication.go
@@ -39,17 +39,17 @@ func checkUserPassword(user *model.User, password string) *model.AppError {
 	}
 }
 
-func checkLdapUserPasswordAndAllCriteria(ldapId, password, mfaToken string) (*model.User, *model.AppError) {
+func checkLdapUserPasswordAndAllCriteria(ldapId *string, password string, mfaToken string) (*model.User, *model.AppError) {
 	ldapInterface := einterfaces.GetLdapInterface()
 
-	if ldapInterface == nil {
+	if ldapInterface == nil || ldapId == nil {
 		err := model.NewLocAppError("doLdapAuthentication", "api.user.login_ldap.not_available.app_error", nil, "")
 		err.StatusCode = http.StatusNotImplemented
 		return nil, err
 	}
 
 	var user *model.User
-	if ldapUser, err := ldapInterface.DoLogin(ldapId, password); err != nil {
+	if ldapUser, err := ldapInterface.DoLogin(*ldapId, password); err != nil {
 		err.StatusCode = http.StatusUnauthorized
 		return nil, err
 	} else {
diff --git a/api/oauth.go b/api/oauth.go
index 0375f4e6f..37ca5ce0a 100644
--- a/api/oauth.go
+++ b/api/oauth.go
@@ -600,8 +600,11 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request,
 		return
 	} else {
 		ssoUser := provider.GetUserFromJson(userData)
-		authData = ssoUser.AuthData
 		ssoEmail = ssoUser.Email
+
+		if ssoUser.AuthData != nil {
+			authData = *ssoUser.AuthData
+		}
 	}
 
 	if len(authData) == 0 {
@@ -628,7 +631,7 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request,
 		return
 	}
 
-	if result := <-Srv.Store.User().UpdateAuthData(user.Id, service, authData, ssoEmail); result.Err != nil {
+	if result := <-Srv.Store.User().UpdateAuthData(user.Id, service, &authData, ssoEmail); result.Err != nil {
 		c.Err = result.Err
 		return
 	}
diff --git a/api/user.go b/api/user.go
index c53a643c7..4b9c3a3c8 100644
--- a/api/user.go
+++ b/api/user.go
@@ -535,7 +535,7 @@ func LoginByOAuth(c *Context, w http.ResponseWriter, r *http.Request, service st
 	}
 
 	var user *model.User
-	if result := <-Srv.Store.User().GetByAuth(authData, service); result.Err != nil {
+	if result := <-Srv.Store.User().GetByAuth(&authData, service); result.Err != nil {
 		if result.Err.Id == store.MISSING_AUTH_ACCOUNT_ERROR {
 			return CreateOAuthUser(c, w, r, service, bytes.NewReader(buf.Bytes()), "")
 		}
@@ -1289,7 +1289,8 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
 		}
 
 		rusers[0].Password = ""
-		rusers[0].AuthData = ""
+		rusers[0].AuthData = new(string)
+		*rusers[0].AuthData = ""
 		w.Write([]byte(rusers[0].ToJson()))
 	}
 }
@@ -1337,7 +1338,7 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	user := result.Data.(*model.User)
 
-	if user.AuthData != "" {
+	if user.AuthData != nil && *user.AuthData != "" {
 		c.LogAudit("failed - tried to update user password who was logged in through oauth")
 		c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService)
 		c.Err.StatusCode = http.StatusBadRequest
@@ -1653,7 +1654,7 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
 		user = result.Data.(*model.User)
 	}
 
-	if len(user.AuthData) != 0 {
+	if user.AuthData != nil && len(*user.AuthData) != 0 {
 		c.Err = model.NewLocAppError("sendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id)
 		return
 	}
@@ -1749,7 +1750,7 @@ func ResetPassword(c *Context, userId, newPassword string) *model.AppError {
 		user = result.Data.(*model.User)
 	}
 
-	if len(user.AuthData) != 0 && !c.IsSystemAdmin() {
+	if user.AuthData != nil && len(*user.AuthData) != 0 && !c.IsSystemAdmin() {
 		return model.NewLocAppError("ResetPassword", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id)
 
 	}
@@ -2148,13 +2149,13 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	ldapInterface := einterfaces.GetLdapInterface()
-	if ldapInterface == nil {
+	if ldapInterface == nil || user.AuthData == nil {
 		c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "")
 		c.Err.StatusCode = http.StatusNotImplemented
 		return
 	}
 
-	if err := ldapInterface.CheckPassword(user.AuthData, ldapPassword); err != nil {
+	if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil {
 		c.LogAuditWithUserId(user.Id, "fail - ldap authentication failed")
 		c.Err = err
 		return
diff --git a/api/user_test.go b/api/user_test.go
index 9dd57dc20..c34d32c11 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -1109,7 +1109,8 @@ func TestSendPasswordReset(t *testing.T) {
 		t.Fatal("Should have errored - bad email")
 	}
 
-	user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"}
+	authData := model.NewId()
+	user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: &authData, AuthService: "random"}
 	user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User)
 	LinkUserToTeam(user2, team)
 	store.Must(Srv.Store.User().VerifyEmail(user2.Id))
@@ -1178,7 +1179,8 @@ func TestResetPassword(t *testing.T) {
 		recovery = result.Data.(*model.PasswordRecovery)
 	}
 
-	if result := <-Srv.Store.User().UpdateAuthData(user.Id, "random", "1", ""); result.Err != nil {
+	authData := model.NewId()
+	if result := <-Srv.Store.User().UpdateAuthData(user.Id, "random", &authData, ""); result.Err != nil {
 		t.Fatal(result.Err)
 	}
author	Corey Hulen <corey@hulen.com>	2016-05-11 11:04:30 -0700
committer	Christopher Speller <crspeller@gmail.com>	2016-05-11 14:04:30 -0400
commit	3928535456f9fcb025ed86edeb4d258f2c524150 (patch)
tree	010f4bd298f23b92711affcdef81cc329c522e67 /api
parent	a574397a7256bed7738f499019f97ab468b5161d (diff)
download	chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.gz chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.bz2 chat-3928535456f9fcb025ed86edeb4d258f2c524150.zip