PLT-2905 fixing upgrade of SSO accounts (#2962)

* PLT-2905 fixing upgrade of SSO accounts * Fixing multiple Auths mapped to different emails
author: Corey Hulen <corey@hulen.com> 2016-05-11 11:04:30 -0700
committer: Christopher Speller <crspeller@gmail.com> 2016-05-11 14:04:30 -0400
commit: 3928535456f9fcb025ed86edeb4d258f2c524150 (patch)
tree: 010f4bd298f23b92711affcdef81cc329c522e67 /store
parent: a574397a7256bed7738f499019f97ab468b5161d (diff)
download: chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.gz
chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.bz2
chat-3928535456f9fcb025ed86edeb4d258f2c524150.zip
3 files changed, 49 insertions, 26 deletions
diff --git a/store/sql_user_store.go b/store/sql_user_store.go
index 974081a64..080d8d128 100644
--- a/store/sql_user_store.go
+++ b/store/sql_user_store.go
@@ -29,7 +29,7 @@ func NewSqlUserStore(sqlStore *SqlStore) UserStore {
 		table.ColMap("Id").SetMaxSize(26)
 		table.ColMap("Username").SetMaxSize(64).SetUnique(true)
 		table.ColMap("Password").SetMaxSize(128)
-		table.ColMap("AuthData").SetMaxSize(128)
+		table.ColMap("AuthData").SetMaxSize(128).SetUnique(true)
 		table.ColMap("AuthService").SetMaxSize(32)
 		table.ColMap("Email").SetMaxSize(128).SetUnique(true)
 		table.ColMap("Nickname").SetMaxSize(64)
@@ -265,7 +265,7 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne
 
 		updateAt := model.GetMillis()
 
-		if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, AuthData = '', AuthService = '', EmailVerified = true, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil {
+		if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, AuthData = NULL, AuthService = '', EmailVerified = true, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil {
 			result.Err = model.NewLocAppError("SqlUserStore.UpdatePassword", "store.sql_user.update_password.app_error", nil, "id="+userId+", "+err.Error())
 		} else {
 			result.Data = userId
@@ -297,7 +297,7 @@ func (us SqlUserStore) UpdateFailedPasswordAttempts(userId string, attempts int)
 	return storeChannel
 }
 
-func (us SqlUserStore) UpdateAuthData(userId, service, authData, email string) StoreChannel {
+func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *string, email string) StoreChannel {
 
 	storeChannel := make(StoreChannel)
 
@@ -513,7 +513,8 @@ func (us SqlUserStore) GetAllProfiles() StoreChannel {
 
 			for _, u := range users {
 				u.Password = ""
-				u.AuthData = ""
+				u.AuthData = new(string)
+				*u.AuthData = ""
 				userMap[u.Id] = u
 			}
 
@@ -564,7 +565,8 @@ func (us SqlUserStore) GetProfiles(teamId string) StoreChannel {
 
 			for _, u := range users {
 				u.Password = ""
-				u.AuthData = ""
+				u.AuthData = new(string)
+				*u.AuthData = ""
 				userMap[u.Id] = u
 			}
 
@@ -623,7 +625,8 @@ func (us SqlUserStore) GetDirectProfiles(userId string) StoreChannel {
 
 			for _, u := range users {
 				u.Password = ""
-				u.AuthData = ""
+				u.AuthData = new(string)
+				*u.AuthData = ""
 				userMap[u.Id] = u
 			}
 
@@ -665,7 +668,8 @@ func (us SqlUserStore) GetProfileByIds(userIds []string) StoreChannel {
 
 			for _, u := range users {
 				u.Password = ""
-				u.AuthData = ""
+				u.AuthData = new(string)
+				*u.AuthData = ""
 				userMap[u.Id] = u
 			}
 
@@ -696,7 +700,8 @@ func (us SqlUserStore) GetSystemAdminProfiles() StoreChannel {
 
 			for _, u := range users {
 				u.Password = ""
-				u.AuthData = ""
+				u.AuthData = new(string)
+				*u.AuthData = ""
 				userMap[u.Id] = u
 			}
 
@@ -734,20 +739,27 @@ func (us SqlUserStore) GetByEmail(email string) StoreChannel {
 	return storeChannel
 }
 
-func (us SqlUserStore) GetByAuth(authData string, authService string) StoreChannel {
+func (us SqlUserStore) GetByAuth(authData *string, authService string) StoreChannel {
 
 	storeChannel := make(StoreChannel)
 
 	go func() {
 		result := StoreResult{}
 
+		if authData == nil || *authData == "" {
+			result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", MISSING_AUTH_ACCOUNT_ERROR, nil, "authData='', authService="+authService)
+			storeChannel <- result
+			close(storeChannel)
+			return
+		}
+
 		user := model.User{}
 
 		if err := us.GetReplica().SelectOne(&user, "SELECT * FROM Users WHERE AuthData = :AuthData AND AuthService = :AuthService", map[string]interface{}{"AuthData": authData, "AuthService": authService}); err != nil {
 			if err == sql.ErrNoRows {
-				result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", MISSING_AUTH_ACCOUNT_ERROR, nil, "authData="+authData+", authService="+authService+", "+err.Error())
+				result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", MISSING_AUTH_ACCOUNT_ERROR, nil, "authData="+*authData+", authService="+authService+", "+err.Error())
 			} else {
-				result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", "store.sql_user.get_by_auth.other.app_error", nil, "authData="+authData+", authService="+authService+", "+err.Error())
+				result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", "store.sql_user.get_by_auth.other.app_error", nil, "authData="+*authData+", authService="+authService+", "+err.Error())
 			}
 		}
 
@@ -857,7 +869,8 @@ func (us SqlUserStore) GetForExport(teamId string) StoreChannel {
 		} else {
 			for _, u := range users {
 				u.Password = ""
-				u.AuthData = ""
+				u.AuthData = new(string)
+				*u.AuthData = ""
 			}
 
 			result.Data = users
diff --git a/store/sql_user_store_test.go b/store/sql_user_store_test.go
index b48da55f5..5c33ea0f1 100644
--- a/store/sql_user_store_test.go
+++ b/store/sql_user_store_test.go
@@ -458,9 +458,11 @@ func TestUserStoreGetByAuthData(t *testing.T) {
 
 	teamId := model.NewId()
 
+	auth := "123" + model.NewId()
+
 	u1 := &model.User{}
 	u1.Email = model.NewId()
-	u1.AuthData = "123" + model.NewId()
+	u1.AuthData = &auth
 	u1.AuthService = "service"
 	Must(store.User().Save(u1))
 	Must(store.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}))
@@ -469,7 +471,8 @@ func TestUserStoreGetByAuthData(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if err := (<-store.User().GetByAuth("", "")).Err; err == nil {
+	rauth := ""
+	if err := (<-store.User().GetByAuth(&rauth, "")).Err; err == nil {
 		t.Fatal("Should have failed because of missing auth data")
 	}
 }
@@ -497,19 +500,23 @@ func TestUserStoreGetByUsername(t *testing.T) {
 func TestUserStoreGetForLogin(t *testing.T) {
 	Setup()
 
+	auth := model.NewId()
+
 	u1 := &model.User{
 		Email:       model.NewId(),
 		Username:    model.NewId(),
 		AuthService: model.USER_AUTH_SERVICE_GITLAB,
-		AuthData:    model.NewId(),
+		AuthData:    &auth,
 	}
 	Must(store.User().Save(u1))
 
+	auth2 := model.NewId()
+
 	u2 := &model.User{
 		Email:       model.NewId(),
 		Username:    model.NewId(),
 		AuthService: model.USER_AUTH_SERVICE_LDAP,
-		AuthData:    model.NewId(),
+		AuthData:    &auth2,
 	}
 	Must(store.User().Save(u2))
 
@@ -525,14 +532,14 @@ func TestUserStoreGetForLogin(t *testing.T) {
 		t.Fatal("Should have gotten user1 by email")
 	}
 
-	if result := <-store.User().GetForLogin(u2.AuthData, true, true, true); result.Err != nil {
+	if result := <-store.User().GetForLogin(*u2.AuthData, true, true, true); result.Err != nil {
 		t.Fatal("Should have gotten user by LDAP AuthData", result.Err)
 	} else if result.Data.(*model.User).Id != u2.Id {
 		t.Fatal("Should have gotten user2 by LDAP AuthData")
 	}
 
 	// prevent getting user by AuthData when they're not an LDAP user
-	if result := <-store.User().GetForLogin(u1.AuthData, true, true, true); result.Err == nil {
+	if result := <-store.User().GetForLogin(*u1.AuthData, true, true, true); result.Err == nil {
 		t.Fatal("Should not have gotten user by non-LDAP AuthData")
 	}
 
@@ -545,23 +552,26 @@ func TestUserStoreGetForLogin(t *testing.T) {
 		t.Fatal("Should have failed to get user1 by email")
 	}
 
-	if result := <-store.User().GetForLogin(u2.AuthData, true, true, false); result.Err == nil {
+	if result := <-store.User().GetForLogin(*u2.AuthData, true, true, false); result.Err == nil {
 		t.Fatal("Should have failed to get user3 by LDAP AuthData")
 	}
 
+	auth3 := model.NewId()
+
 	// test a special case where two users will have conflicting login information so we throw a special error
 	u3 := &model.User{
 		Email:       model.NewId(),
 		Username:    model.NewId(),
 		AuthService: model.USER_AUTH_SERVICE_LDAP,
-		AuthData:    model.NewId(),
+		AuthData:    &auth3,
 	}
 	Must(store.User().Save(u3))
+
 	u4 := &model.User{
 		Email:       model.NewId(),
 		Username:    model.NewId(),
 		AuthService: model.USER_AUTH_SERVICE_LDAP,
-		AuthData:    u3.Username,
+		AuthData:    &u3.Username,
 	}
 	Must(store.User().Save(u4))
 
@@ -620,9 +630,9 @@ func TestUserStoreUpdateAuthData(t *testing.T) {
 	Must(store.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}))
 
 	service := "someservice"
-	authData := "1"
+	authData := model.NewId()
 
-	if err := (<-store.User().UpdateAuthData(u1.Id, service, authData, "")).Err; err != nil {
+	if err := (<-store.User().UpdateAuthData(u1.Id, service, &authData, "")).Err; err != nil {
 		t.Fatal(err)
 	}
 
@@ -633,7 +643,7 @@ func TestUserStoreUpdateAuthData(t *testing.T) {
 		if user.AuthService != service {
 			t.Fatal("AuthService was not updated correctly")
 		}
-		if user.AuthData != authData {
+		if *user.AuthData != authData {
 			t.Fatal("AuthData was not updated correctly")
 		}
 		if user.Password != "" {
diff --git a/store/store.go b/store/store.go
index 7801f78f9..37aafdd4a 100644
--- a/store/store.go
+++ b/store/store.go
@@ -126,7 +126,7 @@ type UserStore interface {
 	UpdateLastActivityAt(userId string, time int64) StoreChannel
 	UpdateUserAndSessionActivity(userId string, sessionId string, time int64) StoreChannel
 	UpdatePassword(userId, newPassword string) StoreChannel
-	UpdateAuthData(userId, service, authData, email string) StoreChannel
+	UpdateAuthData(userId string, service string, authData *string, email string) StoreChannel
 	UpdateMfaSecret(userId, secret string) StoreChannel
 	UpdateMfaActive(userId string, active bool) StoreChannel
 	Get(id string) StoreChannel
@@ -136,7 +136,7 @@ type UserStore interface {
 	GetDirectProfiles(userId string) StoreChannel
 	GetProfileByIds(userId []string) StoreChannel
 	GetByEmail(email string) StoreChannel
-	GetByAuth(authData string, authService string) StoreChannel
+	GetByAuth(authData *string, authService string) StoreChannel
 	GetByUsername(username string) StoreChannel
 	GetForLogin(loginId string, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled bool) StoreChannel
 	VerifyEmail(userId string) StoreChannel
author	Corey Hulen <corey@hulen.com>	2016-05-11 11:04:30 -0700
committer	Christopher Speller <crspeller@gmail.com>	2016-05-11 14:04:30 -0400
commit	3928535456f9fcb025ed86edeb4d258f2c524150 (patch)
tree	010f4bd298f23b92711affcdef81cc329c522e67 /store
parent	a574397a7256bed7738f499019f97ab468b5161d (diff)
download	chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.gz chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.bz2 chat-3928535456f9fcb025ed86edeb4d258f2c524150.zip