diff options
author | Corey Hulen <corey@hulen.com> | 2016-05-11 11:04:30 -0700 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2016-05-11 14:04:30 -0400 |
commit | 3928535456f9fcb025ed86edeb4d258f2c524150 (patch) | |
tree | 010f4bd298f23b92711affcdef81cc329c522e67 /store | |
parent | a574397a7256bed7738f499019f97ab468b5161d (diff) | |
download | chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.gz chat-3928535456f9fcb025ed86edeb4d258f2c524150.tar.bz2 chat-3928535456f9fcb025ed86edeb4d258f2c524150.zip |
PLT-2905 fixing upgrade of SSO accounts (#2962)
* PLT-2905 fixing upgrade of SSO accounts
* Fixing multiple Auths mapped to different emails
Diffstat (limited to 'store')
-rw-r--r-- | store/sql_user_store.go | 37 | ||||
-rw-r--r-- | store/sql_user_store_test.go | 34 | ||||
-rw-r--r-- | store/store.go | 4 |
3 files changed, 49 insertions, 26 deletions
diff --git a/store/sql_user_store.go b/store/sql_user_store.go index 974081a64..080d8d128 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -29,7 +29,7 @@ func NewSqlUserStore(sqlStore *SqlStore) UserStore { table.ColMap("Id").SetMaxSize(26) table.ColMap("Username").SetMaxSize(64).SetUnique(true) table.ColMap("Password").SetMaxSize(128) - table.ColMap("AuthData").SetMaxSize(128) + table.ColMap("AuthData").SetMaxSize(128).SetUnique(true) table.ColMap("AuthService").SetMaxSize(32) table.ColMap("Email").SetMaxSize(128).SetUnique(true) table.ColMap("Nickname").SetMaxSize(64) @@ -265,7 +265,7 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne updateAt := model.GetMillis() - if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, AuthData = '', AuthService = '', EmailVerified = true, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil { + if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, AuthData = NULL, AuthService = '', EmailVerified = true, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil { result.Err = model.NewLocAppError("SqlUserStore.UpdatePassword", "store.sql_user.update_password.app_error", nil, "id="+userId+", "+err.Error()) } else { result.Data = userId @@ -297,7 +297,7 @@ func (us SqlUserStore) UpdateFailedPasswordAttempts(userId string, attempts int) return storeChannel } -func (us SqlUserStore) UpdateAuthData(userId, service, authData, email string) StoreChannel { +func (us SqlUserStore) UpdateAuthData(userId string, service string, authData *string, email string) StoreChannel { storeChannel := make(StoreChannel) @@ -513,7 +513,8 @@ func (us SqlUserStore) GetAllProfiles() StoreChannel { for _, u := range users { u.Password = "" - u.AuthData = "" + u.AuthData = new(string) + *u.AuthData = "" userMap[u.Id] = u } @@ -564,7 +565,8 @@ func (us SqlUserStore) GetProfiles(teamId string) StoreChannel { for _, u := range users { u.Password = "" - u.AuthData = "" + u.AuthData = new(string) + *u.AuthData = "" userMap[u.Id] = u } @@ -623,7 +625,8 @@ func (us SqlUserStore) GetDirectProfiles(userId string) StoreChannel { for _, u := range users { u.Password = "" - u.AuthData = "" + u.AuthData = new(string) + *u.AuthData = "" userMap[u.Id] = u } @@ -665,7 +668,8 @@ func (us SqlUserStore) GetProfileByIds(userIds []string) StoreChannel { for _, u := range users { u.Password = "" - u.AuthData = "" + u.AuthData = new(string) + *u.AuthData = "" userMap[u.Id] = u } @@ -696,7 +700,8 @@ func (us SqlUserStore) GetSystemAdminProfiles() StoreChannel { for _, u := range users { u.Password = "" - u.AuthData = "" + u.AuthData = new(string) + *u.AuthData = "" userMap[u.Id] = u } @@ -734,20 +739,27 @@ func (us SqlUserStore) GetByEmail(email string) StoreChannel { return storeChannel } -func (us SqlUserStore) GetByAuth(authData string, authService string) StoreChannel { +func (us SqlUserStore) GetByAuth(authData *string, authService string) StoreChannel { storeChannel := make(StoreChannel) go func() { result := StoreResult{} + if authData == nil || *authData == "" { + result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", MISSING_AUTH_ACCOUNT_ERROR, nil, "authData='', authService="+authService) + storeChannel <- result + close(storeChannel) + return + } + user := model.User{} if err := us.GetReplica().SelectOne(&user, "SELECT * FROM Users WHERE AuthData = :AuthData AND AuthService = :AuthService", map[string]interface{}{"AuthData": authData, "AuthService": authService}); err != nil { if err == sql.ErrNoRows { - result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", MISSING_AUTH_ACCOUNT_ERROR, nil, "authData="+authData+", authService="+authService+", "+err.Error()) + result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", MISSING_AUTH_ACCOUNT_ERROR, nil, "authData="+*authData+", authService="+authService+", "+err.Error()) } else { - result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", "store.sql_user.get_by_auth.other.app_error", nil, "authData="+authData+", authService="+authService+", "+err.Error()) + result.Err = model.NewLocAppError("SqlUserStore.GetByAuth", "store.sql_user.get_by_auth.other.app_error", nil, "authData="+*authData+", authService="+authService+", "+err.Error()) } } @@ -857,7 +869,8 @@ func (us SqlUserStore) GetForExport(teamId string) StoreChannel { } else { for _, u := range users { u.Password = "" - u.AuthData = "" + u.AuthData = new(string) + *u.AuthData = "" } result.Data = users diff --git a/store/sql_user_store_test.go b/store/sql_user_store_test.go index b48da55f5..5c33ea0f1 100644 --- a/store/sql_user_store_test.go +++ b/store/sql_user_store_test.go @@ -458,9 +458,11 @@ func TestUserStoreGetByAuthData(t *testing.T) { teamId := model.NewId() + auth := "123" + model.NewId() + u1 := &model.User{} u1.Email = model.NewId() - u1.AuthData = "123" + model.NewId() + u1.AuthData = &auth u1.AuthService = "service" Must(store.User().Save(u1)) Must(store.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id})) @@ -469,7 +471,8 @@ func TestUserStoreGetByAuthData(t *testing.T) { t.Fatal(err) } - if err := (<-store.User().GetByAuth("", "")).Err; err == nil { + rauth := "" + if err := (<-store.User().GetByAuth(&rauth, "")).Err; err == nil { t.Fatal("Should have failed because of missing auth data") } } @@ -497,19 +500,23 @@ func TestUserStoreGetByUsername(t *testing.T) { func TestUserStoreGetForLogin(t *testing.T) { Setup() + auth := model.NewId() + u1 := &model.User{ Email: model.NewId(), Username: model.NewId(), AuthService: model.USER_AUTH_SERVICE_GITLAB, - AuthData: model.NewId(), + AuthData: &auth, } Must(store.User().Save(u1)) + auth2 := model.NewId() + u2 := &model.User{ Email: model.NewId(), Username: model.NewId(), AuthService: model.USER_AUTH_SERVICE_LDAP, - AuthData: model.NewId(), + AuthData: &auth2, } Must(store.User().Save(u2)) @@ -525,14 +532,14 @@ func TestUserStoreGetForLogin(t *testing.T) { t.Fatal("Should have gotten user1 by email") } - if result := <-store.User().GetForLogin(u2.AuthData, true, true, true); result.Err != nil { + if result := <-store.User().GetForLogin(*u2.AuthData, true, true, true); result.Err != nil { t.Fatal("Should have gotten user by LDAP AuthData", result.Err) } else if result.Data.(*model.User).Id != u2.Id { t.Fatal("Should have gotten user2 by LDAP AuthData") } // prevent getting user by AuthData when they're not an LDAP user - if result := <-store.User().GetForLogin(u1.AuthData, true, true, true); result.Err == nil { + if result := <-store.User().GetForLogin(*u1.AuthData, true, true, true); result.Err == nil { t.Fatal("Should not have gotten user by non-LDAP AuthData") } @@ -545,23 +552,26 @@ func TestUserStoreGetForLogin(t *testing.T) { t.Fatal("Should have failed to get user1 by email") } - if result := <-store.User().GetForLogin(u2.AuthData, true, true, false); result.Err == nil { + if result := <-store.User().GetForLogin(*u2.AuthData, true, true, false); result.Err == nil { t.Fatal("Should have failed to get user3 by LDAP AuthData") } + auth3 := model.NewId() + // test a special case where two users will have conflicting login information so we throw a special error u3 := &model.User{ Email: model.NewId(), Username: model.NewId(), AuthService: model.USER_AUTH_SERVICE_LDAP, - AuthData: model.NewId(), + AuthData: &auth3, } Must(store.User().Save(u3)) + u4 := &model.User{ Email: model.NewId(), Username: model.NewId(), AuthService: model.USER_AUTH_SERVICE_LDAP, - AuthData: u3.Username, + AuthData: &u3.Username, } Must(store.User().Save(u4)) @@ -620,9 +630,9 @@ func TestUserStoreUpdateAuthData(t *testing.T) { Must(store.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id})) service := "someservice" - authData := "1" + authData := model.NewId() - if err := (<-store.User().UpdateAuthData(u1.Id, service, authData, "")).Err; err != nil { + if err := (<-store.User().UpdateAuthData(u1.Id, service, &authData, "")).Err; err != nil { t.Fatal(err) } @@ -633,7 +643,7 @@ func TestUserStoreUpdateAuthData(t *testing.T) { if user.AuthService != service { t.Fatal("AuthService was not updated correctly") } - if user.AuthData != authData { + if *user.AuthData != authData { t.Fatal("AuthData was not updated correctly") } if user.Password != "" { diff --git a/store/store.go b/store/store.go index 7801f78f9..37aafdd4a 100644 --- a/store/store.go +++ b/store/store.go @@ -126,7 +126,7 @@ type UserStore interface { UpdateLastActivityAt(userId string, time int64) StoreChannel UpdateUserAndSessionActivity(userId string, sessionId string, time int64) StoreChannel UpdatePassword(userId, newPassword string) StoreChannel - UpdateAuthData(userId, service, authData, email string) StoreChannel + UpdateAuthData(userId string, service string, authData *string, email string) StoreChannel UpdateMfaSecret(userId, secret string) StoreChannel UpdateMfaActive(userId string, active bool) StoreChannel Get(id string) StoreChannel @@ -136,7 +136,7 @@ type UserStore interface { GetDirectProfiles(userId string) StoreChannel GetProfileByIds(userId []string) StoreChannel GetByEmail(email string) StoreChannel - GetByAuth(authData string, authService string) StoreChannel + GetByAuth(authData *string, authService string) StoreChannel GetByUsername(username string) StoreChannel GetForLogin(loginId string, allowSignInWithUsername, allowSignInWithEmail, ldapEnabled bool) StoreChannel VerifyEmail(userId string) StoreChannel |