diff options
author | Corey Hulen <corey@hulen.com> | 2015-08-02 09:17:37 -0800 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2015-08-02 09:17:37 -0800 |
commit | 4d1562c5de377741734a0ad4e8eb30a83d301262 (patch) | |
tree | 74d1d7821b3863231c2d9429b6ccb48728661b30 /store | |
parent | adc8def9e06a7908d5f092088922dc26cbb277df (diff) | |
parent | d93bf60248f066542d0851a7b6847f925975d77f (diff) | |
download | chat-4d1562c5de377741734a0ad4e8eb30a83d301262.tar.gz chat-4d1562c5de377741734a0ad4e8eb30a83d301262.tar.bz2 chat-4d1562c5de377741734a0ad4e8eb30a83d301262.zip |
Merge pull request #273 from mattermost/mm-1355
Fixes mm-1355 adds rate limiting apis
Diffstat (limited to 'store')
-rw-r--r-- | store/sql_user_store.go | 24 | ||||
-rw-r--r-- | store/sql_user_store_test.go | 22 | ||||
-rw-r--r-- | store/store.go | 1 |
3 files changed, 46 insertions, 1 deletions
diff --git a/store/sql_user_store.go b/store/sql_user_store.go index 552d12843..37d31a5f2 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -59,6 +59,8 @@ func (us SqlUserStore) UpgradeSchemaIfNeeded() { } us.CreateColumnIfNotExists("Users", "AuthService", "AuthData", "varchar(32)", "") // for OAuth Client + + us.CreateColumnIfNotExists("Users", "FailedAttempts", "FailedAttempts", "int(11)", "0") } //func (ss SqlStore) CreateColumnIfNotExists(tableName string, columnName string, afterName string, colType string, defaultValue string) bool { @@ -150,6 +152,7 @@ func (us SqlUserStore) Update(user *model.User, allowActiveUpdate bool) StoreCha user.LastActivityAt = oldUser.LastActivityAt user.LastPingAt = oldUser.LastPingAt user.EmailVerified = oldUser.EmailVerified + user.FailedAttempts = oldUser.FailedAttempts if !allowActiveUpdate { user.Roles = oldUser.Roles @@ -271,7 +274,7 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne updateAt := model.GetMillis() - if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil { + if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil { result.Err = model.NewAppError("SqlUserStore.UpdatePassword", "We couldn't update the user password", "id="+userId+", "+err.Error()) } else { result.Data = userId @@ -284,6 +287,25 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne return storeChannel } +func (us SqlUserStore) UpdateFailedPasswordAttempts(userId string, attempts int) StoreChannel { + storeChannel := make(StoreChannel) + + go func() { + result := StoreResult{} + + if _, err := us.GetMaster().Exec("UPDATE Users SET FailedAttempts = :FailedAttempts WHERE Id = :UserId", map[string]interface{}{"FailedAttempts": attempts, "UserId": userId}); err != nil { + result.Err = model.NewAppError("SqlUserStore.UpdateFailedPasswordAttempts", "We couldn't update the failed_attempts", "user_id="+userId) + } else { + result.Data = userId + } + + storeChannel <- result + close(storeChannel) + }() + + return storeChannel +} + func (us SqlUserStore) Get(id string) StoreChannel { storeChannel := make(StoreChannel) diff --git a/store/sql_user_store_test.go b/store/sql_user_store_test.go index 1f94021b2..ddd7e5bb8 100644 --- a/store/sql_user_store_test.go +++ b/store/sql_user_store_test.go @@ -128,6 +128,28 @@ func TestUserStoreUpdateLastActivityAt(t *testing.T) { } +func TestUserStoreUpdateFailedPasswordAttempts(t *testing.T) { + Setup() + + u1 := model.User{} + u1.TeamId = model.NewId() + u1.Email = model.NewId() + Must(store.User().Save(&u1)) + + if err := (<-store.User().UpdateFailedPasswordAttempts(u1.Id, 3)).Err; err != nil { + t.Fatal(err) + } + + if r1 := <-store.User().Get(u1.Id); r1.Err != nil { + t.Fatal(r1.Err) + } else { + if r1.Data.(*model.User).FailedAttempts != 3 { + t.Fatal("LastActivityAt not updated correctly") + } + } + +} + func TestUserStoreUpdateUserAndSessionActivity(t *testing.T) { Setup() diff --git a/store/store.go b/store/store.go index fac3a5bdb..0934fe84b 100644 --- a/store/store.go +++ b/store/store.go @@ -89,6 +89,7 @@ type UserStore interface { GetByUsername(teamId string, username string) StoreChannel VerifyEmail(userId string) StoreChannel GetEtagForProfiles(teamId string) StoreChannel + UpdateFailedPasswordAttempts(userId string, attempts int) StoreChannel } type SessionStore interface { |