From e3ab0a4e3ddb4b1bfacd2b82073c4a48e58751d6 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Mon, 6 Jul 2015 11:20:40 -0800 Subject: team code review --- api/context.go | 1 + api/user.go | 11 ++++++----- model/user.go | 2 +- store/sql_user_store.go | 4 ++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/api/context.go b/api/context.go index 501e4e77f..bea0fbeff 100644 --- a/api/context.go +++ b/api/context.go @@ -84,6 +84,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { if forwardProto == "http" { l4g.Info("redirecting http request to https for %v", r.URL.Path) http.Redirect(w, r, "https://"+r.Host, http.StatusTemporaryRedirect) + return } else { protocol = "https" } diff --git a/api/user.go b/api/user.go index 292d2b61b..da6a24ab4 100644 --- a/api/user.go +++ b/api/user.go @@ -289,7 +289,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { if !model.ComparePassword(user.Password, props["password"]) { c.LogAuditWithUserId(user.Id, "fail") c.Err = model.NewAppError("login", "Login failed because of invalid password", extraInfo) - c.Err.StatusCode = http.StatusBadRequest + c.Err.StatusCode = http.StatusForbidden return } @@ -417,7 +417,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) id := params["id"] - if !c.HasPermissionsToUser(id, "getAudits") { + if !c.HasPermissionsToUser(id, "getSessions") { return } @@ -740,7 +740,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.HasPermissionsToUser(user.Id, "updateUsers") { + if !c.HasPermissionsToUser(user.Id, "updateUser") { return } @@ -813,12 +813,13 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { if !model.ComparePassword(user.Password, currentPassword) { c.Err = model.NewAppError("updatePassword", "Update password failed because of invalid password", "") - c.Err.StatusCode = http.StatusBadRequest + c.Err.StatusCode = http.StatusForbidden return } if uresult := <-Srv.Store.User().UpdatePassword(c.Session.UserId, model.HashPassword(newPassword)); uresult.Err != nil { - c.Err = uresult.Err + c.Err = model.NewAppError("updatePassword", "Update password failed", uresult.Err.Error()) + c.Err.StatusCode = http.StatusForbidden return } else { c.LogAudit("completed") diff --git a/model/user.go b/model/user.go index c516fae78..b94ceb899 100644 --- a/model/user.go +++ b/model/user.go @@ -198,7 +198,7 @@ func (u *User) Sanitize(options map[string]bool) { if len(options) != 0 && !options["phonenumber"] { // TODO - fill in when PhoneNumber is added to user model } - if len(options) != 0 && !options["passwordupadte"] { + if len(options) != 0 && !options["passwordupdate"] { u.LastPasswordUpdate = 0 } } diff --git a/store/sql_user_store.go b/store/sql_user_store.go index abb8f2781..776c4f8ac 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -95,7 +95,7 @@ func (us SqlUserStore) Save(user *model.User) StoreChannel { return storeChannel } -func (us SqlUserStore) Update(user *model.User, allowRoleActiveUpdate bool) StoreChannel { +func (us SqlUserStore) Update(user *model.User, allowActiveUpdate bool) StoreChannel { storeChannel := make(StoreChannel) @@ -125,7 +125,7 @@ func (us SqlUserStore) Update(user *model.User, allowRoleActiveUpdate bool) Stor user.LastPingAt = oldUser.LastPingAt user.EmailVerified = oldUser.EmailVerified - if !allowRoleActiveUpdate { + if !allowActiveUpdate { user.Roles = oldUser.Roles user.DeleteAt = oldUser.DeleteAt } -- cgit v1.2.3-1-g7c22