From eb0111f6bbe2b0bf160a674dfe1b4d089f905cb9 Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Fri, 2 Sep 2016 12:24:20 -0400 Subject: Fixing SanitizeProfile (#3930) --- api/user.go | 29 ++++++++++++++++--------- api/user_test.go | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ model/user.go | 14 ++---------- 3 files changed, 87 insertions(+), 22 deletions(-) diff --git a/api/user.go b/api/user.go index b0d2c79b4..daa405ad4 100644 --- a/api/user.go +++ b/api/user.go @@ -898,8 +898,7 @@ func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) { profiles := dp.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } il.DirectProfiles = profiles @@ -974,8 +973,7 @@ func getProfilesForDirectMessageList(c *Context, w http.ResponseWriter, r *http. profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, false, false) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Write([]byte(model.UserMapToJson(profiles))) @@ -1004,8 +1002,7 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Header().Set(model.HEADER_ETAG_SERVER, etag) @@ -1026,8 +1023,7 @@ func getDirectProfiles(c *Context, w http.ResponseWriter, r *http.Request) { profiles := result.Data.(map[string]*model.User) for k, p := range profiles { - p.SanitizeProfile(c.IsSystemAdmin(), false, true, true) - profiles[k] = p + profiles[k] = sanitizeProfile(c, p) } w.Header().Set(model.HEADER_ETAG_SERVER, etag) @@ -1276,7 +1272,7 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { l4g.Error(utils.T("api.user.get_me.getting.error"), c.Session.UserId) } else { user := result.Data.(*model.User) - user.SanitizeProfile(c.IsSystemAdmin(), false, true, true) + user = sanitizeProfile(c, user) message := model.NewWebSocketEvent("", "", c.Session.UserId, model.WEBSOCKET_EVENT_USER_UPDATED) message.Add("user", user) go Publish(message) @@ -1326,7 +1322,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } updatedUser := rusers[0] - updatedUser.SanitizeProfile(c.IsSystemAdmin(), false, true, true) + updatedUser = sanitizeProfile(c, updatedUser) message := model.NewWebSocketEvent("", "", user.Id, model.WEBSOCKET_EVENT_USER_UPDATED) message.Add("user", updatedUser) @@ -2567,3 +2563,16 @@ func userTyping(req *model.WebSocketRequest) (map[string]interface{}, *model.App return nil, nil } + +func sanitizeProfile(c *Context, user *model.User) *model.User { + options := utils.Cfg.GetSanitizeOptions() + + if c.IsSystemAdmin() { + options["email"] = true + options["fullname"] = true + } + + user.SanitizeProfile(options) + + return user +} diff --git a/api/user_test.go b/api/user_test.go index 1b6662269..5e8d6d54f 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -434,6 +434,13 @@ func TestGetDirectProfiles(t *testing.T) { th.BasicClient.Must(th.BasicClient.CreateDirectChannel(th.BasicUser2.Id)) + prevShowEmail := utils.Cfg.PrivacySettings.ShowEmailAddress + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = prevShowEmail + }() + + utils.Cfg.PrivacySettings.ShowEmailAddress = true + if result, err := th.BasicClient.GetDirectProfiles(""); err != nil { t.Fatal(err) } else { @@ -446,6 +453,34 @@ func TestGetDirectProfiles(t *testing.T) { if users[th.BasicUser2.Id] == nil { t.Fatal("missing expected user") } + + for _, user := range users { + if user.Email == "" { + t.Fatal("problem with show email") + } + } + } + + utils.Cfg.PrivacySettings.ShowEmailAddress = false + + if result, err := th.BasicClient.GetDirectProfiles(""); err != nil { + t.Fatal(err) + } else { + users := result.Data.(map[string]*model.User) + + if len(users) != 1 { + t.Fatal("map was wrong length") + } + + if users[th.BasicUser2.Id] == nil { + t.Fatal("missing expected user") + } + + for _, user := range users { + if user.Email != "" { + t.Fatal("problem with show email") + } + } } } @@ -454,6 +489,13 @@ func TestGetProfilesForDirectMessageList(t *testing.T) { th.BasicClient.Must(th.BasicClient.CreateDirectChannel(th.BasicUser2.Id)) + prevShowEmail := utils.Cfg.PrivacySettings.ShowEmailAddress + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = prevShowEmail + }() + + utils.Cfg.PrivacySettings.ShowEmailAddress = true + if result, err := th.BasicClient.GetProfilesForDirectMessageList(th.BasicTeam.Id); err != nil { t.Fatal(err) } else { @@ -462,6 +504,30 @@ func TestGetProfilesForDirectMessageList(t *testing.T) { if len(users) < 1 { t.Fatal("map was wrong length") } + + for _, user := range users { + if user.Email == "" { + t.Fatal("problem with show email") + } + } + } + + utils.Cfg.PrivacySettings.ShowEmailAddress = false + + if result, err := th.BasicClient.GetProfilesForDirectMessageList(th.BasicTeam.Id); err != nil { + t.Fatal(err) + } else { + users := result.Data.(map[string]*model.User) + + if len(users) < 1 { + t.Fatal("map was wrong length") + } + + for _, user := range users { + if user.Email != "" { + t.Fatal("problem with show email") + } + } } } diff --git a/model/user.go b/model/user.go index b0c30619c..8917658df 100644 --- a/model/user.go +++ b/model/user.go @@ -250,18 +250,8 @@ func (u *User) ClearNonProfileFields() { u.FailedAttempts = 0 } -func (u *User) SanitizeProfile(isSystemAdmin, pwdupdate, fullname, email bool) { - options := map[string]bool{} - options["passwordupdate"] = pwdupdate - - if isSystemAdmin { - options["fullname"] = true - options["email"] = true - } else { - options["fullname"] = fullname - options["email"] = email - u.ClearNonProfileFields() - } +func (u *User) SanitizeProfile(options map[string]bool) { + u.ClearNonProfileFields() u.Sanitize(options) } -- cgit v1.2.3-1-g7c22