From 9677a9f71777d75f3def0b0cb238050a30ec6a67 Mon Sep 17 00:00:00 2001
From: =Corey Hulen <corey@hulen.com>
Date: Wed, 29 Jul 2015 01:26:10 -0800
Subject: Fixes mm-1355 adds rate limiting apis

---
 store/sql_user_store.go | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'store/sql_user_store.go')

diff --git a/store/sql_user_store.go b/store/sql_user_store.go
index 0228fa308..150b3147a 100644
--- a/store/sql_user_store.go
+++ b/store/sql_user_store.go
@@ -59,6 +59,8 @@ func (us SqlUserStore) UpgradeSchemaIfNeeded() {
 	}
 
 	us.CreateColumnIfNotExists("Users", "AuthService", "AuthData", "varchar(32)", "") // for OAuth Client
+
+	us.CreateColumnIfNotExists("Users", "FailedAttempts", "FailedAttempts", "int(11)", "0")
 }
 
 //func (ss SqlStore) CreateColumnIfNotExists(tableName string, columnName string, afterName string, colType string, defaultValue string) bool {
@@ -150,6 +152,7 @@ func (us SqlUserStore) Update(user *model.User, allowActiveUpdate bool) StoreCha
 			user.LastActivityAt = oldUser.LastActivityAt
 			user.LastPingAt = oldUser.LastPingAt
 			user.EmailVerified = oldUser.EmailVerified
+			user.FailedAttempts = oldUser.FailedAttempts
 
 			if !allowActiveUpdate {
 				user.Roles = oldUser.Roles
@@ -265,7 +268,7 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne
 
 		updateAt := model.GetMillis()
 
-		if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil {
+		if _, err := us.GetMaster().Exec("UPDATE Users SET Password = :Password, LastPasswordUpdate = :LastPasswordUpdate, UpdateAt = :UpdateAt, FailedAttempts = 0 WHERE Id = :UserId", map[string]interface{}{"Password": hashedPassword, "LastPasswordUpdate": updateAt, "UpdateAt": updateAt, "UserId": userId}); err != nil {
 			result.Err = model.NewAppError("SqlUserStore.UpdatePassword", "We couldn't update the user password", "id="+userId+", "+err.Error())
 		} else {
 			result.Data = userId
@@ -278,6 +281,25 @@ func (us SqlUserStore) UpdatePassword(userId, hashedPassword string) StoreChanne
 	return storeChannel
 }
 
+func (us SqlUserStore) UpdateFailedPasswordAttempts(userId string, attempts int) StoreChannel {
+	storeChannel := make(StoreChannel)
+
+	go func() {
+		result := StoreResult{}
+
+		if _, err := us.GetMaster().Exec("UPDATE Users SET FailedAttempts = :FailedAttempts WHERE Id = :UserId", map[string]interface{}{"FailedAttempts": attempts, "UserId": userId}); err != nil {
+			result.Err = model.NewAppError("SqlUserStore.UpdateFailedPasswordAttempts", "We couldn't update the failed_attempts", "user_id="+userId)
+		} else {
+			result.Data = userId
+		}
+
+		storeChannel <- result
+		close(storeChannel)
+	}()
+
+	return storeChannel
+}
+
 func (us SqlUserStore) Get(id string) StoreChannel {
 
 	storeChannel := make(StoreChannel)
-- 
cgit v1.2.3-1-g7c22