extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-12-22 06:40:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

controller logic respects store.Account.Deleted flag (#262)

Browse Source
This commit is contained in:
Michael Quigley 2023-03-09 15:18:26 -05:00
parent a0e94330c7
commit 47fe0f546a
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
5 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
controller/invite.go
View File

@ -3,7 +3,6 @@ package controller
import (
"github.com/go-openapi/runtime/middleware"
"github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/account"
"github.com/openziti/zrok/util"
"github.com/sirupsen/logrus"
@ -19,7 +18,7 @@ func newInviteHandler(cfg *Config) *inviteHandler {
}
}
func (self *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
if params.Body == nil || params.Body.Email == "" {
logrus.Errorf("missing email")
return account.NewInviteBadRequest()
@ -38,11 +37,11 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
}
defer func() { _ = tx.Rollback() }()
if self.cfg.Registration != nil && self.cfg.Registration.TokenStrategy == "store" {
if h.cfg.Registration != nil && h.cfg.Registration.TokenStrategy == "store" {
inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx)
if err != nil {
logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err)
return account.NewInviteBadRequest().WithPayload(rest_model_zrok.ErrorMessage("Missing invite token"))
return account.NewInviteBadRequest().WithPayload("missing invite token")
}
if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil {
logrus.Error(err)
@ -62,9 +61,10 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
SourceAddress: params.HTTPRequest.RemoteAddr,
}
// deleted accounts still exist as far as invites are concerned (ignore deleted flag)
if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
return account.NewInviteBadRequest().WithPayload(rest_model_zrok.ErrorMessage("Duplicate email found"))
return account.NewInviteBadRequest().WithPayload("duplicate email found")
} else {
logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
}

4
controller/login.go
View File

@ -26,6 +26,10 @@ func loginHandler(params account.LoginParams) middleware.Responder {
logrus.Errorf("error finding account '%v': %v", params.Body.Email, err)
return account.NewLoginUnauthorized()
}
if a.Deleted {
logrus.Errorf("account '%v' deleted", params.Body.Email)
return account.NewLoginUnauthorized()
}
hpwd, err := rehashPassword(params.Body.Password, a.Salt)
if err != nil {
logrus.Errorf("error hashing password for '%v': %v", params.Body.Email, err)

4
controller/resetPassword.go
View File

@ -37,6 +37,10 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams)
logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err)
return account.NewResetPasswordNotFound()
}
if a.Deleted {
logrus.Errorf("account '%v' for '%v' deleted", a.Email, a.Token)
return account.NewResetPasswordNotFound()
}
hpwd, err := hashPassword(params.Body.Password)
if err != nil {
logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)

6
controller/resetPasswordRequest.go
View File

@ -42,7 +42,11 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx)
if err != nil {
logrus.Infof("no account found for '%v': %v", params.Body.EmailAddress, err)
logrus.Errorf("no account found for '%v': %v", params.Body.EmailAddress, err)
return account.NewResetPasswordRequestInternalServerError()
}
if a.Deleted {
logrus.Errorf("account '%v' deleted", params.Body.EmailAddress)
return account.NewResetPasswordRequestInternalServerError()
}

2
controller/util.go
View File

@ -25,7 +25,7 @@ func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Princi
}
defer func() { _ = tx.Rollback() }()
if a, err := str.FindAccountWithToken(token, tx); err == nil {
if a, err := str.FindAccountWithToken(token, tx); err == nil && !a.Deleted {
principal := &rest_model_zrok.Principal{
ID: int64(a.Id),
Token: a.Token,