controller logic respects store.Account.Deleted flag (#262)

This commit is contained in:
Michael Quigley 2023-03-09 15:18:26 -05:00
parent a0e94330c7
commit 47fe0f546a
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
5 changed files with 19 additions and 7 deletions

View File

@ -3,7 +3,6 @@ package controller
import ( import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/openziti/zrok/controller/store" "github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/account" "github.com/openziti/zrok/rest_server_zrok/operations/account"
"github.com/openziti/zrok/util" "github.com/openziti/zrok/util"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
@ -19,7 +18,7 @@ func newInviteHandler(cfg *Config) *inviteHandler {
} }
} }
func (self *inviteHandler) Handle(params account.InviteParams) middleware.Responder { func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
if params.Body == nil || params.Body.Email == "" { if params.Body == nil || params.Body.Email == "" {
logrus.Errorf("missing email") logrus.Errorf("missing email")
return account.NewInviteBadRequest() return account.NewInviteBadRequest()
@ -38,11 +37,11 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
if self.cfg.Registration != nil && self.cfg.Registration.TokenStrategy == "store" { if h.cfg.Registration != nil && h.cfg.Registration.TokenStrategy == "store" {
inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx) inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx)
if err != nil { if err != nil {
logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err) logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err)
return account.NewInviteBadRequest().WithPayload(rest_model_zrok.ErrorMessage("Missing invite token")) return account.NewInviteBadRequest().WithPayload("missing invite token")
} }
if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil { if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil {
logrus.Error(err) logrus.Error(err)
@ -62,9 +61,10 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
SourceAddress: params.HTTPRequest.RemoteAddr, SourceAddress: params.HTTPRequest.RemoteAddr,
} }
// deleted accounts still exist as far as invites are concerned (ignore deleted flag)
if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil { if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email) logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
return account.NewInviteBadRequest().WithPayload(rest_model_zrok.ErrorMessage("Duplicate email found")) return account.NewInviteBadRequest().WithPayload("duplicate email found")
} else { } else {
logrus.Infof("no account found for '%v': %v", params.Body.Email, err) logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
} }

View File

@ -26,6 +26,10 @@ func loginHandler(params account.LoginParams) middleware.Responder {
logrus.Errorf("error finding account '%v': %v", params.Body.Email, err) logrus.Errorf("error finding account '%v': %v", params.Body.Email, err)
return account.NewLoginUnauthorized() return account.NewLoginUnauthorized()
} }
if a.Deleted {
logrus.Errorf("account '%v' deleted", params.Body.Email)
return account.NewLoginUnauthorized()
}
hpwd, err := rehashPassword(params.Body.Password, a.Salt) hpwd, err := rehashPassword(params.Body.Password, a.Salt)
if err != nil { if err != nil {
logrus.Errorf("error hashing password for '%v': %v", params.Body.Email, err) logrus.Errorf("error hashing password for '%v': %v", params.Body.Email, err)

View File

@ -37,6 +37,10 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams)
logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err) logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err)
return account.NewResetPasswordNotFound() return account.NewResetPasswordNotFound()
} }
if a.Deleted {
logrus.Errorf("account '%v' for '%v' deleted", a.Email, a.Token)
return account.NewResetPasswordNotFound()
}
hpwd, err := hashPassword(params.Body.Password) hpwd, err := hashPassword(params.Body.Password)
if err != nil { if err != nil {
logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err) logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)

View File

@ -42,7 +42,11 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx) a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx)
if err != nil { if err != nil {
logrus.Infof("no account found for '%v': %v", params.Body.EmailAddress, err) logrus.Errorf("no account found for '%v': %v", params.Body.EmailAddress, err)
return account.NewResetPasswordRequestInternalServerError()
}
if a.Deleted {
logrus.Errorf("account '%v' deleted", params.Body.EmailAddress)
return account.NewResetPasswordRequestInternalServerError() return account.NewResetPasswordRequestInternalServerError()
} }

View File

@ -25,7 +25,7 @@ func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Princi
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
if a, err := str.FindAccountWithToken(token, tx); err == nil { if a, err := str.FindAccountWithToken(token, tx); err == nil && !a.Deleted {
principal := &rest_model_zrok.Principal{ principal := &rest_model_zrok.Principal{
ID: int64(a.Id), ID: int64(a.Id),
Token: a.Token, Token: a.Token,