mirror of
https://github.com/openziti/zrok.git
synced 2024-12-22 14:50:55 +01:00
controller logic respects store.Account.Deleted flag (#262)
This commit is contained in:
parent
a0e94330c7
commit
47fe0f546a
@ -3,7 +3,6 @@ package controller
|
|||||||
import (
|
import (
|
||||||
"github.com/go-openapi/runtime/middleware"
|
"github.com/go-openapi/runtime/middleware"
|
||||||
"github.com/openziti/zrok/controller/store"
|
"github.com/openziti/zrok/controller/store"
|
||||||
"github.com/openziti/zrok/rest_model_zrok"
|
|
||||||
"github.com/openziti/zrok/rest_server_zrok/operations/account"
|
"github.com/openziti/zrok/rest_server_zrok/operations/account"
|
||||||
"github.com/openziti/zrok/util"
|
"github.com/openziti/zrok/util"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
@ -19,7 +18,7 @@ func newInviteHandler(cfg *Config) *inviteHandler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (self *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
|
func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
|
||||||
if params.Body == nil || params.Body.Email == "" {
|
if params.Body == nil || params.Body.Email == "" {
|
||||||
logrus.Errorf("missing email")
|
logrus.Errorf("missing email")
|
||||||
return account.NewInviteBadRequest()
|
return account.NewInviteBadRequest()
|
||||||
@ -38,11 +37,11 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
|
|||||||
}
|
}
|
||||||
defer func() { _ = tx.Rollback() }()
|
defer func() { _ = tx.Rollback() }()
|
||||||
|
|
||||||
if self.cfg.Registration != nil && self.cfg.Registration.TokenStrategy == "store" {
|
if h.cfg.Registration != nil && h.cfg.Registration.TokenStrategy == "store" {
|
||||||
inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx)
|
inviteToken, err := str.GetInviteTokenByToken(params.Body.Token, tx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err)
|
logrus.Errorf("cannot get invite token '%v' for '%v': %v", params.Body.Token, params.Body.Email, err)
|
||||||
return account.NewInviteBadRequest().WithPayload(rest_model_zrok.ErrorMessage("Missing invite token"))
|
return account.NewInviteBadRequest().WithPayload("missing invite token")
|
||||||
}
|
}
|
||||||
if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil {
|
if err := str.DeleteInviteToken(inviteToken.Id, tx); err != nil {
|
||||||
logrus.Error(err)
|
logrus.Error(err)
|
||||||
@ -62,9 +61,10 @@ func (self *inviteHandler) Handle(params account.InviteParams) middleware.Respon
|
|||||||
SourceAddress: params.HTTPRequest.RemoteAddr,
|
SourceAddress: params.HTTPRequest.RemoteAddr,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// deleted accounts still exist as far as invites are concerned (ignore deleted flag)
|
||||||
if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
|
if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
|
||||||
logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
|
logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
|
||||||
return account.NewInviteBadRequest().WithPayload(rest_model_zrok.ErrorMessage("Duplicate email found"))
|
return account.NewInviteBadRequest().WithPayload("duplicate email found")
|
||||||
} else {
|
} else {
|
||||||
logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
|
logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,10 @@ func loginHandler(params account.LoginParams) middleware.Responder {
|
|||||||
logrus.Errorf("error finding account '%v': %v", params.Body.Email, err)
|
logrus.Errorf("error finding account '%v': %v", params.Body.Email, err)
|
||||||
return account.NewLoginUnauthorized()
|
return account.NewLoginUnauthorized()
|
||||||
}
|
}
|
||||||
|
if a.Deleted {
|
||||||
|
logrus.Errorf("account '%v' deleted", params.Body.Email)
|
||||||
|
return account.NewLoginUnauthorized()
|
||||||
|
}
|
||||||
hpwd, err := rehashPassword(params.Body.Password, a.Salt)
|
hpwd, err := rehashPassword(params.Body.Password, a.Salt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("error hashing password for '%v': %v", params.Body.Email, err)
|
logrus.Errorf("error hashing password for '%v': %v", params.Body.Email, err)
|
||||||
|
@ -37,6 +37,10 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams)
|
|||||||
logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err)
|
logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err)
|
||||||
return account.NewResetPasswordNotFound()
|
return account.NewResetPasswordNotFound()
|
||||||
}
|
}
|
||||||
|
if a.Deleted {
|
||||||
|
logrus.Errorf("account '%v' for '%v' deleted", a.Email, a.Token)
|
||||||
|
return account.NewResetPasswordNotFound()
|
||||||
|
}
|
||||||
hpwd, err := hashPassword(params.Body.Password)
|
hpwd, err := hashPassword(params.Body.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)
|
logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err)
|
||||||
|
@ -42,7 +42,11 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR
|
|||||||
|
|
||||||
a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx)
|
a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Infof("no account found for '%v': %v", params.Body.EmailAddress, err)
|
logrus.Errorf("no account found for '%v': %v", params.Body.EmailAddress, err)
|
||||||
|
return account.NewResetPasswordRequestInternalServerError()
|
||||||
|
}
|
||||||
|
if a.Deleted {
|
||||||
|
logrus.Errorf("account '%v' deleted", params.Body.EmailAddress)
|
||||||
return account.NewResetPasswordRequestInternalServerError()
|
return account.NewResetPasswordRequestInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Princi
|
|||||||
}
|
}
|
||||||
defer func() { _ = tx.Rollback() }()
|
defer func() { _ = tx.Rollback() }()
|
||||||
|
|
||||||
if a, err := str.FindAccountWithToken(token, tx); err == nil {
|
if a, err := str.FindAccountWithToken(token, tx); err == nil && !a.Deleted {
|
||||||
principal := &rest_model_zrok.Principal{
|
principal := &rest_model_zrok.Principal{
|
||||||
ID: int64(a.Id),
|
ID: int64(a.Id),
|
||||||
Token: a.Token,
|
Token: a.Token,
|
||||||
|
Loading…
Reference in New Issue
Block a user