Use db sessions everywere (#750)
Fix lint Fix lint Fix loading tasks with search Fix loading lists Fix loading task Fix loading lists and namespaces Fix tests Fix user commands Fix upload Fix migration handlers Fix all manual root handlers Fix session in avatar Fix session in list duplication & routes Use sessions in migration code Make sure the openid stuff uses a session Add alias for db type in db package Use sessions for file Use a session for everything in users Use a session for everything in users Make sure to use a session everywhere in models Create new session from db Add session handling for user list Add session handling for unsplash Add session handling for teams and related Add session handling for tasks and related entities Add session handling for task reminders Add session handling for task relations Add session handling for task comments Add session handling for task collections Add session handling for task attachments Add session handling for task assignees Add session handling for saved filters Add session handling for namespace and related types Add session handling for namespace and related types Add session handling for list users Add session handling for list tests Add session handling to list teams and related entities Add session handling for link shares and related entities Add session handling for labels and related entities Add session handling for kanban and related entities Add session handling for bulk task and related entities Add session handling for lists and related entities Add session configuration for web handler Update web handler Co-authored-by: kolaente <k@knt.li> Reviewed-on: https://kolaente.dev/vikunja/api/pulls/750 Co-Authored-By: konrad <konrad@kola-entertainments.de> Co-Committed-By: konrad <konrad@kola-entertainments.de>
This commit is contained in:
konrad
@ -20,20 +20,10 @@ package user
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
var x *xorm.Engine
|
||||
|
||||
// InitDB sets up the database connection to use in this module
|
||||
func InitDB() (err error) {
|
||||
x, err = db.CreateDBEngine()
|
||||
if err != nil {
|
||||
log.Criticalf("Could not connect to db: %v", err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// Cache
|
||||
if config.CacheEnabled.GetBool() && config.CacheType.GetString() == "redis" {
|
||||
db.RegisterTableStructsForCache(GetTables())
|
||||
|
||||
@ -24,8 +24,7 @@ import (
|
||||
|
||||
// InitTests handles the actual bootstrapping of the test env
|
||||
func InitTests() {
|
||||
var err error
|
||||
x, err = db.CreateTestEngine()
|
||||
x, err := db.CreateTestEngine()
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
@ -19,6 +19,8 @@ package user
|
||||
import (
|
||||
"image"
|
||||
|
||||
"xorm.io/xorm"
|
||||
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"github.com/pquerna/otp"
|
||||
"github.com/pquerna/otp/totp"
|
||||
@ -47,19 +49,19 @@ type TOTPPasscode struct {
|
||||
}
|
||||
|
||||
// TOTPEnabledForUser checks if totp is enabled for a user - not if it is activated, use GetTOTPForUser to check that.
|
||||
func TOTPEnabledForUser(user *User) (bool, error) {
|
||||
func TOTPEnabledForUser(s *xorm.Session, user *User) (bool, error) {
|
||||
if !config.ServiceEnableTotp.GetBool() {
|
||||
return false, nil
|
||||
}
|
||||
t := &TOTP{}
|
||||
_, err := x.Where("user_id = ?", user.ID).Get(t)
|
||||
_, err := s.Where("user_id = ?", user.ID).Get(t)
|
||||
return t.Enabled, err
|
||||
}
|
||||
|
||||
// GetTOTPForUser returns the current state of totp settings for the user.
|
||||
func GetTOTPForUser(user *User) (t *TOTP, err error) {
|
||||
func GetTOTPForUser(s *xorm.Session, user *User) (t *TOTP, err error) {
|
||||
t = &TOTP{}
|
||||
exists, err := x.Where("user_id = ?", user.ID).Get(t)
|
||||
exists, err := s.Where("user_id = ?", user.ID).Get(t)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -71,8 +73,8 @@ func GetTOTPForUser(user *User) (t *TOTP, err error) {
|
||||
}
|
||||
|
||||
// EnrollTOTP creates a new TOTP entry for the user - it does not enable it yet.
|
||||
func EnrollTOTP(user *User) (t *TOTP, err error) {
|
||||
isEnrolled, err := x.Where("user_id = ?", user.ID).Exist(&TOTP{})
|
||||
func EnrollTOTP(s *xorm.Session, user *User) (t *TOTP, err error) {
|
||||
isEnrolled, err := s.Where("user_id = ?", user.ID).Exist(&TOTP{})
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -94,18 +96,18 @@ func EnrollTOTP(user *User) (t *TOTP, err error) {
|
||||
Enabled: false,
|
||||
URL: key.URL(),
|
||||
}
|
||||
_, err = x.Insert(t)
|
||||
_, err = s.Insert(t)
|
||||
return
|
||||
}
|
||||
|
||||
// EnableTOTP enables totp for a user. The provided passcode is used to verify the user has a working totp setup.
|
||||
func EnableTOTP(passcode *TOTPPasscode) (err error) {
|
||||
t, err := ValidateTOTPPasscode(passcode)
|
||||
func EnableTOTP(s *xorm.Session, passcode *TOTPPasscode) (err error) {
|
||||
t, err := ValidateTOTPPasscode(s, passcode)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
_, err = x.
|
||||
_, err = s.
|
||||
Where("id = ?", t.ID).
|
||||
Cols("enabled").
|
||||
Update(&TOTP{Enabled: true})
|
||||
@ -113,14 +115,16 @@ func EnableTOTP(passcode *TOTPPasscode) (err error) {
|
||||
}
|
||||
|
||||
// DisableTOTP removes all totp settings for a user.
|
||||
func DisableTOTP(user *User) (err error) {
|
||||
_, err = x.Where("user_id = ?", user.ID).Delete(&TOTP{})
|
||||
func DisableTOTP(s *xorm.Session, user *User) (err error) {
|
||||
_, err = s.
|
||||
Where("user_id = ?", user.ID).
|
||||
Delete(&TOTP{})
|
||||
return
|
||||
}
|
||||
|
||||
// ValidateTOTPPasscode validated totp codes of users.
|
||||
func ValidateTOTPPasscode(passcode *TOTPPasscode) (t *TOTP, err error) {
|
||||
t, err = GetTOTPForUser(passcode.User)
|
||||
func ValidateTOTPPasscode(s *xorm.Session, passcode *TOTPPasscode) (t *TOTP, err error) {
|
||||
t, err = GetTOTPForUser(s, passcode.User)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -133,8 +137,8 @@ func ValidateTOTPPasscode(passcode *TOTPPasscode) (t *TOTP, err error) {
|
||||
}
|
||||
|
||||
// GetTOTPQrCodeForUser returns a qrcode for a user's totp setting
|
||||
func GetTOTPQrCodeForUser(user *User) (qrcode image.Image, err error) {
|
||||
t, err := GetTOTPForUser(user)
|
||||
func GetTOTPQrCodeForUser(s *xorm.Session, user *User) (qrcode image.Image, err error) {
|
||||
t, err := GetTOTPForUser(s, user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -20,6 +20,7 @@ import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/mail"
|
||||
"code.vikunja.io/api/pkg/utils"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
// EmailUpdate is the data structure to update a user's email address
|
||||
@ -32,11 +33,11 @@ type EmailUpdate struct {
|
||||
}
|
||||
|
||||
// UpdateEmail lets a user update their email address
|
||||
func UpdateEmail(update *EmailUpdate) (err error) {
|
||||
func UpdateEmail(s *xorm.Session, update *EmailUpdate) (err error) {
|
||||
|
||||
// Check the email is not already used
|
||||
user := &User{}
|
||||
has, err := x.Where("email = ?", update.NewEmail).Get(user)
|
||||
has, err := s.Where("email = ?", update.NewEmail).Get(user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -46,7 +47,7 @@ func UpdateEmail(update *EmailUpdate) (err error) {
|
||||
}
|
||||
|
||||
// Set the user as unconfirmed and the new email address
|
||||
update.User, err = GetUserWithEmail(&User{ID: update.User.ID})
|
||||
update.User, err = GetUserWithEmail(s, &User{ID: update.User.ID})
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -54,7 +55,7 @@ func UpdateEmail(update *EmailUpdate) (err error) {
|
||||
update.User.IsActive = false
|
||||
update.User.Email = update.NewEmail
|
||||
update.User.EmailConfirmToken = utils.MakeRandomString(64)
|
||||
_, err = x.
|
||||
_, err = s.
|
||||
Where("id = ?", update.User.ID).
|
||||
Cols("email", "is_active", "email_confirm_token").
|
||||
Update(update.User)
|
||||
|
||||
@ -23,6 +23,8 @@ import (
|
||||
"reflect"
|
||||
"time"
|
||||
|
||||
"xorm.io/xorm"
|
||||
|
||||
"code.vikunja.io/web"
|
||||
"github.com/dgrijalva/jwt-go"
|
||||
"github.com/labstack/echo/v4"
|
||||
@ -116,38 +118,33 @@ func (apiUser *APIUserPassword) APIFormat() *User {
|
||||
}
|
||||
|
||||
// GetUserByID gets informations about a user by its ID
|
||||
func GetUserByID(id int64) (user *User, err error) {
|
||||
func GetUserByID(s *xorm.Session, id int64) (user *User, err error) {
|
||||
// Apparently xorm does otherwise look for all users but return only one, which leads to returing one even if the ID is 0
|
||||
if id < 1 {
|
||||
return &User{}, ErrUserDoesNotExist{}
|
||||
}
|
||||
|
||||
return GetUser(&User{ID: id})
|
||||
return getUser(s, &User{ID: id}, false)
|
||||
}
|
||||
|
||||
// GetUserByUsername gets a user from its user name. This is an extra function to be able to add an extra error check.
|
||||
func GetUserByUsername(username string) (user *User, err error) {
|
||||
func GetUserByUsername(s *xorm.Session, username string) (user *User, err error) {
|
||||
if username == "" {
|
||||
return &User{}, ErrUserDoesNotExist{}
|
||||
}
|
||||
|
||||
return GetUser(&User{Username: username})
|
||||
}
|
||||
|
||||
// GetUser gets a user object
|
||||
func GetUser(user *User) (userOut *User, err error) {
|
||||
return getUser(user, false)
|
||||
return getUser(s, &User{Username: username}, false)
|
||||
}
|
||||
|
||||
// GetUserWithEmail returns a user object with email
|
||||
func GetUserWithEmail(user *User) (userOut *User, err error) {
|
||||
return getUser(user, true)
|
||||
func GetUserWithEmail(s *xorm.Session, user *User) (userOut *User, err error) {
|
||||
return getUser(s, user, true)
|
||||
}
|
||||
|
||||
// GetUsersByIDs returns a map of users from a slice of user ids
|
||||
func GetUsersByIDs(userIDs []int64) (users map[int64]*User, err error) {
|
||||
func GetUsersByIDs(s *xorm.Session, userIDs []int64) (users map[int64]*User, err error) {
|
||||
users = make(map[int64]*User)
|
||||
err = x.In("id", userIDs).Find(&users)
|
||||
err = s.In("id", userIDs).Find(&users)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -161,10 +158,10 @@ func GetUsersByIDs(userIDs []int64) (users map[int64]*User, err error) {
|
||||
}
|
||||
|
||||
// getUser is a small helper function to avoid having duplicated code for almost the same use case
|
||||
func getUser(user *User, withEmail bool) (userOut *User, err error) {
|
||||
func getUser(s *xorm.Session, user *User, withEmail bool) (userOut *User, err error) {
|
||||
userOut = &User{} // To prevent a panic if user is nil
|
||||
*userOut = *user
|
||||
exists, err := x.Get(userOut)
|
||||
exists, err := s.Get(userOut)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -179,9 +176,9 @@ func getUser(user *User, withEmail bool) (userOut *User, err error) {
|
||||
return userOut, err
|
||||
}
|
||||
|
||||
func getUserByUsernameOrEmail(usernameOrEmail string) (u *User, err error) {
|
||||
func getUserByUsernameOrEmail(s *xorm.Session, usernameOrEmail string) (u *User, err error) {
|
||||
u = &User{}
|
||||
exists, err := x.
|
||||
exists, err := s.
|
||||
Where("username = ? OR email = ?", usernameOrEmail, usernameOrEmail).
|
||||
Get(u)
|
||||
if err != nil {
|
||||
@ -196,14 +193,14 @@ func getUserByUsernameOrEmail(usernameOrEmail string) (u *User, err error) {
|
||||
}
|
||||
|
||||
// CheckUserCredentials checks user credentials
|
||||
func CheckUserCredentials(u *Login) (*User, error) {
|
||||
func CheckUserCredentials(s *xorm.Session, u *Login) (*User, error) {
|
||||
// Check if we have any credentials
|
||||
if u.Password == "" || u.Username == "" {
|
||||
return nil, ErrNoUsernamePassword{}
|
||||
}
|
||||
|
||||
// Check if the user exists
|
||||
user, err := getUserByUsernameOrEmail(u.Username)
|
||||
user, err := getUserByUsernameOrEmail(s, u.Username)
|
||||
if err != nil {
|
||||
// hashing the password takes a long time, so we hash something to not make it clear if the username was wrong
|
||||
_, _ = bcrypt.GenerateFromPassword([]byte(u.Username), 14)
|
||||
@ -261,10 +258,10 @@ func GetUserFromClaims(claims jwt.MapClaims) (user *User, err error) {
|
||||
}
|
||||
|
||||
// UpdateUser updates a user
|
||||
func UpdateUser(user *User) (updatedUser *User, err error) {
|
||||
func UpdateUser(s *xorm.Session, user *User) (updatedUser *User, err error) {
|
||||
|
||||
// Check if it exists
|
||||
theUser, err := GetUserWithEmail(&User{ID: user.ID})
|
||||
theUser, err := GetUserWithEmail(s, &User{ID: user.ID})
|
||||
if err != nil {
|
||||
return &User{}, err
|
||||
}
|
||||
@ -274,7 +271,7 @@ func UpdateUser(user *User) (updatedUser *User, err error) {
|
||||
user.Username = theUser.Username // Dont change the username if we dont have one
|
||||
} else {
|
||||
// Check if the new username already exists
|
||||
uu, err := GetUserByUsername(user.Username)
|
||||
uu, err := GetUserByUsername(s, user.Username)
|
||||
if err != nil && !IsErrUserDoesNotExist(err) {
|
||||
return nil, err
|
||||
}
|
||||
@ -292,7 +289,7 @@ func UpdateUser(user *User) (updatedUser *User, err error) {
|
||||
if user.Email == "" {
|
||||
user.Email = theUser.Email
|
||||
} else {
|
||||
uu, err := getUser(&User{
|
||||
uu, err := getUser(s, &User{
|
||||
Email: user.Email,
|
||||
Issuer: user.Issuer,
|
||||
Subject: user.Subject,
|
||||
@ -316,7 +313,7 @@ func UpdateUser(user *User) (updatedUser *User, err error) {
|
||||
}
|
||||
|
||||
// Update it
|
||||
_, err = x.
|
||||
_, err = s.
|
||||
ID(user.ID).
|
||||
Cols(
|
||||
"username",
|
||||
@ -333,7 +330,7 @@ func UpdateUser(user *User) (updatedUser *User, err error) {
|
||||
}
|
||||
|
||||
// Get the newly updated user
|
||||
updatedUser, err = GetUserByID(user.ID)
|
||||
updatedUser, err = GetUserByID(s, user.ID)
|
||||
if err != nil {
|
||||
return &User{}, err
|
||||
}
|
||||
@ -342,14 +339,14 @@ func UpdateUser(user *User) (updatedUser *User, err error) {
|
||||
}
|
||||
|
||||
// UpdateUserPassword updates the password of a user
|
||||
func UpdateUserPassword(user *User, newPassword string) (err error) {
|
||||
func UpdateUserPassword(s *xorm.Session, user *User, newPassword string) (err error) {
|
||||
|
||||
if newPassword == "" {
|
||||
return ErrEmptyNewPassword{}
|
||||
}
|
||||
|
||||
// Get all user details
|
||||
theUser, err := GetUserByID(user.ID)
|
||||
theUser, err := GetUserByID(s, user.ID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -362,7 +359,7 @@ func UpdateUserPassword(user *User, newPassword string) (err error) {
|
||||
theUser.Password = hashed
|
||||
|
||||
// Update it
|
||||
_, err = x.ID(user.ID).Update(theUser)
|
||||
_, err = s.ID(user.ID).Update(theUser)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@ -22,12 +22,13 @@ import (
|
||||
"code.vikunja.io/api/pkg/metrics"
|
||||
"code.vikunja.io/api/pkg/utils"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
const issuerLocal = `local`
|
||||
|
||||
// CreateUser creates a new user and inserts it into the database
|
||||
func CreateUser(user *User) (newUser *User, err error) {
|
||||
func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
|
||||
|
||||
if user.Issuer == "" {
|
||||
user.Issuer = issuerLocal
|
||||
@ -40,7 +41,7 @@ func CreateUser(user *User) (newUser *User, err error) {
|
||||
}
|
||||
|
||||
// Check if the user already exists with that username
|
||||
err = checkIfUserExists(user)
|
||||
err = checkIfUserExists(s, user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -64,7 +65,7 @@ func CreateUser(user *User) (newUser *User, err error) {
|
||||
user.AvatarProvider = "initials"
|
||||
|
||||
// Insert it
|
||||
_, err = x.Insert(user)
|
||||
_, err = s.Insert(user)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -73,7 +74,7 @@ func CreateUser(user *User) (newUser *User, err error) {
|
||||
metrics.UpdateCount(1, metrics.ActiveUsersKey)
|
||||
|
||||
// Get the full new User
|
||||
newUserOut, err := GetUserByID(user.ID)
|
||||
newUserOut, err := GetUserByID(s, user.ID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -100,9 +101,9 @@ func checkIfUserIsValid(user *User) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func checkIfUserExists(user *User) (err error) {
|
||||
func checkIfUserExists(s *xorm.Session, user *User) (err error) {
|
||||
exists := true
|
||||
_, err = GetUserByUsername(user.Username)
|
||||
_, err = GetUserByUsername(s, user.Username)
|
||||
if err != nil {
|
||||
if IsErrUserDoesNotExist(err) {
|
||||
exists = false
|
||||
@ -126,7 +127,7 @@ func checkIfUserExists(user *User) (err error) {
|
||||
userToCheck.Email = ""
|
||||
}
|
||||
|
||||
_, err = GetUser(userToCheck)
|
||||
_, err = getUser(s, userToCheck, false)
|
||||
if err != nil {
|
||||
if IsErrUserDoesNotExist(err) {
|
||||
exists = false
|
||||
|
||||
@ -17,6 +17,8 @@
|
||||
|
||||
package user
|
||||
|
||||
import "xorm.io/xorm"
|
||||
|
||||
// EmailConfirm holds the token to confirm a mail address
|
||||
type EmailConfirm struct {
|
||||
// The email confirm token sent via email.
|
||||
@ -24,7 +26,7 @@ type EmailConfirm struct {
|
||||
}
|
||||
|
||||
// ConfirmEmail handles the confirmation of an email address
|
||||
func ConfirmEmail(c *EmailConfirm) (err error) {
|
||||
func ConfirmEmail(s *xorm.Session, c *EmailConfirm) (err error) {
|
||||
|
||||
// Check if we have an email confirm token
|
||||
if c.Token == "" {
|
||||
@ -33,7 +35,9 @@ func ConfirmEmail(c *EmailConfirm) (err error) {
|
||||
|
||||
// Check if the token is valid
|
||||
user := User{}
|
||||
has, err := x.Where("email_confirm_token = ?", c.Token).Get(&user)
|
||||
has, err := s.
|
||||
Where("email_confirm_token = ?", c.Token).
|
||||
Get(&user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -44,6 +48,9 @@ func ConfirmEmail(c *EmailConfirm) (err error) {
|
||||
|
||||
user.IsActive = true
|
||||
user.EmailConfirmToken = ""
|
||||
_, err = x.Where("id = ?", user.ID).Cols("is_active", "email_confirm_token").Update(&user)
|
||||
_, err = s.
|
||||
Where("id = ?", user.ID).
|
||||
Cols("is_active", "email_confirm_token").
|
||||
Update(&user)
|
||||
return
|
||||
}
|
||||
|
||||
@ -65,7 +65,10 @@ func TestUserEmailConfirm(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
if err := ConfirmEmail(tt.args.c); (err != nil) != tt.wantErr {
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
if err := ConfirmEmail(s, tt.args.c); (err != nil) != tt.wantErr {
|
||||
t.Errorf("ConfirmEmail() error = %v, wantErr %v", err, tt.wantErr)
|
||||
}
|
||||
})
|
||||
|
||||
@ -21,6 +21,7 @@ import (
|
||||
"code.vikunja.io/api/pkg/config"
|
||||
"code.vikunja.io/api/pkg/mail"
|
||||
"code.vikunja.io/api/pkg/utils"
|
||||
"xorm.io/xorm"
|
||||
)
|
||||
|
||||
// PasswordReset holds the data to reset a password
|
||||
@ -32,7 +33,7 @@ type PasswordReset struct {
|
||||
}
|
||||
|
||||
// ResetPassword resets a users password
|
||||
func ResetPassword(reset *PasswordReset) (err error) {
|
||||
func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
||||
|
||||
// Check if the password is not empty
|
||||
if reset.NewPassword == "" {
|
||||
@ -41,7 +42,9 @@ func ResetPassword(reset *PasswordReset) (err error) {
|
||||
|
||||
// Check if we have a token
|
||||
var user User
|
||||
exists, err := x.Where("password_reset_token = ?", reset.Token).Get(&user)
|
||||
exists, err := s.
|
||||
Where("password_reset_token = ?", reset.Token).
|
||||
Get(&user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -57,7 +60,9 @@ func ResetPassword(reset *PasswordReset) (err error) {
|
||||
}
|
||||
|
||||
// Save it
|
||||
_, err = x.Where("id = ?", user.ID).Update(&user)
|
||||
_, err = s.
|
||||
Where("id = ?", user.ID).
|
||||
Update(&user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -83,27 +88,29 @@ type PasswordTokenRequest struct {
|
||||
}
|
||||
|
||||
// RequestUserPasswordResetTokenByEmail inserts a random token to reset a users password into the databsse
|
||||
func RequestUserPasswordResetTokenByEmail(tr *PasswordTokenRequest) (err error) {
|
||||
func RequestUserPasswordResetTokenByEmail(s *xorm.Session, tr *PasswordTokenRequest) (err error) {
|
||||
if tr.Email == "" {
|
||||
return ErrNoUsernamePassword{}
|
||||
}
|
||||
|
||||
// Check if the user exists
|
||||
user, err := GetUserWithEmail(&User{Email: tr.Email})
|
||||
user, err := GetUserWithEmail(s, &User{Email: tr.Email})
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return RequestUserPasswordResetToken(user)
|
||||
return RequestUserPasswordResetToken(s, user)
|
||||
}
|
||||
|
||||
// RequestUserPasswordResetToken sends a user a password reset email.
|
||||
func RequestUserPasswordResetToken(user *User) (err error) {
|
||||
func RequestUserPasswordResetToken(s *xorm.Session, user *User) (err error) {
|
||||
// Generate a token and save it
|
||||
user.PasswordResetToken = utils.MakeRandomString(400)
|
||||
|
||||
// Save it
|
||||
_, err = x.Where("id = ?", user.ID).Update(user)
|
||||
_, err = s.
|
||||
Where("id = ?", user.ID).
|
||||
Update(user)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -34,13 +34,19 @@ func TestCreateUser(t *testing.T) {
|
||||
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
createdUser, err := CreateUser(dummyuser)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
createdUser, err := CreateUser(s, dummyuser)
|
||||
assert.NoError(t, err)
|
||||
assert.NotZero(t, createdUser.Created)
|
||||
})
|
||||
t.Run("already existing", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "user1",
|
||||
Password: "12345",
|
||||
Email: "email@example.com",
|
||||
@ -50,7 +56,10 @@ func TestCreateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("same email", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "testuser",
|
||||
Password: "12345",
|
||||
Email: "user1@example.com",
|
||||
@ -60,7 +69,10 @@ func TestCreateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("no username", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "",
|
||||
Password: "12345",
|
||||
Email: "user1@example.com",
|
||||
@ -70,7 +82,10 @@ func TestCreateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("no password", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "testuser",
|
||||
Password: "",
|
||||
Email: "user1@example.com",
|
||||
@ -80,7 +95,10 @@ func TestCreateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("no email", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "testuser",
|
||||
Password: "12345",
|
||||
Email: "",
|
||||
@ -90,7 +108,10 @@ func TestCreateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("same email but different issuer", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "somenewuser",
|
||||
Email: "user1@example.com",
|
||||
Issuer: "https://some.site",
|
||||
@ -100,7 +121,10 @@ func TestCreateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("same subject but different issuer", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CreateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CreateUser(s, &User{
|
||||
Username: "somenewuser",
|
||||
Email: "somenewuser@example.com",
|
||||
Issuer: "https://some.site",
|
||||
@ -113,25 +137,41 @@ func TestCreateUser(t *testing.T) {
|
||||
func TestGetUser(t *testing.T) {
|
||||
t.Run("by name", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
theuser, err := GetUser(&User{
|
||||
Username: "user1",
|
||||
})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
theuser, err := getUser(
|
||||
s,
|
||||
&User{
|
||||
Username: "user1",
|
||||
},
|
||||
false,
|
||||
)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, theuser.ID, int64(1))
|
||||
assert.Empty(t, theuser.Email)
|
||||
})
|
||||
t.Run("by email", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
theuser, err := GetUser(&User{
|
||||
Email: "user1@example.com",
|
||||
})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
theuser, err := getUser(
|
||||
s,
|
||||
&User{
|
||||
Email: "user1@example.com",
|
||||
},
|
||||
false)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, theuser.ID, int64(1))
|
||||
assert.Empty(t, theuser.Email)
|
||||
})
|
||||
t.Run("by id", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
theuser, err := GetUserByID(1)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
theuser, err := GetUserByID(s, 1)
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, theuser.ID, int64(1))
|
||||
assert.Equal(t, theuser.Username, "user1")
|
||||
@ -139,25 +179,37 @@ func TestGetUser(t *testing.T) {
|
||||
})
|
||||
t.Run("invalid id", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := GetUserByID(99999)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := GetUserByID(s, 99999)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrUserDoesNotExist(err))
|
||||
})
|
||||
t.Run("nonexistant", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := GetUserByID(0)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := GetUserByID(s, 0)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrUserDoesNotExist(err))
|
||||
})
|
||||
t.Run("empty name", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := GetUserByUsername("")
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := GetUserByUsername(s, "")
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrUserDoesNotExist(err))
|
||||
})
|
||||
t.Run("with email", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
theuser, err := GetUserWithEmail(&User{ID: 1})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
theuser, err := GetUserWithEmail(s, &User{ID: 1})
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, theuser.ID, int64(1))
|
||||
assert.Equal(t, theuser.Username, "user1")
|
||||
@ -168,42 +220,63 @@ func TestGetUser(t *testing.T) {
|
||||
func TestCheckUserCredentials(t *testing.T) {
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Username: "user1", Password: "1234"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Username: "user1", Password: "1234"})
|
||||
assert.NoError(t, err)
|
||||
})
|
||||
t.Run("unverified email", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Username: "user5", Password: "1234"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Username: "user5", Password: "1234"})
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrEmailNotConfirmed(err))
|
||||
})
|
||||
t.Run("wrong password", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Username: "user1", Password: "12345"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Username: "user1", Password: "12345"})
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrWrongUsernameOrPassword(err))
|
||||
})
|
||||
t.Run("nonexistant user", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Username: "dfstestuu", Password: "1234"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Username: "dfstestuu", Password: "1234"})
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrWrongUsernameOrPassword(err))
|
||||
})
|
||||
t.Run("empty password", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Username: "user1"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Username: "user1"})
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrNoUsernamePassword(err))
|
||||
})
|
||||
t.Run("empty username", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Password: "1234"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Password: "1234"})
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrNoUsernamePassword(err))
|
||||
})
|
||||
t.Run("email", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := CheckUserCredentials(&Login{Username: "user1@example.com", Password: "1234"})
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := CheckUserCredentials(s, &Login{Username: "user1@example.com", Password: "1234"})
|
||||
assert.NoError(t, err)
|
||||
})
|
||||
}
|
||||
@ -211,7 +284,10 @@ func TestCheckUserCredentials(t *testing.T) {
|
||||
func TestUpdateUser(t *testing.T) {
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
uuser, err := UpdateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
uuser, err := UpdateUser(s, &User{
|
||||
ID: 1,
|
||||
Password: "LoremIpsum",
|
||||
Email: "testing@example.com",
|
||||
@ -222,7 +298,10 @@ func TestUpdateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("change username", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
uuser, err := UpdateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
uuser, err := UpdateUser(s, &User{
|
||||
ID: 1,
|
||||
Username: "changedname",
|
||||
})
|
||||
@ -232,7 +311,10 @@ func TestUpdateUser(t *testing.T) {
|
||||
})
|
||||
t.Run("nonexistant", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
_, err := UpdateUser(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
_, err := UpdateUser(s, &User{
|
||||
ID: 99999,
|
||||
})
|
||||
assert.Error(t, err)
|
||||
@ -244,15 +326,20 @@ func TestUpdateUserPassword(t *testing.T) {
|
||||
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
err := UpdateUserPassword(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
err := UpdateUserPassword(s, &User{
|
||||
ID: 1,
|
||||
}, "12345",
|
||||
)
|
||||
}, "12345")
|
||||
assert.NoError(t, err)
|
||||
})
|
||||
t.Run("nonexistant user", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
err := UpdateUserPassword(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
err := UpdateUserPassword(s, &User{
|
||||
ID: 9999,
|
||||
}, "12345")
|
||||
assert.Error(t, err)
|
||||
@ -260,10 +347,12 @@ func TestUpdateUserPassword(t *testing.T) {
|
||||
})
|
||||
t.Run("empty password", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
err := UpdateUserPassword(&User{
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
err := UpdateUserPassword(s, &User{
|
||||
ID: 1,
|
||||
}, "",
|
||||
)
|
||||
}, "")
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrEmptyNewPassword(err))
|
||||
})
|
||||
@ -272,14 +361,20 @@ func TestUpdateUserPassword(t *testing.T) {
|
||||
func TestListUsers(t *testing.T) {
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
all, err := ListUsers("user1")
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
all, err := ListUsers(s, "user1")
|
||||
assert.NoError(t, err)
|
||||
assert.True(t, len(all) > 0)
|
||||
assert.Equal(t, all[0].Username, "user1")
|
||||
})
|
||||
t.Run("all users", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
all, err := ListUsers("")
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
all, err := ListUsers(s, "")
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, all, 14)
|
||||
})
|
||||
@ -288,39 +383,51 @@ func TestListUsers(t *testing.T) {
|
||||
func TestUserPasswordReset(t *testing.T) {
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
reset := &PasswordReset{
|
||||
Token: "passwordresettesttoken",
|
||||
NewPassword: "12345",
|
||||
}
|
||||
err := ResetPassword(reset)
|
||||
err := ResetPassword(s, reset)
|
||||
assert.NoError(t, err)
|
||||
})
|
||||
t.Run("without password", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
reset := &PasswordReset{
|
||||
Token: "passwordresettesttoken",
|
||||
}
|
||||
err := ResetPassword(reset)
|
||||
err := ResetPassword(s, reset)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrNoUsernamePassword(err))
|
||||
})
|
||||
t.Run("empty token", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
reset := &PasswordReset{
|
||||
Token: "somethingsomething",
|
||||
NewPassword: "12345",
|
||||
}
|
||||
err := ResetPassword(reset)
|
||||
err := ResetPassword(s, reset)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrInvalidPasswordResetToken(err))
|
||||
})
|
||||
t.Run("wrong token", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
reset := &PasswordReset{
|
||||
Token: "somethingsomething",
|
||||
NewPassword: "12345",
|
||||
}
|
||||
err := ResetPassword(reset)
|
||||
err := ResetPassword(s, reset)
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrInvalidPasswordResetToken(err))
|
||||
})
|
||||
|
||||
@ -21,11 +21,13 @@ import (
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"xorm.io/xorm"
|
||||
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
)
|
||||
|
||||
// ListUsers returns a list with all users, filtered by an optional searchstring
|
||||
func ListUsers(searchterm string) (users []*User, err error) {
|
||||
func ListUsers(s *xorm.Session, searchterm string) (users []*User, err error) {
|
||||
|
||||
vals := strings.Split(searchterm, ",")
|
||||
ids := []int64{}
|
||||
@ -39,18 +41,18 @@ func ListUsers(searchterm string) (users []*User, err error) {
|
||||
}
|
||||
|
||||
if len(ids) > 0 {
|
||||
err = x.
|
||||
err = s.
|
||||
In("id", ids).
|
||||
Find(&users)
|
||||
return
|
||||
}
|
||||
|
||||
if searchterm == "" {
|
||||
err = x.Find(&users)
|
||||
err = s.Find(&users)
|
||||
return
|
||||
}
|
||||
|
||||
err = x.
|
||||
err = s.
|
||||
Where("username LIKE ?", "%"+searchterm+"%").
|
||||
Find(&users)
|
||||
return
|
||||
|
||||
Reference in New Issue
Block a user