Fix an issue where user is db fetched twice

- Fix #79 - Rename event EventGet to EventGetUser - Remove double DB fetch - Add new event callpoint: After(EventGetUser) for things that need to check that the user is ABLE to be gotten after it's fetched from the DB. That is before returning to the web app, ensure that the user is valid from a confirmation/lock etc point of view. - Add test to make sure all the events are firing in CurrentUser()
2024-11-24 08:42:17 +02:00 · 2015-09-21 20:53:51 -07:00 · 2015-09-21 20:53:51 -07:00 · b09e4831b6
commit b09e4831b6
parent 124b1aec46
7 changed files with 75 additions and 13 deletions
--- a/authboss.go
+++ b/authboss.go
@ -83,21 +83,31 @@ func (a *Authboss) currentUser(ctx *Context, w http.ResponseWriter, r *http.Requ
 		return nil, nil
 	}

-	err = ctx.LoadUser(key)
+	_, err = a.Callbacks.FireBefore(EventGetUser, ctx)
 	if err != nil {
 		return nil, err
 	}

-	_, err = a.Callbacks.FireBefore(EventGet, ctx)
-	if err != nil {
-		return nil, err
-	}
+	var user interface{}

 	if index := strings.IndexByte(key, ';'); index > 0 {
-		return a.OAuth2Storer.GetOAuth(key[:index], key[index+1:])
+		user, err = a.OAuth2Storer.GetOAuth(key[:index], key[index+1:])
+	} else {
+		user, err = a.Storer.Get(key)
 	}

-	return a.Storer.Get(key)
+	if err != nil {
+		return nil, err
+	}
+
+	ctx.User = Unbind(user)
+
+	err = a.Callbacks.FireAfter(EventGetUser, ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, err
 }

 // CurrentUserP retrieves the current user but panics if it's not available for
--- a/authboss_test.go
+++ b/authboss_test.go
@ -48,6 +48,52 @@ func TestAuthBossCurrentUser(t *testing.T) {
 	}
 }

+func TestAuthBossCurrentUserCallbacks(t *testing.T) {
+	t.Parallel()
+
+	ab := New()
+	ab.LogWriter = ioutil.Discard
+	ab.Storer = mockStorer{"joe": Attributes{"email": "john@john.com", "password": "lies"}}
+	ab.SessionStoreMaker = func(_ http.ResponseWriter, _ *http.Request) ClientStorer {
+		return mockClientStore{SessionKey: "joe"}
+	}
+	ab.CookieStoreMaker = func(_ http.ResponseWriter, _ *http.Request) ClientStorer {
+		return mockClientStore{}
+	}
+
+	if err := ab.Init(); err != nil {
+		t.Error("Unexpected error:", err)
+	}
+
+	rec := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "localhost", nil)
+
+	afterGetUser := errors.New("afterGetUser")
+	beforeGetUser := errors.New("beforeGetUser")
+	beforeGetUserSession := errors.New("beforeGetUserSession")
+
+	ab.Callbacks.After(EventGetUser, func(*Context) error {
+		return afterGetUser
+	})
+	if _, err := ab.CurrentUser(rec, req); err != afterGetUser {
+		t.Error("Want:", afterGetUser, "Got:", err)
+	}
+
+	ab.Callbacks.Before(EventGetUser, func(*Context) (Interrupt, error) {
+		return InterruptNone, beforeGetUser
+	})
+	if _, err := ab.CurrentUser(rec, req); err != beforeGetUser {
+		t.Error("Want:", beforeGetUser, "Got:", err)
+	}
+
+	ab.Callbacks.Before(EventGetUserSession, func(*Context) (Interrupt, error) {
+		return InterruptNone, beforeGetUserSession
+	})
+	if _, err := ab.CurrentUser(rec, req); err != beforeGetUserSession {
+		t.Error("Want:", beforeGetUserSession, "Got:", err)
+	}
+}
+
 func TestAuthbossUpdatePassword(t *testing.T) {
 	t.Parallel()

--- a/callbacks.go
+++ b/callbacks.go
@ -20,7 +20,7 @@ const (
 	EventOAuthFail
 	EventRecoverStart
 	EventRecoverEnd
-	EventGet
+	EventGetUser
 	EventGetUserSession
 	EventPasswordReset
 )
--- a/callbacks_test.go
+++ b/callbacks_test.go
@ -171,7 +171,7 @@ func TestEventString(t *testing.T) {
 		{EventOAuthFail, "EventOAuthFail"},
 		{EventRecoverStart, "EventRecoverStart"},
 		{EventRecoverEnd, "EventRecoverEnd"},
-		{EventGet, "EventGet"},
+		{EventGetUser, "EventGetUser"},
 		{EventGetUserSession, "EventGetUserSession"},
 		{EventPasswordReset, "EventPasswordReset"},
 	}
--- a/confirm/confirm.go
+++ b/confirm/confirm.go
@ -70,7 +70,10 @@ func (c *Confirm) Initialize(ab *authboss.Authboss) (err error) {
 		return err
 	}

-	c.Callbacks.Before(authboss.EventGet, c.beforeGet)
+	c.Callbacks.After(authboss.EventGetUser, func(ctx *authboss.Context) error {
+		_, err := c.beforeGet(ctx)
+		return err
+	})
 	c.Callbacks.Before(authboss.EventAuth, c.beforeGet)
 	c.Callbacks.After(authboss.EventRegister, c.afterRegister)

--- a/lock/lock.go
+++ b/lock/lock.go
@ -36,7 +36,10 @@ func (l *Lock) Initialize(ab *authboss.Authboss) error {
 	}

 	// Events
-	l.Callbacks.Before(authboss.EventGet, l.beforeAuth)
+	l.Callbacks.After(authboss.EventGetUser, func(ctx *authboss.Context) error {
+		_, err := l.beforeAuth(ctx)
+		return err
+	})
 	l.Callbacks.Before(authboss.EventAuth, l.beforeAuth)
 	l.Callbacks.After(authboss.EventAuth, l.afterAuth)
 	l.Callbacks.After(authboss.EventAuthFail, l.afterAuthFail)
--- a/stringers.go
+++ b/stringers.go
@ -4,9 +4,9 @@ package authboss

 import "fmt"

-const _Event_name = "EventRegisterEventAuthEventOAuthEventAuthFailEventOAuthFailEventRecoverStartEventRecoverEndEventGetEventGetUserSessionEventPasswordReset"
+const _Event_name = "EventRegisterEventAuthEventOAuthEventAuthFailEventOAuthFailEventRecoverStartEventRecoverEndEventGetUserEventGetUserSessionEventPasswordReset"

-var _Event_index = [...]uint8{13, 22, 32, 45, 59, 76, 91, 99, 118, 136}
+var _Event_index = [...]uint8{13, 22, 32, 45, 59, 76, 91, 103, 122, 140}

 func (i Event) String() string {
 	if i < 0 || i >= Event(len(_Event_index)) {