From 7a7510cdc584bdc55da0935d646e5de530688c8f Mon Sep 17 00:00:00 2001 From: Lee Brown Date: Mon, 5 Aug 2019 17:23:56 -0800 Subject: [PATCH] Fixed web-app from breaking changes --- cmd/web-app/handlers/signup.go | 5 +++- cmd/web-app/handlers/user.go | 10 ++++++-- cmd/web-app/handlers/users.go | 10 +++++--- internal/user_account/invite/invite.go | 26 ++++++++++----------- internal/user_account/invite/invite_test.go | 16 ++++++++----- 5 files changed, 42 insertions(+), 25 deletions(-) diff --git a/cmd/web-app/handlers/signup.go b/cmd/web-app/handlers/signup.go index 43a2a41..a25bd90 100644 --- a/cmd/web-app/handlers/signup.go +++ b/cmd/web-app/handlers/signup.go @@ -68,7 +68,10 @@ func (h *Signup) Step1(ctx context.Context, w http.ResponseWriter, r *http.Reque } // Authenticated the new user. - token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, req.User.Email, req.User.Password, time.Hour, ctxValues.Now) + token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{ + Email: req.User.Email, + Password: req.User.Password, + }, time.Hour, ctxValues.Now) if err != nil { return false, err } diff --git a/cmd/web-app/handlers/user.go b/cmd/web-app/handlers/user.go index 9142d78..119135a 100644 --- a/cmd/web-app/handlers/user.go +++ b/cmd/web-app/handlers/user.go @@ -76,7 +76,10 @@ func (h *User) Login(ctx context.Context, w http.ResponseWriter, r *http.Request } // Authenticated the user. - token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, req.Email, req.Password, sessionTTL, ctxValues.Now) + token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{ + Email: req.Email, + Password: req.Password, + }, sessionTTL, ctxValues.Now) if err != nil { switch errors.Cause(err) { case user.ErrForbidden: @@ -258,7 +261,10 @@ func (h *User) ResetConfirm(ctx context.Context, w http.ResponseWriter, r *http. } // Authenticated the user. Probably should use the default session TTL from UserLogin. - token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, u.Email, req.Password, time.Hour, ctxValues.Now) + token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{ + Email: u.Email, + Password: req.Password, + }, time.Hour, ctxValues.Now) if err != nil { if verr, ok := weberror.NewValidationError(ctx, err); ok { data["validationErrors"] = verr.(*weberror.Error) diff --git a/cmd/web-app/handlers/users.go b/cmd/web-app/handlers/users.go index 340cdf6..be36709 100644 --- a/cmd/web-app/handlers/users.go +++ b/cmd/web-app/handlers/users.go @@ -670,7 +670,7 @@ func (h *Users) InviteAccept(ctx context.Context, w http.ResponseWriter, r *http // Append the query param value to the request. req.InviteHash = inviteHash - userID, err := invite.AcceptInvite(ctx, h.MasterDB, *req, h.SecretKey, ctxValues.Now) + hash, err := invite.AcceptInvite(ctx, h.MasterDB, *req, h.SecretKey, ctxValues.Now) if err != nil { switch errors.Cause(err) { case invite.ErrInviteExpired: @@ -705,13 +705,17 @@ func (h *Users) InviteAccept(ctx context.Context, w http.ResponseWriter, r *http } // Load the user without any claims applied. - usr, err := user.ReadByID(ctx, auth.Claims{}, h.MasterDB, userID) + usr, err := user.ReadByID(ctx, auth.Claims{}, h.MasterDB, hash.UserID) if err != nil { return false, err } // Authenticated the user. Probably should use the default session TTL from UserLogin. - token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, usr.Email, req.Password, time.Hour, ctxValues.Now) + token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{ + Email: usr.Email, + Password: req.Password, + AccountID: hash.AccountID, + }, time.Hour, ctxValues.Now) if err != nil { if verr, ok := weberror.NewValidationError(ctx, err); ok { data["validationErrors"] = verr.(*weberror.Error) diff --git a/internal/user_account/invite/invite.go b/internal/user_account/invite/invite.go index b24c844..43f1f14 100644 --- a/internal/user_account/invite/invite.go +++ b/internal/user_account/invite/invite.go @@ -181,7 +181,7 @@ func SendUserInvites(ctx context.Context, claims auth.Claims, dbConn *sqlx.DB, r } // AcceptInvite updates the user using the provided invite hash. -func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, secretKey string, now time.Time) (string, error) { +func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, secretKey string, now time.Time) (*InviteHash, error) { span, ctx := tracer.StartSpanFromContext(ctx, "internal.user_account.invite.AcceptInvite") defer span.Finish() @@ -190,24 +190,24 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, // Validate the request. err := v.StructCtx(ctx, req) if err != nil { - return "", err + return nil, err } hash, err := ParseInviteHash(ctx, secretKey, req.InviteHash, now) if err != nil { - return "", err + return nil, err } u, err := user.Read(ctx, auth.Claims{}, dbConn, user.UserReadRequest{ID: hash.UserID, IncludeArchived: true}) if err != nil { - return "", err + return nil, err } if u.ArchivedAt != nil && !u.ArchivedAt.Time.IsZero() { err = user.Restore(ctx, auth.Claims{}, dbConn, user.UserRestoreRequest{ID: hash.UserID}, now) if err != nil { - return "", err + return nil, err } } @@ -216,21 +216,21 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, AccountID: hash.AccountID, }) if err != nil { - return "", nil + return nil, nil } // Ensure the entry has the status of invited. if usrAcc.Status != user_account.UserAccountStatus_Invited { // If the entry is already active if usrAcc.Status == user_account.UserAccountStatus_Active { - return u.ID, errors.WithStack(ErrUserAccountActive) + return hash, errors.WithStack(ErrUserAccountActive) } - return "", errors.WithStack(ErrNoPendingInvite) + return nil, errors.WithStack(ErrNoPendingInvite) } if len(u.PasswordHash) > 0 { // Do not update the password for a user that already has a password set. - return "", errors.WithStack(ErrInviteUserPasswordSet) + return nil, errors.WithStack(ErrInviteUserPasswordSet) } // These two calls, user.Update and user.UpdatePassword should probably be in a transaction! @@ -242,7 +242,7 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, Timezone: req.Timezone, }, now) if err != nil { - return "", err + return nil, err } err = user.UpdatePassword(ctx, auth.Claims{}, dbConn, user.UserUpdatePasswordRequest{ @@ -251,7 +251,7 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, PasswordConfirm: req.PasswordConfirm, }, now) if err != nil { - return "", err + return nil, err } activeStatus := user_account.UserAccountStatus_Active @@ -261,8 +261,8 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, Status: &activeStatus, }, now) if err != nil { - return "", err + return nil, err } - return hash.UserID, nil + return hash, nil } diff --git a/internal/user_account/invite/invite_test.go b/internal/user_account/invite/invite_test.go index ce72c2f..049190c 100644 --- a/internal/user_account/invite/invite_test.go +++ b/internal/user_account/invite/invite_test.go @@ -192,12 +192,9 @@ func TestSendUserInvites(t *testing.T) { // Assuming we have received the email and clicked the link, we now can ensure accept works. for idx, inviteHash := range inviteHashes { - type expectRes struct { - UserID string `json:"user_id" validate:"required,uuid"` - } - var res expectRes + newPass := uuid.NewRandom().String() - res.UserID, err = AcceptInvite(ctx, test.MasterDB, AcceptInviteRequest{ + hash, err := AcceptInvite(ctx, test.MasterDB, AcceptInviteRequest{ InviteHash: inviteHash, Email: inviteEmails[idx], FirstName: "Foo", @@ -211,7 +208,14 @@ func TestSendUserInvites(t *testing.T) { } // Validate the result. - err := webcontext.Validator().StructCtx(ctx, res) + var res = struct { + UserID string `validate:"required,uuid"` + AccountID string `validate:"required,uuid"` + }{ + UserID: hash.UserID, + AccountID: hash.AccountID, + } + err = webcontext.Validator().StructCtx(ctx, res) if err != nil { t.Log("\t\tGot :", err) t.Fatalf("\t%s\tInviteAccept failed.", tests.Failed)