Fixed web-app from breaking changes

2025-08-08 22:36:41 +02:00 · 2019-08-05 17:23:56 -08:00
parent 53b9424e95
commit 7a7510cdc5
5 changed files with 42 additions and 25 deletions
--- a/cmd/web-app/handlers/signup.go
+++ b/cmd/web-app/handlers/signup.go
@ -68,7 +68,10 @@ func (h *Signup) Step1(ctx context.Context, w http.ResponseWriter, r *http.Reque
 			}

 			// Authenticated the new user.
-			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, req.User.Email, req.User.Password, time.Hour, ctxValues.Now)
+			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{
+				Email:    req.User.Email,
+				Password: req.User.Password,
+			}, time.Hour, ctxValues.Now)
 			if err != nil {
 				return false, err
 			}
--- a/cmd/web-app/handlers/user.go
+++ b/cmd/web-app/handlers/user.go
@ -76,7 +76,10 @@ func (h *User) Login(ctx context.Context, w http.ResponseWriter, r *http.Request
 			}

 			// Authenticated the user.
-			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, req.Email, req.Password, sessionTTL, ctxValues.Now)
+			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{
+				Email:    req.Email,
+				Password: req.Password,
+			}, sessionTTL, ctxValues.Now)
 			if err != nil {
 				switch errors.Cause(err) {
 				case user.ErrForbidden:
@ -258,7 +261,10 @@ func (h *User) ResetConfirm(ctx context.Context, w http.ResponseWriter, r *http.
 			}

 			// Authenticated the user. Probably should use the default session TTL from UserLogin.
-			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, u.Email, req.Password, time.Hour, ctxValues.Now)
+			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{
+				Email:    u.Email,
+				Password: req.Password,
+			}, time.Hour, ctxValues.Now)
 			if err != nil {
 				if verr, ok := weberror.NewValidationError(ctx, err); ok {
 					data["validationErrors"] = verr.(*weberror.Error)
--- a/cmd/web-app/handlers/users.go
+++ b/cmd/web-app/handlers/users.go
@ -670,7 +670,7 @@ func (h *Users) InviteAccept(ctx context.Context, w http.ResponseWriter, r *http
 			// Append the query param value to the request.
 			req.InviteHash = inviteHash

-			userID, err := invite.AcceptInvite(ctx, h.MasterDB, *req, h.SecretKey, ctxValues.Now)
+			hash, err := invite.AcceptInvite(ctx, h.MasterDB, *req, h.SecretKey, ctxValues.Now)
 			if err != nil {
 				switch errors.Cause(err) {
 				case invite.ErrInviteExpired:
@ -705,13 +705,17 @@ func (h *Users) InviteAccept(ctx context.Context, w http.ResponseWriter, r *http
 			}

 			// Load the user without any claims applied.
-			usr, err := user.ReadByID(ctx, auth.Claims{}, h.MasterDB, userID)
+			usr, err := user.ReadByID(ctx, auth.Claims{}, h.MasterDB, hash.UserID)
 			if err != nil {
 				return false, err
 			}

 			// Authenticated the user. Probably should use the default session TTL from UserLogin.
-			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, usr.Email, req.Password, time.Hour, ctxValues.Now)
+			token, err := user_auth.Authenticate(ctx, h.MasterDB, h.Authenticator, user_auth.AuthenticateRequest{
+				Email:     usr.Email,
+				Password:  req.Password,
+				AccountID: hash.AccountID,
+			}, time.Hour, ctxValues.Now)
 			if err != nil {
 				if verr, ok := weberror.NewValidationError(ctx, err); ok {
 					data["validationErrors"] = verr.(*weberror.Error)
--- a/internal/user_account/invite/invite.go
+++ b/internal/user_account/invite/invite.go
@ -181,7 +181,7 @@ func SendUserInvites(ctx context.Context, claims auth.Claims, dbConn *sqlx.DB, r
 }

 // AcceptInvite updates the user using the provided invite hash.
-func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, secretKey string, now time.Time) (string, error) {
+func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest, secretKey string, now time.Time) (*InviteHash, error) {
 	span, ctx := tracer.StartSpanFromContext(ctx, "internal.user_account.invite.AcceptInvite")
 	defer span.Finish()

@ -190,24 +190,24 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest,
 	// Validate the request.
 	err := v.StructCtx(ctx, req)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	hash, err := ParseInviteHash(ctx, secretKey, req.InviteHash, now)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	u, err := user.Read(ctx, auth.Claims{}, dbConn,
 		user.UserReadRequest{ID: hash.UserID, IncludeArchived: true})
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	if u.ArchivedAt != nil && !u.ArchivedAt.Time.IsZero() {
 		err = user.Restore(ctx, auth.Claims{}, dbConn, user.UserRestoreRequest{ID: hash.UserID}, now)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 	}

@ -216,21 +216,21 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest,
 		AccountID: hash.AccountID,
 	})
 	if err != nil {
-		return "", nil
+		return nil, nil
 	}

 	// Ensure the entry has the status of invited.
 	if usrAcc.Status != user_account.UserAccountStatus_Invited {
 		// If the entry is already active
 		if usrAcc.Status == user_account.UserAccountStatus_Active {
-			return u.ID, errors.WithStack(ErrUserAccountActive)
+			return hash, errors.WithStack(ErrUserAccountActive)
 		}
-		return "", errors.WithStack(ErrNoPendingInvite)
+		return nil, errors.WithStack(ErrNoPendingInvite)
 	}

 	if len(u.PasswordHash) > 0 {
 		// Do not update the password for a user that already has a password set.
-		return "", errors.WithStack(ErrInviteUserPasswordSet)
+		return nil, errors.WithStack(ErrInviteUserPasswordSet)
 	}

 	// These two calls, user.Update and user.UpdatePassword should probably be in a transaction!
@ -242,7 +242,7 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest,
 		Timezone:  req.Timezone,
 	}, now)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	err = user.UpdatePassword(ctx, auth.Claims{}, dbConn, user.UserUpdatePasswordRequest{
@ -251,7 +251,7 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest,
 		PasswordConfirm: req.PasswordConfirm,
 	}, now)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

 	activeStatus := user_account.UserAccountStatus_Active
@ -261,8 +261,8 @@ func AcceptInvite(ctx context.Context, dbConn *sqlx.DB, req AcceptInviteRequest,
 		Status:    &activeStatus,
 	}, now)
 	if err != nil {
-		return "", err
+		return nil, err
 	}

-	return hash.UserID, nil
+	return hash, nil
 }
--- a/internal/user_account/invite/invite_test.go
+++ b/internal/user_account/invite/invite_test.go
@ -192,12 +192,9 @@ func TestSendUserInvites(t *testing.T) {

 		// Assuming we have received the email and clicked the link, we now can ensure accept works.
 		for idx, inviteHash := range inviteHashes {
-			type expectRes struct {
-				UserID string `json:"user_id" validate:"required,uuid"`
-			}
-			var res expectRes
+
 			newPass := uuid.NewRandom().String()
-			res.UserID, err = AcceptInvite(ctx, test.MasterDB, AcceptInviteRequest{
+			hash, err := AcceptInvite(ctx, test.MasterDB, AcceptInviteRequest{
 				InviteHash:      inviteHash,
 				Email:           inviteEmails[idx],
 				FirstName:       "Foo",
@ -211,7 +208,14 @@ func TestSendUserInvites(t *testing.T) {
 			}

 			// Validate the result.
-			err := webcontext.Validator().StructCtx(ctx, res)
+			var res = struct {
+				UserID    string `validate:"required,uuid"`
+				AccountID string `validate:"required,uuid"`
+			}{
+				UserID:    hash.UserID,
+				AccountID: hash.AccountID,
+			}
+			err = webcontext.Validator().StructCtx(ctx, res)
 			if err != nil {
 				t.Log("\t\tGot :", err)
 				t.Fatalf("\t%s\tInviteAccept failed.", tests.Failed)