You've already forked focalboard
mirror of
https://github.com/mattermost/focalboard.git
synced 2025-07-09 23:45:41 +02:00
Refactor error usage from the store level up and add API helpers (#3792)
* Refactor error usage from the store level up and add API helpers * Complete API tests * Fix merge errorResponse calls * Remove ensure helpers to allow for custom messages on permission errors * Fix bad import and call * Remove bad user check on auth that was added as part of the main merge * Fix empty list test * Replace deprecated proxy calls to ioutil.ReadAll with io.ReadAll * Add information to the NotFound errors * Add context to all remaining errors and address review comments * Fix linter * Adapt the new card API endpoints to the error refactor * Remove almost all customErrorResponse calls * Add request entity too large to errorResponse and remove customErrorResponse * Fix linter
This commit is contained in:
Miguel de la Cruz
committed by
GitHub
GitHub
parent
ed655ac996
commit
08c0b7a2fd
@ -3,7 +3,7 @@ package api
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
@ -57,30 +57,26 @@ func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
// schema:
|
||||
// "$ref": "#/definitions/ErrorResponse"
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
|
||||
}
|
||||
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
|
||||
a.errorResponse(w, r, model.NewErrNotImplemented("not permitted in plugin mode"))
|
||||
return
|
||||
}
|
||||
|
||||
if len(a.singleUserToken) > 0 {
|
||||
// Not permitted in single-user mode
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("not permitted in single-user mode"))
|
||||
return
|
||||
}
|
||||
|
||||
requestBody, err := ioutil.ReadAll(r.Body)
|
||||
requestBody, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
var loginData model.LoginRequest
|
||||
err = json.Unmarshal(requestBody, &loginData)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
@ -92,12 +88,12 @@ func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
if loginData.Type == "normal" {
|
||||
token, err := a.app.Login(loginData.Username, loginData.Email, loginData.Password, loginData.MfaToken)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "incorrect login", err)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("incorrect login"))
|
||||
return
|
||||
}
|
||||
json, err := json.Marshal(model.LoginResponse{Token: token})
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
@ -106,7 +102,7 @@ func (a *API) handleLogin(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
a.errorResponse(w, r.URL.Path, http.StatusBadRequest, "invalid login type", nil)
|
||||
a.errorResponse(w, r, model.NewErrBadRequest("invalid login type"))
|
||||
}
|
||||
|
||||
func (a *API) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
@ -127,17 +123,13 @@ func (a *API) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
// schema:
|
||||
// "$ref": "#/definitions/ErrorResponse"
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
|
||||
}
|
||||
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
|
||||
a.errorResponse(w, r, model.NewErrNotImplemented("not permitted in plugin mode"))
|
||||
return
|
||||
}
|
||||
|
||||
if len(a.singleUserToken) > 0 {
|
||||
// Not permitted in single-user mode
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("not permitted in single-user mode"))
|
||||
return
|
||||
}
|
||||
|
||||
@ -150,7 +142,7 @@ func (a *API) handleLogout(w http.ResponseWriter, r *http.Request) {
|
||||
auditRec.AddMeta("userID", session.UserID)
|
||||
|
||||
if err := a.app.Logout(session.ID); err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "incorrect login", err)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("incorrect logout"))
|
||||
return
|
||||
}
|
||||
|
||||
@ -185,30 +177,26 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||
// schema:
|
||||
// "$ref": "#/definitions/ErrorResponse"
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
|
||||
}
|
||||
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
|
||||
a.errorResponse(w, r, model.NewErrNotImplemented("not permitted in plugin mode"))
|
||||
return
|
||||
}
|
||||
|
||||
if len(a.singleUserToken) > 0 {
|
||||
// Not permitted in single-user mode
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("not permitted in single-user mode"))
|
||||
return
|
||||
}
|
||||
|
||||
requestBody, err := ioutil.ReadAll(r.Body)
|
||||
requestBody, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
var registerData model.RegisterRequest
|
||||
err = json.Unmarshal(requestBody, ®isterData)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
registerData.Email = strings.TrimSpace(registerData.Email)
|
||||
@ -218,29 +206,29 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||
if len(registerData.Token) > 0 {
|
||||
team, err2 := a.app.GetRootTeam()
|
||||
if err2 != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err2)
|
||||
a.errorResponse(w, r, err2)
|
||||
return
|
||||
}
|
||||
|
||||
if registerData.Token != team.SignupToken {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "invalid token", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("invalid token"))
|
||||
return
|
||||
}
|
||||
} else {
|
||||
// No signup token, check if no active users
|
||||
userCount, err2 := a.app.GetRegisteredUserCount()
|
||||
if err2 != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err2)
|
||||
a.errorResponse(w, r, err2)
|
||||
return
|
||||
}
|
||||
if userCount > 0 {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "no sign-up token and user(s) already exist", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("no sign-up token and user(s) already exist"))
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if err = registerData.IsValid(); err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusBadRequest, err.Error(), err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
@ -250,7 +238,7 @@ func (a *API) handleRegister(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
err = a.app.RegisterUser(registerData.Username, registerData.Email, registerData.Password)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusBadRequest, err.Error(), err)
|
||||
a.errorResponse(w, r, model.NewErrBadRequest(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
@ -292,37 +280,33 @@ func (a *API) handleChangePassword(w http.ResponseWriter, r *http.Request) {
|
||||
// schema:
|
||||
// "$ref": "#/definitions/ErrorResponse"
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "not permitted in plugin mode", nil)
|
||||
}
|
||||
|
||||
if a.MattermostAuth {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusNotImplemented, "", nil)
|
||||
a.errorResponse(w, r, model.NewErrNotImplemented("not permitted in plugin mode"))
|
||||
return
|
||||
}
|
||||
|
||||
if len(a.singleUserToken) > 0 {
|
||||
// Not permitted in single-user mode
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not permitted in single-user mode", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("not permitted in single-user mode"))
|
||||
return
|
||||
}
|
||||
|
||||
vars := mux.Vars(r)
|
||||
userID := vars["userID"]
|
||||
|
||||
requestBody, err := ioutil.ReadAll(r.Body)
|
||||
requestBody, err := io.ReadAll(r.Body)
|
||||
if err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
var requestData model.ChangePasswordRequest
|
||||
if err = json.Unmarshal(requestBody, &requestData); err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusInternalServerError, "", err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
if err = requestData.IsValid(); err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusBadRequest, err.Error(), err)
|
||||
a.errorResponse(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
@ -330,7 +314,7 @@ func (a *API) handleChangePassword(w http.ResponseWriter, r *http.Request) {
|
||||
defer a.audit.LogRecord(audit.LevelAuth, auditRec)
|
||||
|
||||
if err = a.app.ChangePassword(userID, requestData.OldPassword, requestData.NewPassword); err != nil {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusBadRequest, err.Error(), err)
|
||||
a.errorResponse(w, r, model.NewErrBadRequest(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
@ -349,7 +333,7 @@ func (a *API) attachSession(handler func(w http.ResponseWriter, r *http.Request)
|
||||
a.logger.Debug(`attachSession`, mlog.Bool("single_user", len(a.singleUserToken) > 0))
|
||||
if len(a.singleUserToken) > 0 {
|
||||
if required && (token != a.singleUserToken) {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "invalid single user token", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("invalid single user token"))
|
||||
return
|
||||
}
|
||||
|
||||
@ -389,7 +373,7 @@ func (a *API) attachSession(handler func(w http.ResponseWriter, r *http.Request)
|
||||
session, err := a.app.GetSession(token)
|
||||
if err != nil {
|
||||
if required {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "", err)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
@ -404,7 +388,7 @@ func (a *API) attachSession(handler func(w http.ResponseWriter, r *http.Request)
|
||||
mlog.String("want", a.authService),
|
||||
mlog.String("got", authService),
|
||||
)
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "", err)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
@ -418,7 +402,7 @@ func (a *API) adminRequired(handler func(w http.ResponseWriter, r *http.Request)
|
||||
// Currently, admin APIs require local unix connections
|
||||
conn := GetContextConn(r)
|
||||
if _, isUnix := conn.(*net.UnixConn); !isUnix {
|
||||
a.errorResponse(w, r.URL.Path, http.StatusUnauthorized, "not a local unix connection", nil)
|
||||
a.errorResponse(w, r, model.NewErrUnauthorized("not a local unix connection"))
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user