diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-04-19 15:38:35 -0400 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2017-04-19 15:38:35 -0400 |
commit | 0b919a324adeebd2f4ef6f250188752176ffe63f (patch) | |
tree | 367a07677e658518506064d7cb4107516e5e9711 | |
parent | bc906abd6672efbe9b755a4edd5dbc5f7a39761f (diff) | |
download | chat-0b919a324adeebd2f4ef6f250188752176ffe63f.tar.gz chat-0b919a324adeebd2f4ef6f250188752176ffe63f.tar.bz2 chat-0b919a324adeebd2f4ef6f250188752176ffe63f.zip |
Don't sanitize returned user when updating a user (#6095)
* Don't sanitize returned user when updating a user
* Use user model function for clearing private data
-rw-r--r-- | api4/user_test.go | 5 | ||||
-rw-r--r-- | app/user.go | 12 | ||||
-rw-r--r-- | model/user.go | 22 | ||||
-rw-r--r-- | store/sql_user_store.go | 51 |
4 files changed, 36 insertions, 54 deletions
diff --git a/api4/user_test.go b/api4/user_test.go index d044cee9b..9a360c7e4 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -739,6 +739,8 @@ func TestPatchUser(t *testing.T) { patch.LastName = new(string) *patch.LastName = "Wilander" patch.Position = new(string) + patch.NotifyProps = model.StringMap{} + patch.NotifyProps["comment"] = "somethingrandom" ruser, resp := Client.PatchUser(user.Id, patch) CheckNoError(t, resp) @@ -759,6 +761,9 @@ func TestPatchUser(t *testing.T) { if ruser.Username != user.Username { t.Fatal("Username should not have updated") } + if ruser.NotifyProps["comment"] != "somethingrandom" { + t.Fatal("NotifyProps did not update properly") + } _, resp = Client.PatchUser("junk", patch) CheckBadRequestStatus(t, resp) diff --git a/app/user.go b/app/user.go index e339dfd5b..827ad18f9 100644 --- a/app/user.go +++ b/app/user.go @@ -942,9 +942,7 @@ func UpdateUserAsUser(user *model.User, asAdmin bool) (*model.User, *model.AppEr return nil, err } - SanitizeProfile(updatedUser, asAdmin) - - sendUpdatedUserEvent(updatedUser) + sendUpdatedUserEvent(*updatedUser, asAdmin) return updatedUser, nil } @@ -962,14 +960,14 @@ func PatchUser(userId string, patch *model.UserPatch, asAdmin bool) (*model.User return nil, err } - SanitizeProfile(updatedUser, asAdmin) - - sendUpdatedUserEvent(updatedUser) + sendUpdatedUserEvent(*updatedUser, asAdmin) return updatedUser, nil } -func sendUpdatedUserEvent(user *model.User) { +func sendUpdatedUserEvent(user model.User, asAdmin bool) { + SanitizeProfile(&user, asAdmin) + omitUsers := make(map[string]bool, 1) omitUsers[user.Id] = true message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", omitUsers) diff --git a/model/user.go b/model/user.go index 7cb3d0b70..1c390a121 100644 --- a/model/user.go +++ b/model/user.go @@ -67,15 +67,15 @@ type User struct { } type UserPatch struct { - Username *string `json:"username"` - Nickname *string `json:"nickname"` - FirstName *string `json:"first_name"` - LastName *string `json:"last_name"` - Position *string `json:"position"` - Email *string `json:"email"` - Props *StringMap `json:"props,omitempty"` - NotifyProps *StringMap `json:"notify_props,omitempty"` - Locale *string `json:"locale"` + Username *string `json:"username"` + Nickname *string `json:"nickname"` + FirstName *string `json:"first_name"` + LastName *string `json:"last_name"` + Position *string `json:"position"` + Email *string `json:"email"` + Props StringMap `json:"props,omitempty"` + NotifyProps StringMap `json:"notify_props,omitempty"` + Locale *string `json:"locale"` } // IsValid validates the user and returns an error if it isn't configured @@ -267,11 +267,11 @@ func (u *User) Patch(patch *UserPatch) { } if patch.Props != nil { - u.Props = *patch.Props + u.Props = patch.Props } if patch.NotifyProps != nil { - u.NotifyProps = *patch.NotifyProps + u.NotifyProps = patch.NotifyProps } if patch.Locale != nil { diff --git a/store/sql_user_store.go b/store/sql_user_store.go index 91c27cf3e..8bd16f696 100644 --- a/store/sql_user_store.go +++ b/store/sql_user_store.go @@ -192,6 +192,8 @@ func (us SqlUserStore) Update(user *model.User, trustedUpdateData bool) StoreCha } else if count != 1 { result.Err = model.NewLocAppError("SqlUserStore.Update", "store.sql_user.update.app_error", nil, fmt.Sprintf("user_id=%v, count=%v", user.Id, count)) } else { + user.Sanitize(map[string]bool{}) + oldUser.Sanitize(map[string]bool{}) result.Data = [2]*model.User{user, oldUser} } } @@ -458,9 +460,7 @@ func (us SqlUserStore) GetAllProfiles(offset int, limit int) StoreChannel { } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users @@ -507,9 +507,7 @@ func (us SqlUserStore) GetProfiles(teamId string, offset int, limit int) StoreCh } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users @@ -555,9 +553,7 @@ func (us SqlUserStore) GetProfilesInChannel(channelId string, offset int, limit } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users @@ -609,9 +605,7 @@ func (us SqlUserStore) GetAllProfilesInChannel(channelId string, allowFromCache userMap := make(map[string]*model.User) for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) userMap[u.Id] = u } @@ -657,9 +651,7 @@ func (us SqlUserStore) GetProfilesNotInChannel(teamId string, channelId string, } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users @@ -705,9 +697,7 @@ func (us SqlUserStore) GetProfilesWithoutTeam(offset int, limit int) StoreChanne } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users @@ -748,9 +738,7 @@ func (us SqlUserStore) GetProfilesByUsernames(usernames []string, teamId string) userMap := make(map[string]*model.User) for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) userMap[u.Id] = u } @@ -796,9 +784,7 @@ func (us SqlUserStore) GetRecentlyActiveUsersForTeam(teamId string) StoreChannel for _, userWithLastActivityAt := range users { u := userWithLastActivityAt.User - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) u.LastActivityAt = userWithLastActivityAt.LastActivityAt userMap[u.Id] = &u } @@ -868,9 +854,8 @@ func (us SqlUserStore) GetProfileByIds(userIds []string, allowFromCache bool) St } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) + profileByIdsCache.AddWithExpiresInSecs(u.Id, u, PROFILE_BY_IDS_CACHE_SEC) } @@ -900,9 +885,7 @@ func (us SqlUserStore) GetSystemAdminProfiles() StoreChannel { userMap := make(map[string]*model.User) for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) userMap[u.Id] = u } @@ -1485,9 +1468,7 @@ func (us SqlUserStore) performSearch(searchQuery string, term string, options ma result.Err = model.NewLocAppError("SqlUserStore.Search", "store.sql_user.search.app_error", nil, "term="+term+", "+"search_type="+searchType+", "+err.Error()) } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users @@ -1560,9 +1541,7 @@ func (us SqlUserStore) GetProfilesNotInTeam(teamId string, offset int, limit int } else { for _, u := range users { - u.Password = "" - u.AuthData = new(string) - *u.AuthData = "" + u.Sanitize(map[string]bool{}) } result.Data = users |