diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/admin_test.go | 3 | ||||
-rw-r--r-- | api/authentication.go | 6 | ||||
-rw-r--r-- | api/oauth.go | 7 | ||||
-rw-r--r-- | api/user.go | 15 | ||||
-rw-r--r-- | api/user_test.go | 6 |
5 files changed, 22 insertions, 15 deletions
diff --git a/api/admin_test.go b/api/admin_test.go index 933c3d59c..f3d3ec4ed 100644 --- a/api/admin_test.go +++ b/api/admin_test.go @@ -457,7 +457,8 @@ func TestAdminResetPassword(t *testing.T) { t.Fatal("Should have errored - password too short") } - user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"} + authData := model.NewId() + user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: &authData, AuthService: "random"} user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User) LinkUserToTeam(user2, team) store.Must(Srv.Store.User().VerifyEmail(user2.Id)) diff --git a/api/authentication.go b/api/authentication.go index 10ed578e1..9243947ad 100644 --- a/api/authentication.go +++ b/api/authentication.go @@ -39,17 +39,17 @@ func checkUserPassword(user *model.User, password string) *model.AppError { } } -func checkLdapUserPasswordAndAllCriteria(ldapId, password, mfaToken string) (*model.User, *model.AppError) { +func checkLdapUserPasswordAndAllCriteria(ldapId *string, password string, mfaToken string) (*model.User, *model.AppError) { ldapInterface := einterfaces.GetLdapInterface() - if ldapInterface == nil { + if ldapInterface == nil || ldapId == nil { err := model.NewLocAppError("doLdapAuthentication", "api.user.login_ldap.not_available.app_error", nil, "") err.StatusCode = http.StatusNotImplemented return nil, err } var user *model.User - if ldapUser, err := ldapInterface.DoLogin(ldapId, password); err != nil { + if ldapUser, err := ldapInterface.DoLogin(*ldapId, password); err != nil { err.StatusCode = http.StatusUnauthorized return nil, err } else { diff --git a/api/oauth.go b/api/oauth.go index 0375f4e6f..37ca5ce0a 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -600,8 +600,11 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request, return } else { ssoUser := provider.GetUserFromJson(userData) - authData = ssoUser.AuthData ssoEmail = ssoUser.Email + + if ssoUser.AuthData != nil { + authData = *ssoUser.AuthData + } } if len(authData) == 0 { @@ -628,7 +631,7 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request, return } - if result := <-Srv.Store.User().UpdateAuthData(user.Id, service, authData, ssoEmail); result.Err != nil { + if result := <-Srv.Store.User().UpdateAuthData(user.Id, service, &authData, ssoEmail); result.Err != nil { c.Err = result.Err return } diff --git a/api/user.go b/api/user.go index c53a643c7..4b9c3a3c8 100644 --- a/api/user.go +++ b/api/user.go @@ -535,7 +535,7 @@ func LoginByOAuth(c *Context, w http.ResponseWriter, r *http.Request, service st } var user *model.User - if result := <-Srv.Store.User().GetByAuth(authData, service); result.Err != nil { + if result := <-Srv.Store.User().GetByAuth(&authData, service); result.Err != nil { if result.Err.Id == store.MISSING_AUTH_ACCOUNT_ERROR { return CreateOAuthUser(c, w, r, service, bytes.NewReader(buf.Bytes()), "") } @@ -1289,7 +1289,8 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } rusers[0].Password = "" - rusers[0].AuthData = "" + rusers[0].AuthData = new(string) + *rusers[0].AuthData = "" w.Write([]byte(rusers[0].ToJson())) } } @@ -1337,7 +1338,7 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { user := result.Data.(*model.User) - if user.AuthData != "" { + if user.AuthData != nil && *user.AuthData != "" { c.LogAudit("failed - tried to update user password who was logged in through oauth") c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService) c.Err.StatusCode = http.StatusBadRequest @@ -1653,7 +1654,7 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) { user = result.Data.(*model.User) } - if len(user.AuthData) != 0 { + if user.AuthData != nil && len(*user.AuthData) != 0 { c.Err = model.NewLocAppError("sendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id) return } @@ -1749,7 +1750,7 @@ func ResetPassword(c *Context, userId, newPassword string) *model.AppError { user = result.Data.(*model.User) } - if len(user.AuthData) != 0 && !c.IsSystemAdmin() { + if user.AuthData != nil && len(*user.AuthData) != 0 && !c.IsSystemAdmin() { return model.NewLocAppError("ResetPassword", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id) } @@ -2148,13 +2149,13 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) { } ldapInterface := einterfaces.GetLdapInterface() - if ldapInterface == nil { + if ldapInterface == nil || user.AuthData == nil { c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } - if err := ldapInterface.CheckPassword(user.AuthData, ldapPassword); err != nil { + if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil { c.LogAuditWithUserId(user.Id, "fail - ldap authentication failed") c.Err = err return diff --git a/api/user_test.go b/api/user_test.go index 9dd57dc20..c34d32c11 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -1109,7 +1109,8 @@ func TestSendPasswordReset(t *testing.T) { t.Fatal("Should have errored - bad email") } - user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"} + authData := model.NewId() + user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: &authData, AuthService: "random"} user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User) LinkUserToTeam(user2, team) store.Must(Srv.Store.User().VerifyEmail(user2.Id)) @@ -1178,7 +1179,8 @@ func TestResetPassword(t *testing.T) { recovery = result.Data.(*model.PasswordRecovery) } - if result := <-Srv.Store.User().UpdateAuthData(user.Id, "random", "1", ""); result.Err != nil { + authData := model.NewId() + if result := <-Srv.Store.User().UpdateAuthData(user.Id, "random", &authData, ""); result.Err != nil { t.Fatal(result.Err) } |