mirror
/
writefreely
mirror of https://github.com/writeas/writefreely
2
0
Fork 0
Code Issues Releases Wiki Activity

Log user out when authenticated as deleted user

Browse Source 
Now when we check for the user at certain times and find that the user
doesn't exist in the database, we log them out and send them back to
the home page.
pull/483/head
Matt Baer 3 years ago
parent e983c4527f
commit 6b336e22aa
6 changed files with 36 additions and 8 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 17
      account.go
  2. 2
      database.go
  3. 10
      handle.go
  4. 3
      invites.go
  5. 3
      pad.go
  6. 9
      session.go

17
account.go
Unescape View File

@ -787,6 +787,9 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view articles: %v", err) log.Error("view articles: %v", err)
} }
d := struct { d := struct {
@ -822,7 +825,10 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
log.Error("view collections %v", err) if err == ErrUserNotFound {
return err
}
log.Error("view collections: %v", err)
return fmt.Errorf("view collections: %v", err) return fmt.Errorf("view collections: %v", err)
} }
d := struct { d := struct {
@ -861,6 +867,9 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view edit collection %v", err) log.Error("view edit collection %v", err)
return fmt.Errorf("view edit collection: %v", err) return fmt.Errorf("view edit collection: %v", err)
} }
@ -1037,6 +1046,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view stats: %v", err) log.Error("view stats: %v", err)
return err return err
} }
@ -1070,6 +1082,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error { func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
fullUser, err := app.db.GetUserByID(u.ID) fullUser, err := app.db.GetUserByID(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("Unable to get user for settings: %s", err) log.Error("Unable to get user for settings: %s", err)
return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."} return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
} }

2
database.go
Unescape View File

@ -332,7 +332,7 @@ func (db *datastore) IsUserSilenced(id int64) (bool, error) {
err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status) err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return false, fmt.Errorf("is user silenced: %v", ErrUserNotFound) return false, ErrUserNotFound
case err != nil: case err != nil:
log.Error("Couldn't SELECT user status: %v", err) log.Error("Couldn't SELECT user status: %v", err)
return false, fmt.Errorf("is user silenced: %v", err) return false, fmt.Errorf("is user silenced: %v", err)

10
handle.go
Unescape View File

@ -155,8 +155,14 @@ func (h *Handler) User(f userHandlerFunc) http.HandlerFunc {
err := f(h.app.App(), u, w, r) err := f(h.app.App(), u, w, r)
if err == nil { if err == nil {
status = http.StatusOK status = http.StatusOK
} else if err, ok := err.(impart.HTTPError); ok { } else if impErr, ok := err.(impart.HTTPError); ok {
status = err.Status status = impErr.Status
if impErr == ErrUserNotFound {
log.Info("Logged-in user not found. Logging out.")
sendRedirect(w, http.StatusFound, "/me/logout?to="+h.app.App().cfg.App.LandingPath())
// Reset err so handleHTTPError does nothing
err = nil
}
} else { } else {
status = http.StatusInternalServerError status = http.StatusInternalServerError
} }

3
invites.go
Unescape View File

@ -78,6 +78,9 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
p.Silenced, err = app.db.IsUserSilenced(u.ID) p.Silenced, err = app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view invites: %v", err) log.Error("view invites: %v", err)
} }

3
pad.go
Unescape View File

@ -55,6 +55,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
} }
appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID) appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("Unable to get user status for Pad: %v", err) log.Error("Unable to get user status for Pad: %v", err)
} }
} }

9
session.go
Unescape View File

@ -130,12 +130,13 @@ func saveUserSession(app *App, r *http.Request, w http.ResponseWriter) error {
return err return err
} }
func getFullUserSession(app *App, r *http.Request) *User { func getFullUserSession(app *App, r *http.Request) (*User, error) {
u := getUserSession(app, r) u := getUserSession(app, r)
if u == nil { if u == nil {
return nil return nil, nil
} }
u, _ = app.db.GetUserByID(u.ID) var err error
return u u, err = app.db.GetUserByID(u.ID)
return u, err
} }

Write Preview
Loading…
Cancel
Save