1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-09-15 18:57:04 +00:00

Refactor user validation

Validate each user field for creation/modification via API and web UI
This commit is contained in:
Frédéric Guillot 2021-01-03 21:20:21 -08:00 committed by fguillot
parent 291bf96d15
commit e45cc2d2aa
40 changed files with 567 additions and 400 deletions

View file

@ -54,10 +54,6 @@ func (s *SettingsForm) Validate() error {
return errors.NewLocalizedError("error.settings_mandatory_fields")
}
if s.EntriesPerPage < 1 {
return errors.NewLocalizedError("error.entries_per_page_invalid")
}
if s.Confirmation == "" {
// Firefox insists on auto-completing the password field.
// If the confirmation field is blank, the user probably
@ -67,10 +63,6 @@ func (s *SettingsForm) Validate() error {
if s.Password != s.Confirmation {
return errors.NewLocalizedError("error.different_passwords")
}
if len(s.Password) < 6 {
return errors.NewLocalizedError("error.password_min_length")
}
}
return nil

View file

@ -61,21 +61,3 @@ func TestConfirmationIncorrect(t *testing.T) {
t.Error("Validate should return an error")
}
}
func TestEntriesPerPageNotValid(t *testing.T) {
settings := &SettingsForm{
Username: "user",
Password: "hunter2",
Confirmation: "hunter2",
Theme: "default",
Language: "en_US",
Timezone: "UTC",
EntryDirection: "asc",
EntriesPerPage: 0,
}
err := settings.Validate()
if err == nil {
t.Error("Validate should return an error")
}
}

View file

@ -29,10 +29,6 @@ func (u UserForm) ValidateCreation() error {
return errors.NewLocalizedError("error.different_passwords")
}
if len(u.Password) < 6 {
return errors.NewLocalizedError("error.password_min_length")
}
return nil
}
@ -55,15 +51,6 @@ func (u UserForm) ValidateModification() error {
return nil
}
// ToUser returns a User from the form values.
func (u UserForm) ToUser() *model.User {
return &model.User{
Username: u.Username,
Password: u.Password,
IsAdmin: u.IsAdmin,
}
}
// Merge updates the fields of the given user.
func (u UserForm) Merge(user *model.User) *model.User {
user.Username = u.Username

View file

@ -177,10 +177,8 @@ func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
return
}
sess := session.New(m.store, request.SessionID(r))
clientIP := request.ClientIP(r)
logger.Info("[AuthProxy] Successful auth for %s", username)
logger.Info("[AuthProxy] [ClientIP=%s] Received authenticated requested for %q", clientIP, username)
user, err := m.store.UserByUsername(username)
if err != nil {
@ -189,16 +187,14 @@ func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
}
if user == nil {
logger.Error("[AuthProxy] [ClientIP=%s] %q doesn't exist", clientIP, username)
if !config.Opts.IsAuthProxyUserCreationAllowed() {
html.Forbidden(w, r)
return
}
user = model.NewUser()
user.Username = username
user.IsAdmin = false
if err := m.store.CreateUser(user); err != nil {
if user, err = m.store.CreateUser(&model.UserCreationRequest{Username: username}); err != nil {
html.ServerError(w, r, err)
return
}
@ -210,9 +206,11 @@ func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
return
}
logger.Info("[AuthProxy] username=%s just logged in", user.Username)
logger.Info("[AuthProxy] [ClientIP=%s] username=%s just logged in", clientIP, user.Username)
m.store.SetLastLogin(user.ID)
sess := session.New(m.store, request.SessionID(r))
sess.SetLanguage(user.Language)
sess.SetTheme(user.Theme)

View file

@ -103,12 +103,11 @@ func (h *handler) oauth2Callback(w http.ResponseWriter, r *http.Request) {
return
}
user = model.NewUser()
user.Username = profile.Username
user.IsAdmin = false
authProvider.PopulateUserWithProfileID(user, profile)
userCreationRequest := &model.UserCreationRequest{Username: profile.Username}
authProvider.PopulateUserCreationWithProfileID(userCreationRequest, profile)
if err := h.store.CreateUser(user); err != nil {
user, err = h.store.CreateUser(userCreationRequest)
if err != nil {
html.ServerError(w, r, err)
return
}

View file

@ -16,6 +16,7 @@ import (
"miniflux.app/ui/form"
"miniflux.app/ui/session"
"miniflux.app/ui/view"
"miniflux.app/validator"
)
func (h *handler) updateSettings(w http.ResponseWriter, r *http.Request) {
@ -51,8 +52,18 @@ func (h *handler) updateSettings(w http.ResponseWriter, r *http.Request) {
return
}
if h.store.AnotherUserExists(loggedUser.ID, settingsForm.Username) {
view.Set("errorMessage", "error.user_already_exists")
userModificationRequest := &model.UserModificationRequest{
Username: model.OptionalString(settingsForm.Username),
Password: model.OptionalString(settingsForm.Password),
Theme: model.OptionalString(settingsForm.Theme),
Language: model.OptionalString(settingsForm.Language),
Timezone: model.OptionalString(settingsForm.Timezone),
EntryDirection: model.OptionalString(settingsForm.EntryDirection),
EntriesPerPage: model.OptionalInt(settingsForm.EntriesPerPage),
}
if validationErr := validator.ValidateUserModification(h.store, loggedUser.ID, userModificationRequest); validationErr != nil {
view.Set("errorMessage", validationErr.TranslationKey)
html.OK(w, r, view.Render("settings"))
return
}

View file

@ -54,9 +54,9 @@ func (h *handler) showWebManifest(w http.ResponseWriter, r *http.Request) {
ThemeColor: themeColor,
BackgroundColor: themeColor,
Icons: []webManifestIcon{
webManifestIcon{Source: route.Path(h.router, "appIcon", "filename", "icon-120.png"), Sizes: "120x120", Type: "image/png"},
webManifestIcon{Source: route.Path(h.router, "appIcon", "filename", "icon-192.png"), Sizes: "192x192", Type: "image/png"},
webManifestIcon{Source: route.Path(h.router, "appIcon", "filename", "icon-512.png"), Sizes: "512x512", Type: "image/png"},
{Source: route.Path(h.router, "appIcon", "filename", "icon-120.png"), Sizes: "120x120", Type: "image/png"},
{Source: route.Path(h.router, "appIcon", "filename", "icon-192.png"), Sizes: "192x192", Type: "image/png"},
{Source: route.Path(h.router, "appIcon", "filename", "icon-512.png"), Sizes: "512x512", Type: "image/png"},
},
ShareTarget: webManifestShareTarget{
Action: route.Path(h.router, "bookmarklet"),

View file

@ -11,9 +11,11 @@ import (
"miniflux.app/http/response/html"
"miniflux.app/http/route"
"miniflux.app/logger"
"miniflux.app/model"
"miniflux.app/ui/form"
"miniflux.app/ui/session"
"miniflux.app/ui/view"
"miniflux.app/validator"
)
func (h *handler) saveUser(w http.ResponseWriter, r *http.Request) {
@ -50,8 +52,19 @@ func (h *handler) saveUser(w http.ResponseWriter, r *http.Request) {
return
}
newUser := userForm.ToUser()
if err := h.store.CreateUser(newUser); err != nil {
userCreationRequest := &model.UserCreationRequest{
Username: userForm.Username,
Password: userForm.Password,
IsAdmin: userForm.IsAdmin,
}
if validationErr := validator.ValidateUserCreationWithPassword(h.store, userCreationRequest); validationErr != nil {
view.Set("errorMessage", validationErr.TranslationKey)
html.OK(w, r, view.Render("create_user"))
return
}
if _, err := h.store.CreateUser(userCreationRequest); err != nil {
logger.Error("[UI:SaveUser] %v", err)
view.Set("errorMessage", "error.unable_to_create_user")
html.OK(w, r, view.Render("create_user"))

View file

@ -17,13 +17,13 @@ import (
)
func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
user, err := h.store.UserByID(request.UserID(r))
loggedUser, err := h.store.UserByID(request.UserID(r))
if err != nil {
html.ServerError(w, r, err)
return
}
if !user.IsAdmin {
if !loggedUser.IsAdmin {
html.Forbidden(w, r)
return
}
@ -45,9 +45,9 @@ func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
sess := session.New(h.store, request.SessionID(r))
view := view.New(h.tpl, r, sess)
view.Set("menu", "settings")
view.Set("user", user)
view.Set("countUnread", h.store.CountUnreadEntries(user.ID))
view.Set("countErrorFeeds", h.store.CountUserFeedsWithErrors(user.ID))
view.Set("user", loggedUser)
view.Set("countUnread", h.store.CountUnreadEntries(loggedUser.ID))
view.Set("countErrorFeeds", h.store.CountUserFeedsWithErrors(loggedUser.ID))
view.Set("selected_user", selectedUser)
view.Set("form", userForm)