mirror of
https://github.com/miniflux/v2.git
synced 2025-09-15 18:57:04 +00:00
Refactor user validation
Validate each user field for creation/modification via API and web UI
This commit is contained in:
parent
291bf96d15
commit
e45cc2d2aa
40 changed files with 567 additions and 400 deletions
|
@ -54,10 +54,6 @@ func (s *SettingsForm) Validate() error {
|
|||
return errors.NewLocalizedError("error.settings_mandatory_fields")
|
||||
}
|
||||
|
||||
if s.EntriesPerPage < 1 {
|
||||
return errors.NewLocalizedError("error.entries_per_page_invalid")
|
||||
}
|
||||
|
||||
if s.Confirmation == "" {
|
||||
// Firefox insists on auto-completing the password field.
|
||||
// If the confirmation field is blank, the user probably
|
||||
|
@ -67,10 +63,6 @@ func (s *SettingsForm) Validate() error {
|
|||
if s.Password != s.Confirmation {
|
||||
return errors.NewLocalizedError("error.different_passwords")
|
||||
}
|
||||
|
||||
if len(s.Password) < 6 {
|
||||
return errors.NewLocalizedError("error.password_min_length")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
|
|
|
@ -61,21 +61,3 @@ func TestConfirmationIncorrect(t *testing.T) {
|
|||
t.Error("Validate should return an error")
|
||||
}
|
||||
}
|
||||
|
||||
func TestEntriesPerPageNotValid(t *testing.T) {
|
||||
settings := &SettingsForm{
|
||||
Username: "user",
|
||||
Password: "hunter2",
|
||||
Confirmation: "hunter2",
|
||||
Theme: "default",
|
||||
Language: "en_US",
|
||||
Timezone: "UTC",
|
||||
EntryDirection: "asc",
|
||||
EntriesPerPage: 0,
|
||||
}
|
||||
|
||||
err := settings.Validate()
|
||||
if err == nil {
|
||||
t.Error("Validate should return an error")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -29,10 +29,6 @@ func (u UserForm) ValidateCreation() error {
|
|||
return errors.NewLocalizedError("error.different_passwords")
|
||||
}
|
||||
|
||||
if len(u.Password) < 6 {
|
||||
return errors.NewLocalizedError("error.password_min_length")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -55,15 +51,6 @@ func (u UserForm) ValidateModification() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// ToUser returns a User from the form values.
|
||||
func (u UserForm) ToUser() *model.User {
|
||||
return &model.User{
|
||||
Username: u.Username,
|
||||
Password: u.Password,
|
||||
IsAdmin: u.IsAdmin,
|
||||
}
|
||||
}
|
||||
|
||||
// Merge updates the fields of the given user.
|
||||
func (u UserForm) Merge(user *model.User) *model.User {
|
||||
user.Username = u.Username
|
||||
|
|
|
@ -177,10 +177,8 @@ func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
|
|||
return
|
||||
}
|
||||
|
||||
sess := session.New(m.store, request.SessionID(r))
|
||||
clientIP := request.ClientIP(r)
|
||||
|
||||
logger.Info("[AuthProxy] Successful auth for %s", username)
|
||||
logger.Info("[AuthProxy] [ClientIP=%s] Received authenticated requested for %q", clientIP, username)
|
||||
|
||||
user, err := m.store.UserByUsername(username)
|
||||
if err != nil {
|
||||
|
@ -189,16 +187,14 @@ func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
|
|||
}
|
||||
|
||||
if user == nil {
|
||||
logger.Error("[AuthProxy] [ClientIP=%s] %q doesn't exist", clientIP, username)
|
||||
|
||||
if !config.Opts.IsAuthProxyUserCreationAllowed() {
|
||||
html.Forbidden(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
user = model.NewUser()
|
||||
user.Username = username
|
||||
user.IsAdmin = false
|
||||
|
||||
if err := m.store.CreateUser(user); err != nil {
|
||||
if user, err = m.store.CreateUser(&model.UserCreationRequest{Username: username}); err != nil {
|
||||
html.ServerError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
@ -210,9 +206,11 @@ func (m *middleware) handleAuthProxy(next http.Handler) http.Handler {
|
|||
return
|
||||
}
|
||||
|
||||
logger.Info("[AuthProxy] username=%s just logged in", user.Username)
|
||||
logger.Info("[AuthProxy] [ClientIP=%s] username=%s just logged in", clientIP, user.Username)
|
||||
|
||||
m.store.SetLastLogin(user.ID)
|
||||
|
||||
sess := session.New(m.store, request.SessionID(r))
|
||||
sess.SetLanguage(user.Language)
|
||||
sess.SetTheme(user.Theme)
|
||||
|
||||
|
|
|
@ -103,12 +103,11 @@ func (h *handler) oauth2Callback(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
user = model.NewUser()
|
||||
user.Username = profile.Username
|
||||
user.IsAdmin = false
|
||||
authProvider.PopulateUserWithProfileID(user, profile)
|
||||
userCreationRequest := &model.UserCreationRequest{Username: profile.Username}
|
||||
authProvider.PopulateUserCreationWithProfileID(userCreationRequest, profile)
|
||||
|
||||
if err := h.store.CreateUser(user); err != nil {
|
||||
user, err = h.store.CreateUser(userCreationRequest)
|
||||
if err != nil {
|
||||
html.ServerError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@ import (
|
|||
"miniflux.app/ui/form"
|
||||
"miniflux.app/ui/session"
|
||||
"miniflux.app/ui/view"
|
||||
"miniflux.app/validator"
|
||||
)
|
||||
|
||||
func (h *handler) updateSettings(w http.ResponseWriter, r *http.Request) {
|
||||
|
@ -51,8 +52,18 @@ func (h *handler) updateSettings(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if h.store.AnotherUserExists(loggedUser.ID, settingsForm.Username) {
|
||||
view.Set("errorMessage", "error.user_already_exists")
|
||||
userModificationRequest := &model.UserModificationRequest{
|
||||
Username: model.OptionalString(settingsForm.Username),
|
||||
Password: model.OptionalString(settingsForm.Password),
|
||||
Theme: model.OptionalString(settingsForm.Theme),
|
||||
Language: model.OptionalString(settingsForm.Language),
|
||||
Timezone: model.OptionalString(settingsForm.Timezone),
|
||||
EntryDirection: model.OptionalString(settingsForm.EntryDirection),
|
||||
EntriesPerPage: model.OptionalInt(settingsForm.EntriesPerPage),
|
||||
}
|
||||
|
||||
if validationErr := validator.ValidateUserModification(h.store, loggedUser.ID, userModificationRequest); validationErr != nil {
|
||||
view.Set("errorMessage", validationErr.TranslationKey)
|
||||
html.OK(w, r, view.Render("settings"))
|
||||
return
|
||||
}
|
||||
|
|
|
@ -54,9 +54,9 @@ func (h *handler) showWebManifest(w http.ResponseWriter, r *http.Request) {
|
|||
ThemeColor: themeColor,
|
||||
BackgroundColor: themeColor,
|
||||
Icons: []webManifestIcon{
|
||||
webManifestIcon{Source: route.Path(h.router, "appIcon", "filename", "icon-120.png"), Sizes: "120x120", Type: "image/png"},
|
||||
webManifestIcon{Source: route.Path(h.router, "appIcon", "filename", "icon-192.png"), Sizes: "192x192", Type: "image/png"},
|
||||
webManifestIcon{Source: route.Path(h.router, "appIcon", "filename", "icon-512.png"), Sizes: "512x512", Type: "image/png"},
|
||||
{Source: route.Path(h.router, "appIcon", "filename", "icon-120.png"), Sizes: "120x120", Type: "image/png"},
|
||||
{Source: route.Path(h.router, "appIcon", "filename", "icon-192.png"), Sizes: "192x192", Type: "image/png"},
|
||||
{Source: route.Path(h.router, "appIcon", "filename", "icon-512.png"), Sizes: "512x512", Type: "image/png"},
|
||||
},
|
||||
ShareTarget: webManifestShareTarget{
|
||||
Action: route.Path(h.router, "bookmarklet"),
|
||||
|
|
|
@ -11,9 +11,11 @@ import (
|
|||
"miniflux.app/http/response/html"
|
||||
"miniflux.app/http/route"
|
||||
"miniflux.app/logger"
|
||||
"miniflux.app/model"
|
||||
"miniflux.app/ui/form"
|
||||
"miniflux.app/ui/session"
|
||||
"miniflux.app/ui/view"
|
||||
"miniflux.app/validator"
|
||||
)
|
||||
|
||||
func (h *handler) saveUser(w http.ResponseWriter, r *http.Request) {
|
||||
|
@ -50,8 +52,19 @@ func (h *handler) saveUser(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
newUser := userForm.ToUser()
|
||||
if err := h.store.CreateUser(newUser); err != nil {
|
||||
userCreationRequest := &model.UserCreationRequest{
|
||||
Username: userForm.Username,
|
||||
Password: userForm.Password,
|
||||
IsAdmin: userForm.IsAdmin,
|
||||
}
|
||||
|
||||
if validationErr := validator.ValidateUserCreationWithPassword(h.store, userCreationRequest); validationErr != nil {
|
||||
view.Set("errorMessage", validationErr.TranslationKey)
|
||||
html.OK(w, r, view.Render("create_user"))
|
||||
return
|
||||
}
|
||||
|
||||
if _, err := h.store.CreateUser(userCreationRequest); err != nil {
|
||||
logger.Error("[UI:SaveUser] %v", err)
|
||||
view.Set("errorMessage", "error.unable_to_create_user")
|
||||
html.OK(w, r, view.Render("create_user"))
|
||||
|
|
|
@ -17,13 +17,13 @@ import (
|
|||
)
|
||||
|
||||
func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
|
||||
user, err := h.store.UserByID(request.UserID(r))
|
||||
loggedUser, err := h.store.UserByID(request.UserID(r))
|
||||
if err != nil {
|
||||
html.ServerError(w, r, err)
|
||||
return
|
||||
}
|
||||
|
||||
if !user.IsAdmin {
|
||||
if !loggedUser.IsAdmin {
|
||||
html.Forbidden(w, r)
|
||||
return
|
||||
}
|
||||
|
@ -45,9 +45,9 @@ func (h *handler) updateUser(w http.ResponseWriter, r *http.Request) {
|
|||
sess := session.New(h.store, request.SessionID(r))
|
||||
view := view.New(h.tpl, r, sess)
|
||||
view.Set("menu", "settings")
|
||||
view.Set("user", user)
|
||||
view.Set("countUnread", h.store.CountUnreadEntries(user.ID))
|
||||
view.Set("countErrorFeeds", h.store.CountUserFeedsWithErrors(user.ID))
|
||||
view.Set("user", loggedUser)
|
||||
view.Set("countUnread", h.store.CountUnreadEntries(loggedUser.ID))
|
||||
view.Set("countErrorFeeds", h.store.CountUserFeedsWithErrors(loggedUser.ID))
|
||||
view.Set("selected_user", selectedUser)
|
||||
view.Set("form", userForm)
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue