Merge pull request #483 from writefreely/log-gone-user-out

Log user out when authenticated as deleted user
This commit is contained in:
Matt Baer 2022-11-14 23:45:33 -05:00 committed by GitHub
commit 29c898867a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 36 additions and 8 deletions

View file

@ -787,6 +787,9 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view articles: %v", err) log.Error("view articles: %v", err)
} }
d := struct { d := struct {
@ -822,7 +825,10 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
log.Error("view collections %v", err) if err == ErrUserNotFound {
return err
}
log.Error("view collections: %v", err)
return fmt.Errorf("view collections: %v", err) return fmt.Errorf("view collections: %v", err)
} }
d := struct { d := struct {
@ -861,6 +867,9 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view edit collection %v", err) log.Error("view edit collection %v", err)
return fmt.Errorf("view edit collection: %v", err) return fmt.Errorf("view edit collection: %v", err)
} }
@ -1038,6 +1047,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
silenced, err := app.db.IsUserSilenced(u.ID) silenced, err := app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view stats: %v", err) log.Error("view stats: %v", err)
return err return err
} }
@ -1071,6 +1083,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error { func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
fullUser, err := app.db.GetUserByID(u.ID) fullUser, err := app.db.GetUserByID(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("Unable to get user for settings: %s", err) log.Error("Unable to get user for settings: %s", err)
return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."} return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
} }

View file

@ -332,7 +332,7 @@ func (db *datastore) IsUserSilenced(id int64) (bool, error) {
err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status) err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return false, fmt.Errorf("is user silenced: %v", ErrUserNotFound) return false, ErrUserNotFound
case err != nil: case err != nil:
log.Error("Couldn't SELECT user status: %v", err) log.Error("Couldn't SELECT user status: %v", err)
return false, fmt.Errorf("is user silenced: %v", err) return false, fmt.Errorf("is user silenced: %v", err)

View file

@ -155,8 +155,14 @@ func (h *Handler) User(f userHandlerFunc) http.HandlerFunc {
err := f(h.app.App(), u, w, r) err := f(h.app.App(), u, w, r)
if err == nil { if err == nil {
status = http.StatusOK status = http.StatusOK
} else if err, ok := err.(impart.HTTPError); ok { } else if impErr, ok := err.(impart.HTTPError); ok {
status = err.Status status = impErr.Status
if impErr == ErrUserNotFound {
log.Info("Logged-in user not found. Logging out.")
sendRedirect(w, http.StatusFound, "/me/logout?to="+h.app.App().cfg.App.LandingPath())
// Reset err so handleHTTPError does nothing
err = nil
}
} else { } else {
status = http.StatusInternalServerError status = http.StatusInternalServerError
} }

View file

@ -78,6 +78,9 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
p.Silenced, err = app.db.IsUserSilenced(u.ID) p.Silenced, err = app.db.IsUserSilenced(u.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("view invites: %v", err) log.Error("view invites: %v", err)
} }

3
pad.go
View file

@ -55,6 +55,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
} }
appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID) appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
if err != nil { if err != nil {
if err == ErrUserNotFound {
return err
}
log.Error("Unable to get user status for Pad: %v", err) log.Error("Unable to get user status for Pad: %v", err)
} }
} }

View file

@ -130,12 +130,13 @@ func saveUserSession(app *App, r *http.Request, w http.ResponseWriter) error {
return err return err
} }
func getFullUserSession(app *App, r *http.Request) *User { func getFullUserSession(app *App, r *http.Request) (*User, error) {
u := getUserSession(app, r) u := getUserSession(app, r)
if u == nil { if u == nil {
return nil return nil, nil
} }
u, _ = app.db.GetUserByID(u.ID) var err error
return u u, err = app.db.GetUserByID(u.ID)
return u, err
} }