Fix ambiguity between user_id and model_id in user token

This commit is contained in:
Andrea Fazzi 2020-02-03 14:13:01 +01:00
parent 09548326e8
commit b9e6c5dbe1
14 changed files with 29 additions and 23 deletions

2
dist/main.bundle.js vendored

File diff suppressed because one or more lines are too long

2
dist/styles.css vendored
View file

@ -4,7 +4,7 @@ html {
body { body {
padding-top: 60px; padding-top: 60px;
position: relative; /*position: relative;*/
} }
div.login { div.login {

View file

@ -473,7 +473,7 @@ func DefaultHomeHandler() http.Handler {
r, r,
fmt.Sprintf( fmt.Sprintf(
"/participants/%s?format=html&tpl_layout=base&tpl_content=participants_show", "/participants/%s?format=html&tpl_layout=base&tpl_content=participants_show",
claims["user_id"].(string)), claims["model_id"].(string)),
http.StatusSeeOther, http.StatusSeeOther,
) )
@ -483,7 +483,7 @@ func DefaultHomeHandler() http.Handler {
r, r,
fmt.Sprintf( fmt.Sprintf(
"/schools/%s?format=html&tpl_layout=base&tpl_content=schools_show", "/schools/%s?format=html&tpl_layout=base&tpl_content=schools_show",
claims["user_id"].(string)), claims["model_id"].(string)),
http.StatusSeeOther, http.StatusSeeOther,
) )

View file

@ -16,6 +16,7 @@ type UserToken struct {
Username string Username string
Admin bool Admin bool
Role string Role string
ModelID string
UserID string UserID string
} }
@ -68,13 +69,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
// Check if user is the administrator // Check if user is the administrator
if username == db.Config.Admin.Username && password == db.Config.Admin.Password { if username == db.Config.Admin.Username && password == db.Config.Admin.Password {
return &UserToken{username, true, "administrator", "0"}, nil return &UserToken{username, true, "administrator", "0", "0"}, nil
} }
// Check if user is a subscriber // Check if user is a subscriber
if password == db.Config.Subscriber.Password { if password == db.Config.Subscriber.Password {
return &UserToken{"subscriber", false, "subscriber", "0"}, nil return &UserToken{"subscriber", false, "subscriber", "0", "0"}, nil
} }
var token *UserToken var token *UserToken
@ -89,13 +90,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
if err := db.DB().First(&participant, &orm.Participant{UserID: user.ID}).Error; err != nil { if err := db.DB().First(&participant, &orm.Participant{UserID: user.ID}).Error; err != nil {
return nil, errors.New("Authentication failed!") return nil, errors.New("Authentication failed!")
} }
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID))} token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID)), strconv.Itoa(int(user.ID))}
case "school": case "school":
var school orm.School var school orm.School
if err := db.DB().First(&school, &orm.School{UserID: user.ID}).Error; err != nil { if err := db.DB().First(&school, &orm.School{UserID: user.ID}).Error; err != nil {
return nil, errors.New("Authentication failed!") return nil, errors.New("Authentication failed!")
} }
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID))} token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID)), strconv.Itoa(int(user.ID))}
} }
return token, nil return token, nil
@ -113,6 +114,7 @@ func getToken(db *orm.Database, username string, password string, signingKey []b
claims["admin"] = user.Admin claims["admin"] = user.Admin
claims["username"] = user.Username claims["username"] = user.Username
claims["role"] = user.Role claims["role"] = user.Role
claims["model_id"] = user.ModelID
claims["user_id"] = user.UserID claims["user_id"] = user.UserID
claims["exp"] = time.Now().Add(time.Hour * 24).Unix() claims["exp"] = time.Now().Add(time.Hour * 24).Unix()

View file

@ -467,7 +467,7 @@ func CreateParticipant(db *Database, participant *Participant) (*Participant, er
func SaveParticipant(db *Database, participant interface{}) (interface{}, error) { func SaveParticipant(db *Database, participant interface{}) (interface{}, error) {
participant.(*Participant).FiscalCode = strings.ToUpper(participant.(*Participant).FiscalCode) participant.(*Participant).FiscalCode = strings.ToUpper(participant.(*Participant).FiscalCode)
if err := db._db.Omit("Category", "School").Save(participant).Error; err != nil { if err := db._db.Omit("Category", "School", "Creator", "Updater").Save(participant).Error; err != nil {
return nil, err return nil, err
} }
return participant, nil return participant, nil

View file

@ -275,7 +275,7 @@ func CreateResponse(db *Database, response *Response) (*Response, error) {
} }
func SaveResponse(db *Database, response interface{}) (interface{}, error) { func SaveResponse(db *Database, response interface{}) (interface{}, error) {
if err := db._db. /*.Omit("Something")*/ Save(response).Error; err != nil { if err := db._db.Omit("Creator", "Updater").Save(response).Error; err != nil {
return nil, err return nil, err
} }
return response, nil return response, nil

View file

@ -42,6 +42,10 @@ func getUserIDFromToken(r *http.Request) string {
return getClaims(r)["user_id"].(string) return getClaims(r)["user_id"].(string)
} }
func getModelIDFromToken(r *http.Request) string {
return getClaims(r)["model_id"].(string)
}
func getUserIDFromTokenAsUint(r *http.Request) uint { func getUserIDFromTokenAsUint(r *http.Request) uint {
id, _ := strconv.Atoi(getUserIDFromToken(r)) id, _ := strconv.Atoi(getUserIDFromToken(r))
return uint(id) return uint(id)

View file

@ -306,7 +306,7 @@ func CreateSchool(db *Database, school *School) (*School, error) {
} }
func SaveSchool(db *Database, school interface{}) (interface{}, error) { func SaveSchool(db *Database, school interface{}) (interface{}, error) {
if err := db._db.Omit("Region").Save(school).Error; err != nil { if err := db._db.Omit("Region", "Creator", "Updater").Save(school).Error; err != nil {
return nil, err return nil, err
} }
return school, nil return school, nil

View file

@ -1,6 +1,8 @@
package orm package orm
import "net/http" import (
"net/http"
)
type Modifier interface { type Modifier interface {
SetCreatorID(id uint) SetCreatorID(id uint)

View file

@ -64,7 +64,7 @@ var (
"isSubscriber": isSubscriber, "isSubscriber": isSubscriber,
"isSchool": isSchool, "isSchool": isSchool,
"attr": attr, "attr": attr,
"userId": userId, "modelId": modelId,
} }
) )
@ -105,8 +105,8 @@ func username(claims jwt.MapClaims) string {
return claims["username"].(string) return claims["username"].(string)
} }
func userId(claims jwt.MapClaims) (uint, error) { func modelId(claims jwt.MapClaims) (uint, error) {
id, err := strconv.Atoi(claims["user_id"].(string)) id, err := strconv.Atoi(claims["model_id"].(string))
if err != nil { if err != nil {
return 0, err return 0, err
} }

View file

@ -4,7 +4,7 @@ html {
body { body {
padding-top: 60px; padding-top: 60px;
position: relative; /*position: relative;*/
} }
div.login { div.login {

View file

@ -48,7 +48,7 @@
<a class="nav-item nav-link {{.Options|active "Response"}}" href="{{all "Response"}}">Prove</a> <a class="nav-item nav-link {{.Options|active "Response"}}" href="{{all "Response"}}">Prove</a>
{{- end -}} {{- end -}}
{{- if $isSchool -}} {{- if $isSchool -}}
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|userId|show "School"}}">Scuola</a> <a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|modelId|show "School"}}">Scuola</a>
<a class="nav-item nav-link {{.Options|active "Participant"}}" href="{{all "Participant"}}">Partecipanti</a> <a class="nav-item nav-link {{.Options|active "Participant"}}" href="{{all "Participant"}}">Partecipanti</a>
{{- end -}} {{- end -}}
</ul> </ul>

View file

@ -45,9 +45,7 @@
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> <script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script> <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script> <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
<script src="/main.bundle.js"></script> <script src="/main.bundle.js"></script>
</body> </body>