Fix ambiguity between user_id and model_id in user token
This commit is contained in:
Andrea Fazzi
parent
09548326e8
commit
b9e6c5dbe1
14 changed files with 29 additions and 23 deletions
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
||||||
0.2.1-26-g368de33-master
|
0.2.1-26-g368de33-master
|
||||||
2
dist/main.bundle.js
vendored
2
dist/main.bundle.js
vendored
File diff suppressed because one or more lines are too long
2
dist/styles.css
vendored
2
dist/styles.css
vendored
|
|
@ -4,7 +4,7 @@ html {
|
||||||
|
|
||||||
body {
|
body {
|
||||||
padding-top: 60px;
|
padding-top: 60px;
|
||||||
position: relative;
|
/*position: relative;*/
|
||||||
}
|
}
|
||||||
|
|
||||||
div.login {
|
div.login {
|
||||||
|
|
|
||||||
|
|
@ -473,7 +473,7 @@ func DefaultHomeHandler() http.Handler {
|
||||||
r,
|
r,
|
||||||
fmt.Sprintf(
|
fmt.Sprintf(
|
||||||
"/participants/%s?format=html&tpl_layout=base&tpl_content=participants_show",
|
"/participants/%s?format=html&tpl_layout=base&tpl_content=participants_show",
|
||||||
claims["user_id"].(string)),
|
claims["model_id"].(string)),
|
||||||
http.StatusSeeOther,
|
http.StatusSeeOther,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -483,7 +483,7 @@ func DefaultHomeHandler() http.Handler {
|
||||||
r,
|
r,
|
||||||
fmt.Sprintf(
|
fmt.Sprintf(
|
||||||
"/schools/%s?format=html&tpl_layout=base&tpl_content=schools_show",
|
"/schools/%s?format=html&tpl_layout=base&tpl_content=schools_show",
|
||||||
claims["user_id"].(string)),
|
claims["model_id"].(string)),
|
||||||
http.StatusSeeOther,
|
http.StatusSeeOther,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ type UserToken struct {
|
||||||
Username string
|
Username string
|
||||||
Admin bool
|
Admin bool
|
||||||
Role string
|
Role string
|
||||||
|
ModelID string
|
||||||
UserID string
|
UserID string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -68,13 +69,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
|
||||||
// Check if user is the administrator
|
// Check if user is the administrator
|
||||||
|
|
||||||
if username == db.Config.Admin.Username && password == db.Config.Admin.Password {
|
if username == db.Config.Admin.Username && password == db.Config.Admin.Password {
|
||||||
return &UserToken{username, true, "administrator", "0"}, nil
|
return &UserToken{username, true, "administrator", "0", "0"}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if user is a subscriber
|
// Check if user is a subscriber
|
||||||
|
|
||||||
if password == db.Config.Subscriber.Password {
|
if password == db.Config.Subscriber.Password {
|
||||||
return &UserToken{"subscriber", false, "subscriber", "0"}, nil
|
return &UserToken{"subscriber", false, "subscriber", "0", "0"}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var token *UserToken
|
var token *UserToken
|
||||||
|
|
@ -89,13 +90,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
|
||||||
if err := db.DB().First(&participant, &orm.Participant{UserID: user.ID}).Error; err != nil {
|
if err := db.DB().First(&participant, &orm.Participant{UserID: user.ID}).Error; err != nil {
|
||||||
return nil, errors.New("Authentication failed!")
|
return nil, errors.New("Authentication failed!")
|
||||||
}
|
}
|
||||||
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID))}
|
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID)), strconv.Itoa(int(user.ID))}
|
||||||
case "school":
|
case "school":
|
||||||
var school orm.School
|
var school orm.School
|
||||||
if err := db.DB().First(&school, &orm.School{UserID: user.ID}).Error; err != nil {
|
if err := db.DB().First(&school, &orm.School{UserID: user.ID}).Error; err != nil {
|
||||||
return nil, errors.New("Authentication failed!")
|
return nil, errors.New("Authentication failed!")
|
||||||
}
|
}
|
||||||
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID))}
|
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID)), strconv.Itoa(int(user.ID))}
|
||||||
}
|
}
|
||||||
|
|
||||||
return token, nil
|
return token, nil
|
||||||
|
|
@ -113,6 +114,7 @@ func getToken(db *orm.Database, username string, password string, signingKey []b
|
||||||
claims["admin"] = user.Admin
|
claims["admin"] = user.Admin
|
||||||
claims["username"] = user.Username
|
claims["username"] = user.Username
|
||||||
claims["role"] = user.Role
|
claims["role"] = user.Role
|
||||||
|
claims["model_id"] = user.ModelID
|
||||||
claims["user_id"] = user.UserID
|
claims["user_id"] = user.UserID
|
||||||
claims["exp"] = time.Now().Add(time.Hour * 24).Unix()
|
claims["exp"] = time.Now().Add(time.Hour * 24).Unix()
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -467,7 +467,7 @@ func CreateParticipant(db *Database, participant *Participant) (*Participant, er
|
||||||
func SaveParticipant(db *Database, participant interface{}) (interface{}, error) {
|
func SaveParticipant(db *Database, participant interface{}) (interface{}, error) {
|
||||||
participant.(*Participant).FiscalCode = strings.ToUpper(participant.(*Participant).FiscalCode)
|
participant.(*Participant).FiscalCode = strings.ToUpper(participant.(*Participant).FiscalCode)
|
||||||
|
|
||||||
if err := db._db.Omit("Category", "School").Save(participant).Error; err != nil {
|
if err := db._db.Omit("Category", "School", "Creator", "Updater").Save(participant).Error; err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return participant, nil
|
return participant, nil
|
||||||
|
|
|
||||||
|
|
@ -275,7 +275,7 @@ func CreateResponse(db *Database, response *Response) (*Response, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func SaveResponse(db *Database, response interface{}) (interface{}, error) {
|
func SaveResponse(db *Database, response interface{}) (interface{}, error) {
|
||||||
if err := db._db. /*.Omit("Something")*/ Save(response).Error; err != nil {
|
if err := db._db.Omit("Creator", "Updater").Save(response).Error; err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return response, nil
|
return response, nil
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,10 @@ func getUserIDFromToken(r *http.Request) string {
|
||||||
return getClaims(r)["user_id"].(string)
|
return getClaims(r)["user_id"].(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getModelIDFromToken(r *http.Request) string {
|
||||||
|
return getClaims(r)["model_id"].(string)
|
||||||
|
}
|
||||||
|
|
||||||
func getUserIDFromTokenAsUint(r *http.Request) uint {
|
func getUserIDFromTokenAsUint(r *http.Request) uint {
|
||||||
id, _ := strconv.Atoi(getUserIDFromToken(r))
|
id, _ := strconv.Atoi(getUserIDFromToken(r))
|
||||||
return uint(id)
|
return uint(id)
|
||||||
|
|
|
||||||
|
|
@ -306,7 +306,7 @@ func CreateSchool(db *Database, school *School) (*School, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func SaveSchool(db *Database, school interface{}) (interface{}, error) {
|
func SaveSchool(db *Database, school interface{}) (interface{}, error) {
|
||||||
if err := db._db.Omit("Region").Save(school).Error; err != nil {
|
if err := db._db.Omit("Region", "Creator", "Updater").Save(school).Error; err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return school, nil
|
return school, nil
|
||||||
|
|
@ -317,7 +317,7 @@ func (model *School) HasCategory(db *Database, participant *Participant) (bool,
|
||||||
|
|
||||||
if err := db._db.
|
if err := db._db.
|
||||||
Where("category_id = ? AND school_id = ? AND id <> ?", participant.CategoryID, model.ID, participant.ID).
|
Where("category_id = ? AND school_id = ? AND id <> ?", participant.CategoryID, model.ID, participant.ID).
|
||||||
Find(&participants).Error; err != nil {
|
Find(&participants).Error; err != nil {
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
return len(participants) > 0, nil
|
return len(participants) > 0, nil
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
package orm
|
package orm
|
||||||
|
|
||||||
import "net/http"
|
import (
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
type Modifier interface {
|
type Modifier interface {
|
||||||
SetCreatorID(id uint)
|
SetCreatorID(id uint)
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@ var (
|
||||||
"isSubscriber": isSubscriber,
|
"isSubscriber": isSubscriber,
|
||||||
"isSchool": isSchool,
|
"isSchool": isSchool,
|
||||||
"attr": attr,
|
"attr": attr,
|
||||||
"userId": userId,
|
"modelId": modelId,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -105,8 +105,8 @@ func username(claims jwt.MapClaims) string {
|
||||||
return claims["username"].(string)
|
return claims["username"].(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
func userId(claims jwt.MapClaims) (uint, error) {
|
func modelId(claims jwt.MapClaims) (uint, error) {
|
||||||
id, err := strconv.Atoi(claims["user_id"].(string))
|
id, err := strconv.Atoi(claims["model_id"].(string))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,7 @@ html {
|
||||||
|
|
||||||
body {
|
body {
|
||||||
padding-top: 60px;
|
padding-top: 60px;
|
||||||
position: relative;
|
/*position: relative;*/
|
||||||
}
|
}
|
||||||
|
|
||||||
div.login {
|
div.login {
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@
|
||||||
<a class="nav-item nav-link {{.Options|active "Response"}}" href="{{all "Response"}}">Prove</a>
|
<a class="nav-item nav-link {{.Options|active "Response"}}" href="{{all "Response"}}">Prove</a>
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- if $isSchool -}}
|
{{- if $isSchool -}}
|
||||||
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|userId|show "School"}}">Scuola</a>
|
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|modelId|show "School"}}">Scuola</a>
|
||||||
<a class="nav-item nav-link {{.Options|active "Participant"}}" href="{{all "Participant"}}">Partecipanti</a>
|
<a class="nav-item nav-link {{.Options|active "Participant"}}" href="{{all "Participant"}}">Partecipanti</a>
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
</ul>
|
</ul>
|
||||||
|
|
|
||||||
|
|
@ -38,16 +38,14 @@
|
||||||
<footer class="footer text-center">
|
<footer class="footer text-center">
|
||||||
<div class="container">
|
<div class="container">
|
||||||
<span class="text-center text-muted">Questo software è stato sviluppato da <a href="https://github.com/remogatto">Andrea
|
<span class="text-center text-muted">Questo software è stato sviluppato da <a href="https://github.com/remogatto">Andrea
|
||||||
Fazzi</a> per le <a href="https://www.olimpiadi-economiaefinanza.it">Olimpiadi di Economia e Finanza 2020</a> ({{version}})
|
Fazzi</a> per le <a href="https://www.olimpiadi-economiaefinanza.it">Olimpiadi di Economia e Finanza 2020</a> ({{version}})
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
||||||
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
|
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
|
||||||
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
|
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
|
||||||
|
|
||||||
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
|
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
|
||||||
|
|
||||||
<script src="/main.bundle.js"></script>
|
<script src="/main.bundle.js"></script>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue