andrea/oef
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix ambiguity between user_id and model_id in user token

Browse source
This commit is contained in:
Andrea Fazzi 2020-02-03 14:13:01 +01:00
parent 09548326e8
commit b9e6c5dbe1
14 changed files with 29 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dist/main.bundle.js vendored
View file

File diff suppressed because one or more lines are too long

2
dist/styles.css vendored
View file

@ -4,7 +4,7 @@ html {
body {
padding-top: 60px;
position: relative;
/*position: relative;*/
}
div.login {

4
handlers/handlers.go
View file

@ -473,7 +473,7 @@ func DefaultHomeHandler() http.Handler {
r,
fmt.Sprintf(
"/participants/%s?format=html&tpl_layout=base&tpl_content=participants_show",
claims["user_id"].(string)),
claims["model_id"].(string)),
http.StatusSeeOther,
)
@ -483,7 +483,7 @@ func DefaultHomeHandler() http.Handler {
r,
fmt.Sprintf(
"/schools/%s?format=html&tpl_layout=base&tpl_content=schools_show",
claims["user_id"].(string)),
claims["model_id"].(string)),
http.StatusSeeOther,
)

10
handlers/login.go
View file

@ -16,6 +16,7 @@ type UserToken struct {
Username string
Admin bool
Role string
ModelID string
UserID string
}
@ -68,13 +69,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
// Check if user is the administrator
if username == db.Config.Admin.Username && password == db.Config.Admin.Password {
return &UserToken{username, true, "administrator", "0"}, nil
return &UserToken{username, true, "administrator", "0", "0"}, nil
}
// Check if user is a subscriber
if password == db.Config.Subscriber.Password {
return &UserToken{"subscriber", false, "subscriber", "0"}, nil
return &UserToken{"subscriber", false, "subscriber", "0", "0"}, nil
}
var token *UserToken
@ -89,13 +90,13 @@ func checkCredential(db *orm.Database, username string, password string) (*UserT
if err := db.DB().First(&participant, &orm.Participant{UserID: user.ID}).Error; err != nil {
return nil, errors.New("Authentication failed!")
}
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID))}
token = &UserToken{username, false, user.Role, strconv.Itoa(int(participant.ID)), strconv.Itoa(int(user.ID))}
case "school":
var school orm.School
if err := db.DB().First(&school, &orm.School{UserID: user.ID}).Error; err != nil {
return nil, errors.New("Authentication failed!")
}
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID))}
token = &UserToken{username, false, user.Role, strconv.Itoa(int(school.ID)), strconv.Itoa(int(user.ID))}
}
return token, nil
@ -113,6 +114,7 @@ func getToken(db *orm.Database, username string, password string, signingKey []b
claims["admin"] = user.Admin
claims["username"] = user.Username
claims["role"] = user.Role
claims["model_id"] = user.ModelID
claims["user_id"] = user.UserID
claims["exp"] = time.Now().Add(time.Hour * 24).Unix()

2
orm/participant.go
View file

@ -467,7 +467,7 @@ func CreateParticipant(db *Database, participant *Participant) (*Participant, er
func SaveParticipant(db *Database, participant interface{}) (interface{}, error) {
participant.(*Participant).FiscalCode = strings.ToUpper(participant.(*Participant).FiscalCode)
if err := db._db.Omit("Category", "School").Save(participant).Error; err != nil {
if err := db._db.Omit("Category", "School", "Creator", "Updater").Save(participant).Error; err != nil {
return nil, err
}
return participant, nil

2
orm/response.go
View file

@ -275,7 +275,7 @@ func CreateResponse(db *Database, response *Response) (*Response, error) {
}
func SaveResponse(db *Database, response interface{}) (interface{}, error) {
if err := db._db. /*.Omit("Something")*/ Save(response).Error; err != nil {
if err := db._db.Omit("Creator", "Updater").Save(response).Error; err != nil {
return nil, err
}
return response, nil

4
orm/role.go
View file

@ -42,6 +42,10 @@ func getUserIDFromToken(r *http.Request) string {
return getClaims(r)["user_id"].(string)
}
func getModelIDFromToken(r *http.Request) string {
return getClaims(r)["model_id"].(string)
}
func getUserIDFromTokenAsUint(r *http.Request) uint {
id, _ := strconv.Atoi(getUserIDFromToken(r))
return uint(id)

4
orm/school.go
View file

@ -306,7 +306,7 @@ func CreateSchool(db *Database, school *School) (*School, error) {
}
func SaveSchool(db *Database, school interface{}) (interface{}, error) {
if err := db._db.Omit("Region").Save(school).Error; err != nil {
if err := db._db.Omit("Region", "Creator", "Updater").Save(school).Error; err != nil {
return nil, err
}
return school, nil
@ -317,7 +317,7 @@ func (model *School) HasCategory(db *Database, participant *Participant) (bool,
if err := db._db.
Where("category_id = ? AND school_id = ? AND id <> ?", participant.CategoryID, model.ID, participant.ID).
Find(&participants).Error; err != nil {
Find(&participants).Error; err != nil {
return false, err
}
return len(participants) > 0, nil

4
orm/usermodifier.go
View file

@ -1,6 +1,8 @@
package orm
import "net/http"
import (
"net/http"
)
type Modifier interface {
SetCreatorID(id uint)

6
renderer/funcmap.go
View file

@ -64,7 +64,7 @@ var (
"isSubscriber": isSubscriber,
"isSchool": isSchool,
"attr": attr,
"userId": userId,
"modelId": modelId,
}
)
@ -105,8 +105,8 @@ func username(claims jwt.MapClaims) string {
return claims["username"].(string)
}
func userId(claims jwt.MapClaims) (uint, error) {
id, err := strconv.Atoi(claims["user_id"].(string))
func modelId(claims jwt.MapClaims) (uint, error) {
id, err := strconv.Atoi(claims["model_id"].(string))
if err != nil {
return 0, err
}

2
src/style.css
View file

@ -4,7 +4,7 @@ html {
body {
padding-top: 60px;
position: relative;
/*position: relative;*/
}
div.login {

2
templates/layout/base.html.tpl
View file

@ -48,7 +48,7 @@
<a class="nav-item nav-link {{.Options|active "Response"}}" href="{{all "Response"}}">Prove</a>
{{- end -}}
{{- if $isSchool -}}
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|userId|show "School"}}">Scuola</a>
<a class="nav-item nav-link {{.Options|active "School"}}" href="{{.Claims|modelId|show "School"}}">Scuola</a>
<a class="nav-item nav-link {{.Options|active "Participant"}}" href="{{all "Participant"}}">Partecipanti</a>
{{- end -}}
</ul>

6
templates/layout/login.html.tpl
View file

@ -38,16 +38,14 @@
<footer class="footer text-center">
<div class="container">
<span class="text-center text-muted">Questo software è stato sviluppato da <a href="https://github.com/remogatto">Andrea
Fazzi</a> per le <a href="https://www.olimpiadi-economiaefinanza.it">Olimpiadi di Economia e Finanza 2020</a> ({{version}})
</span>
Fazzi</a> per le <a href="https://www.olimpiadi-economiaefinanza.it">Olimpiadi di Economia e Finanza 2020</a> ({{version}})
</span>
</div>
</footer>
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
<script src="/main.bundle.js"></script>
</body>