From 6b336e22aacea2a8b6d335557cc292352621b404 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sun, 27 Jun 2021 17:57:07 -0400
Subject: [PATCH] Log user out when authenticated as deleted user

Now when we check for the user at certain times and find that the user
doesn't exist in the database, we log them out and send them back to
the home page.
---
 account.go  | 17 ++++++++++++++++-
 database.go |  2 +-
 handle.go   | 10 ++++++++--
 invites.go  |  3 +++
 pad.go      |  3 +++
 session.go  |  9 +++++----
 6 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/account.go b/account.go
index 72d12ee..eaf3eaf 100644
--- a/account.go
+++ b/account.go
@@ -787,6 +787,9 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
+		if err == ErrUserNotFound {
+			return err
+		}
 		log.Error("view articles: %v", err)
 	}
 	d := struct {
@@ -822,7 +825,10 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 
 	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
-		log.Error("view collections %v", err)
+		if err == ErrUserNotFound {
+			return err
+		}
+		log.Error("view collections: %v", err)
 		return fmt.Errorf("view collections: %v", err)
 	}
 	d := struct {
@@ -861,6 +867,9 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
 
 	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
+		if err == ErrUserNotFound {
+			return err
+		}
 		log.Error("view edit collection %v", err)
 		return fmt.Errorf("view edit collection: %v", err)
 	}
@@ -1037,6 +1046,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
 
 	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
+		if err == ErrUserNotFound {
+			return err
+		}
 		log.Error("view stats: %v", err)
 		return err
 	}
@@ -1070,6 +1082,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
 func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	fullUser, err := app.db.GetUserByID(u.ID)
 	if err != nil {
+		if err == ErrUserNotFound {
+			return err
+		}
 		log.Error("Unable to get user for settings: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
 	}
diff --git a/database.go b/database.go
index fefc3c1..5c3a84f 100644
--- a/database.go
+++ b/database.go
@@ -332,7 +332,7 @@ func (db *datastore) IsUserSilenced(id int64) (bool, error) {
 	err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
 	switch {
 	case err == sql.ErrNoRows:
-		return false, fmt.Errorf("is user silenced: %v", ErrUserNotFound)
+		return false, ErrUserNotFound
 	case err != nil:
 		log.Error("Couldn't SELECT user status: %v", err)
 		return false, fmt.Errorf("is user silenced: %v", err)
diff --git a/handle.go b/handle.go
index 1cbf114..9e9821c 100644
--- a/handle.go
+++ b/handle.go
@@ -155,8 +155,14 @@ func (h *Handler) User(f userHandlerFunc) http.HandlerFunc {
 			err := f(h.app.App(), u, w, r)
 			if err == nil {
 				status = http.StatusOK
-			} else if err, ok := err.(impart.HTTPError); ok {
-				status = err.Status
+			} else if impErr, ok := err.(impart.HTTPError); ok {
+				status = impErr.Status
+				if impErr == ErrUserNotFound {
+					log.Info("Logged-in user not found. Logging out.")
+					sendRedirect(w, http.StatusFound, "/me/logout?to="+h.app.App().cfg.App.LandingPath())
+					// Reset err so handleHTTPError does nothing
+					err = nil
+				}
 			} else {
 				status = http.StatusInternalServerError
 			}
diff --git a/invites.go b/invites.go
index 4024634..70eaa42 100644
--- a/invites.go
+++ b/invites.go
@@ -78,6 +78,9 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
 
 	p.Silenced, err = app.db.IsUserSilenced(u.ID)
 	if err != nil {
+		if err == ErrUserNotFound {
+			return err
+		}
 		log.Error("view invites: %v", err)
 	}
 
diff --git a/pad.go b/pad.go
index d150334..695d5d2 100644
--- a/pad.go
+++ b/pad.go
@@ -55,6 +55,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 		appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
 		if err != nil {
+			if err == ErrUserNotFound {
+				return err
+			}
 			log.Error("Unable to get user status for Pad: %v", err)
 		}
 	}
diff --git a/session.go b/session.go
index 81d628f..5584565 100644
--- a/session.go
+++ b/session.go
@@ -130,12 +130,13 @@ func saveUserSession(app *App, r *http.Request, w http.ResponseWriter) error {
 	return err
 }
 
-func getFullUserSession(app *App, r *http.Request) *User {
+func getFullUserSession(app *App, r *http.Request) (*User, error) {
 	u := getUserSession(app, r)
 	if u == nil {
-		return nil
+		return nil, nil
 	}
 
-	u, _ = app.db.GetUserByID(u.ID)
-	return u
+	var err error
+	u, err = app.db.GetUserByID(u.ID)
+	return u, err
 }