Log user out when authenticated as deleted user
Now when we check for the user at certain times and find that the user doesn't exist in the database, we log them out and send them back to the home page.
This commit is contained in:
parent
e983c4527f
commit
6b336e22aa
17
account.go
17
account.go
|
@ -787,6 +787,9 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
|
||||||
|
|
||||||
silenced, err := app.db.IsUserSilenced(u.ID)
|
silenced, err := app.db.IsUserSilenced(u.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
log.Error("view articles: %v", err)
|
log.Error("view articles: %v", err)
|
||||||
}
|
}
|
||||||
d := struct {
|
d := struct {
|
||||||
|
@ -822,7 +825,10 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
|
||||||
|
|
||||||
silenced, err := app.db.IsUserSilenced(u.ID)
|
silenced, err := app.db.IsUserSilenced(u.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("view collections %v", err)
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
log.Error("view collections: %v", err)
|
||||||
return fmt.Errorf("view collections: %v", err)
|
return fmt.Errorf("view collections: %v", err)
|
||||||
}
|
}
|
||||||
d := struct {
|
d := struct {
|
||||||
|
@ -861,6 +867,9 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
|
||||||
|
|
||||||
silenced, err := app.db.IsUserSilenced(u.ID)
|
silenced, err := app.db.IsUserSilenced(u.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
log.Error("view edit collection %v", err)
|
log.Error("view edit collection %v", err)
|
||||||
return fmt.Errorf("view edit collection: %v", err)
|
return fmt.Errorf("view edit collection: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -1037,6 +1046,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
|
||||||
|
|
||||||
silenced, err := app.db.IsUserSilenced(u.ID)
|
silenced, err := app.db.IsUserSilenced(u.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
log.Error("view stats: %v", err)
|
log.Error("view stats: %v", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -1070,6 +1082,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
|
||||||
func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
|
func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
|
||||||
fullUser, err := app.db.GetUserByID(u.ID)
|
fullUser, err := app.db.GetUserByID(u.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
log.Error("Unable to get user for settings: %s", err)
|
log.Error("Unable to get user for settings: %s", err)
|
||||||
return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
|
return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
|
||||||
}
|
}
|
||||||
|
|
|
@ -332,7 +332,7 @@ func (db *datastore) IsUserSilenced(id int64) (bool, error) {
|
||||||
err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
|
err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
return false, fmt.Errorf("is user silenced: %v", ErrUserNotFound)
|
return false, ErrUserNotFound
|
||||||
case err != nil:
|
case err != nil:
|
||||||
log.Error("Couldn't SELECT user status: %v", err)
|
log.Error("Couldn't SELECT user status: %v", err)
|
||||||
return false, fmt.Errorf("is user silenced: %v", err)
|
return false, fmt.Errorf("is user silenced: %v", err)
|
||||||
|
|
10
handle.go
10
handle.go
|
@ -155,8 +155,14 @@ func (h *Handler) User(f userHandlerFunc) http.HandlerFunc {
|
||||||
err := f(h.app.App(), u, w, r)
|
err := f(h.app.App(), u, w, r)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
status = http.StatusOK
|
status = http.StatusOK
|
||||||
} else if err, ok := err.(impart.HTTPError); ok {
|
} else if impErr, ok := err.(impart.HTTPError); ok {
|
||||||
status = err.Status
|
status = impErr.Status
|
||||||
|
if impErr == ErrUserNotFound {
|
||||||
|
log.Info("Logged-in user not found. Logging out.")
|
||||||
|
sendRedirect(w, http.StatusFound, "/me/logout?to="+h.app.App().cfg.App.LandingPath())
|
||||||
|
// Reset err so handleHTTPError does nothing
|
||||||
|
err = nil
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
status = http.StatusInternalServerError
|
status = http.StatusInternalServerError
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,6 +78,9 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
|
||||||
|
|
||||||
p.Silenced, err = app.db.IsUserSilenced(u.ID)
|
p.Silenced, err = app.db.IsUserSilenced(u.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
log.Error("view invites: %v", err)
|
log.Error("view invites: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
3
pad.go
3
pad.go
|
@ -55,6 +55,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
|
||||||
}
|
}
|
||||||
appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
|
appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == ErrUserNotFound {
|
||||||
|
return err
|
||||||
|
}
|
||||||
log.Error("Unable to get user status for Pad: %v", err)
|
log.Error("Unable to get user status for Pad: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -130,12 +130,13 @@ func saveUserSession(app *App, r *http.Request, w http.ResponseWriter) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func getFullUserSession(app *App, r *http.Request) *User {
|
func getFullUserSession(app *App, r *http.Request) (*User, error) {
|
||||||
u := getUserSession(app, r)
|
u := getUserSession(app, r)
|
||||||
if u == nil {
|
if u == nil {
|
||||||
return nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
u, _ = app.db.GetUserByID(u.ID)
|
var err error
|
||||||
return u
|
u, err = app.db.GetUserByID(u.ID)
|
||||||
|
return u, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue