From 9538c9036ec85706b386b89c4a4f4323bdcc7ae3 Mon Sep 17 00:00:00 2001 From: Adhityaa Chandrasekar Date: Sun, 11 Aug 2019 15:52:56 -0700 Subject: [PATCH] api: update commenter information on new login --- api/commenter_update.go | 30 ++++++++++++++++++++++++++++++ api/oauth_github_callback.go | 6 +++++- api/oauth_gitlab_callback.go | 6 +++++- api/oauth_google_callback.go | 27 ++++++++++++++++++--------- api/oauth_sso_callback.go | 6 +++++- api/oauth_twitter_callback.go | 6 +++++- 6 files changed, 68 insertions(+), 13 deletions(-) create mode 100644 api/commenter_update.go diff --git a/api/commenter_update.go b/api/commenter_update.go new file mode 100644 index 0000000..3521d15 --- /dev/null +++ b/api/commenter_update.go @@ -0,0 +1,30 @@ +package main + +import ( +) + +func commenterUpdate(commenterHex string, email string, name string, link string, photo string, provider string) error { + if email == "" || name == "" || link == "" || photo == "" || provider == "" { + return errorMissingField + } + + // See utils_sanitise.go's documentation on isHttpsUrl. This is not a URL + // validator, just an XSS preventor. + // TODO: reject URLs instead of malforming them. + if link != "undefined" && !isHttpsUrl(link) { + link = "https://" + link + } + + statement := ` + UPDATE commenters + SET email = $3, name = $4, link = $5, photo = $6 + WHERE commenterHex = $1 and provider = $2; + ` + _, err := db.Exec(statement, commenterHex, provider, email, name, link, photo) + if err != nil { + logger.Errorf("cannot update commenter: %v", err) + return errorInternal + } + + return nil +} diff --git a/api/oauth_github_callback.go b/api/oauth_github_callback.go index e6d8d43..ae75bc8 100644 --- a/api/oauth_github_callback.go +++ b/api/oauth_github_callback.go @@ -109,7 +109,6 @@ func githubCallbackHandler(w http.ResponseWriter, r *http.Request) { var commenterHex string - // TODO: in case of returning users, update the information we have on record? if err == errorNoSuchCommenter { commenterHex, err = commenterNew(email, name, link, photo, "github", "") if err != nil { @@ -117,6 +116,11 @@ func githubCallbackHandler(w http.ResponseWriter, r *http.Request) { return } } else { + if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "github"); err != nil { + logger.Warningf("cannot update commenter: %s", err) + // not a serious enough to exit with an error + } + commenterHex = c.CommenterHex } diff --git a/api/oauth_gitlab_callback.go b/api/oauth_gitlab_callback.go index 96941f8..112c0a6 100644 --- a/api/oauth_gitlab_callback.go +++ b/api/oauth_gitlab_callback.go @@ -76,7 +76,6 @@ func gitlabCallbackHandler(w http.ResponseWriter, r *http.Request) { var commenterHex string - // TODO: in case of returning users, update the information we have on record? if err == errorNoSuchCommenter { commenterHex, err = commenterNew(email, name, link, photo, "gitlab", "") if err != nil { @@ -84,6 +83,11 @@ func gitlabCallbackHandler(w http.ResponseWriter, r *http.Request) { return } } else { + if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "gitlab"); err != nil { + logger.Warningf("cannot update commenter: %s", err) + // not a serious enough to exit with an error + } + commenterHex = c.CommenterHex } diff --git a/api/oauth_google_callback.go b/api/oauth_google_callback.go index 0a1108f..e646569 100644 --- a/api/oauth_google_callback.go +++ b/api/oauth_google_callback.go @@ -52,23 +52,32 @@ func googleCallbackHandler(w http.ResponseWriter, r *http.Request) { return } + name := user["name"].(string) + + link := "undefined" + if user["link"] != nil { + link = user["link"].(string) + } + + photo := "undefined" + if user["picture"] != nil { + photo = user["picture"].(string) + } + var commenterHex string - // TODO: in case of returning users, update the information we have on record? if err == errorNoSuchCommenter { - var link string - if val, ok := user["link"]; ok { - link = val.(string) - } else { - link = "undefined" - } - - commenterHex, err = commenterNew(email, user["name"].(string), link, user["picture"].(string), "google", "") + commenterHex, err = commenterNew(email, name, link, photo, "google", "") if err != nil { fmt.Fprintf(w, "Error: %s", err.Error()) return } } else { + if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "google"); err != nil { + logger.Warningf("cannot update commenter: %s", err) + // not a serious enough to exit with an error + } + commenterHex = c.CommenterHex } diff --git a/api/oauth_sso_callback.go b/api/oauth_sso_callback.go index 86fb18f..75d0e54 100644 --- a/api/oauth_sso_callback.go +++ b/api/oauth_sso_callback.go @@ -96,7 +96,6 @@ func ssoCallbackHandler(w http.ResponseWriter, r *http.Request) { var commenterHex string - // TODO: in case of returning users, update the information we have on record? if err == errorNoSuchCommenter { commenterHex, err = commenterNew(payload.Email, payload.Name, payload.Link, payload.Photo, "sso:"+domain, "") if err != nil { @@ -104,6 +103,11 @@ func ssoCallbackHandler(w http.ResponseWriter, r *http.Request) { return } } else { + if err = commenterUpdate(c.CommenterHex, payload.Email, payload.Name, payload.Link, payload.Photo, "sso:"+domain); err != nil { + logger.Warningf("cannot update commenter: %s", err) + // not a serious enough to exit with an error + } + commenterHex = c.CommenterHex } diff --git a/api/oauth_twitter_callback.go b/api/oauth_twitter_callback.go index 6689d3d..3815a9c 100644 --- a/api/oauth_twitter_callback.go +++ b/api/oauth_twitter_callback.go @@ -88,7 +88,6 @@ func twitterCallbackHandler(w http.ResponseWriter, r *http.Request) { var commenterHex string - // TODO: in case of returning users, update the information we have on record? if err == errorNoSuchCommenter { commenterHex, err = commenterNew(email, name, link, photo, "twitter", "") if err != nil { @@ -96,6 +95,11 @@ func twitterCallbackHandler(w http.ResponseWriter, r *http.Request) { return } } else { + if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "twitter"); err != nil { + logger.Warningf("cannot update commenter: %s", err) + // not a serious enough to exit with an error + } + commenterHex = c.CommenterHex }