api: update commenter information on new login

2019-08-11 15:52:56 -07:00 · 2019-08-11 15:52:56 -07:00 · 9538c9036e
commit 9538c9036e
parent 696361df4a
6 changed files with 68 additions and 13 deletions
--- a/api/commenter_update.go
+++ b/api/commenter_update.go
@ -0,0 +1,30 @@
+package main
+
+import (
+)
+
+func commenterUpdate(commenterHex string, email string, name string, link string, photo string, provider string) error {
+	if email == "" || name == "" || link == "" || photo == "" || provider == "" {
+		return errorMissingField
+	}
+
+	// See utils_sanitise.go's documentation on isHttpsUrl. This is not a URL
+	// validator, just an XSS preventor.
+	// TODO: reject URLs instead of malforming them.
+	if link != "undefined" && !isHttpsUrl(link) {
+		link = "https://" + link
+	}
+
+	statement := `
+		UPDATE commenters
+		SET email = $3, name = $4, link = $5, photo = $6
+		WHERE commenterHex = $1 and provider = $2;
+	`
+	_, err := db.Exec(statement, commenterHex, provider, email, name, link, photo)
+	if err != nil {
+		logger.Errorf("cannot update commenter: %v", err)
+		return errorInternal
+	}
+
+	return nil
+}
--- a/api/oauth_github_callback.go
+++ b/api/oauth_github_callback.go
@ -109,7 +109,6 @@ func githubCallbackHandler(w http.ResponseWriter, r *http.Request) {

 	var commenterHex string

-	// TODO: in case of returning users, update the information we have on record?
 	if err == errorNoSuchCommenter {
 		commenterHex, err = commenterNew(email, name, link, photo, "github", "")
 		if err != nil {
@ -117,6 +116,11 @@ func githubCallbackHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	} else {
+		if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "github"); err != nil {
+			logger.Warningf("cannot update commenter: %s", err)
+			// not a serious enough to exit with an error
+		}
+
 		commenterHex = c.CommenterHex
 	}

--- a/api/oauth_gitlab_callback.go
+++ b/api/oauth_gitlab_callback.go
@ -76,7 +76,6 @@ func gitlabCallbackHandler(w http.ResponseWriter, r *http.Request) {

 	var commenterHex string

-	// TODO: in case of returning users, update the information we have on record?
 	if err == errorNoSuchCommenter {
 		commenterHex, err = commenterNew(email, name, link, photo, "gitlab", "")
 		if err != nil {
@ -84,6 +83,11 @@ func gitlabCallbackHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	} else {
+		if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "gitlab"); err != nil {
+			logger.Warningf("cannot update commenter: %s", err)
+			// not a serious enough to exit with an error
+		}
+
 		commenterHex = c.CommenterHex
 	}

--- a/api/oauth_google_callback.go
+++ b/api/oauth_google_callback.go
@ -52,23 +52,32 @@ func googleCallbackHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	name := user["name"].(string)
+
+	link := "undefined"
+	if user["link"] != nil {
+		link = user["link"].(string)
+	}
+
+	photo := "undefined"
+	if user["picture"] != nil {
+		photo = user["picture"].(string)
+	}
+
 	var commenterHex string

-	// TODO: in case of returning users, update the information we have on record?
 	if err == errorNoSuchCommenter {
-		var link string
-		if val, ok := user["link"]; ok {
-			link = val.(string)
-		} else {
-			link = "undefined"
-		}
-
-		commenterHex, err = commenterNew(email, user["name"].(string), link, user["picture"].(string), "google", "")
+		commenterHex, err = commenterNew(email, name, link, photo, "google", "")
 		if err != nil {
 			fmt.Fprintf(w, "Error: %s", err.Error())
 			return
 		}
 	} else {
+		if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "google"); err != nil {
+			logger.Warningf("cannot update commenter: %s", err)
+			// not a serious enough to exit with an error
+		}
+
 		commenterHex = c.CommenterHex
 	}

--- a/api/oauth_sso_callback.go
+++ b/api/oauth_sso_callback.go
@ -96,7 +96,6 @@ func ssoCallbackHandler(w http.ResponseWriter, r *http.Request) {

 	var commenterHex string

-	// TODO: in case of returning users, update the information we have on record?
 	if err == errorNoSuchCommenter {
 		commenterHex, err = commenterNew(payload.Email, payload.Name, payload.Link, payload.Photo, "sso:"+domain, "")
 		if err != nil {
@ -104,6 +103,11 @@ func ssoCallbackHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	} else {
+		if err = commenterUpdate(c.CommenterHex, payload.Email, payload.Name, payload.Link, payload.Photo, "sso:"+domain); err != nil {
+			logger.Warningf("cannot update commenter: %s", err)
+			// not a serious enough to exit with an error
+		}
+
 		commenterHex = c.CommenterHex
 	}

--- a/api/oauth_twitter_callback.go
+++ b/api/oauth_twitter_callback.go
@ -88,7 +88,6 @@ func twitterCallbackHandler(w http.ResponseWriter, r *http.Request) {

 	var commenterHex string

-	// TODO: in case of returning users, update the information we have on record?
 	if err == errorNoSuchCommenter {
 		commenterHex, err = commenterNew(email, name, link, photo, "twitter", "")
 		if err != nil {
@ -96,6 +95,11 @@ func twitterCallbackHandler(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	} else {
+		if err = commenterUpdate(c.CommenterHex, email, name, link, photo, "twitter"); err != nil {
+			logger.Warningf("cannot update commenter: %s", err)
+			// not a serious enough to exit with an error
+		}
+
 		commenterHex = c.CommenterHex
 	}