chore(auth): add test for retrieving session from db #181
All checks were successful
Build Docker Image / Explore-Gitea-Actions (push) Successful in 46s
All checks were successful
Build Docker Image / Explore-Gitea-Actions (push) Successful in 46s
This commit is contained in:
@@ -24,9 +24,42 @@ import (
|
||||
"golang.org/x/crypto/argon2"
|
||||
)
|
||||
|
||||
// TESTED
|
||||
|
||||
func GetUserFromSessionId(db *sql.DB, sessionId types.SessionId) *types.User {
|
||||
if sessionId == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
var (
|
||||
createdAt time.Time
|
||||
userId uuid.UUID
|
||||
email string
|
||||
emailVerified bool
|
||||
)
|
||||
|
||||
err := db.QueryRow(`
|
||||
SELECT u.user_uuid, u.email, u.email_verified, s.created_at
|
||||
FROM session s
|
||||
INNER JOIN user u ON s.user_uuid = u.user_uuid
|
||||
WHERE session_id = ?`, sessionId).Scan(&userId, &email, &emailVerified, &createdAt)
|
||||
if err != nil {
|
||||
slog.Warn("Could not verify session: " + err.Error())
|
||||
return nil
|
||||
}
|
||||
|
||||
if createdAt.Add(time.Duration(8 * time.Hour)).Before(time.Now()) {
|
||||
return nil
|
||||
} else {
|
||||
return types.NewUser(userId, email, sessionId, emailVerified)
|
||||
}
|
||||
}
|
||||
|
||||
// NOT TESTED
|
||||
|
||||
func HandleSignInPage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
|
||||
if user == nil {
|
||||
userComp := UserInfoComp(nil)
|
||||
@@ -48,7 +81,7 @@ func HandleSignInPage(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
func HandleSignUpPage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
|
||||
if user == nil {
|
||||
userComp := UserInfoComp(nil)
|
||||
@@ -70,7 +103,7 @@ func HandleSignUpPage(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
func HandleSignUpVerifyPage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else if user.EmailVerified {
|
||||
@@ -90,7 +123,7 @@ func HandleSignUpVerifyPage(db *sql.DB) http.HandlerFunc {
|
||||
func HandleDeleteAccountPage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
// An unverified email should be able to delete their account
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else {
|
||||
@@ -152,7 +185,7 @@ func HandleChangePasswordPage(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
isPasswordReset := r.URL.Query().Has("token")
|
||||
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user == nil && !isPasswordReset {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else {
|
||||
@@ -170,7 +203,7 @@ func HandleChangePasswordPage(db *sql.DB) http.HandlerFunc {
|
||||
func HandleResetPasswordPage(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user != nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
} else {
|
||||
@@ -314,7 +347,7 @@ func HandleSignInComp(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
func HandleSignOutComp(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
|
||||
if user != nil {
|
||||
_, err := db.Exec("DELETE FROM session WHERE session_id = ?", user.SessionId)
|
||||
@@ -343,7 +376,7 @@ func HandleSignOutComp(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
func HandleDeleteAccountComp(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
return
|
||||
@@ -409,7 +442,7 @@ func HandleDeleteAccountComp(db *sql.DB) http.HandlerFunc {
|
||||
|
||||
func HandleVerifyResendComp(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user == nil || user.EmailVerified {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
return
|
||||
@@ -424,7 +457,7 @@ func HandleVerifyResendComp(db *sql.DB) http.HandlerFunc {
|
||||
func HandleChangePasswordComp(db *sql.DB) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
user := utils.GetUserFromSession(db, r)
|
||||
user := GetUserFromRequest(db, r)
|
||||
if user == nil {
|
||||
utils.DoRedirect(w, r, "/auth/signin")
|
||||
return
|
||||
@@ -669,3 +702,19 @@ func checkPassword(password string) error {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
//TODO: delete
|
||||
|
||||
func getSessionID(r *http.Request) types.SessionId {
|
||||
for _, c := range r.Cookies() {
|
||||
if c.Name == "id" {
|
||||
return types.SessionId(c.Value)
|
||||
}
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func GetUserFromRequest(db *sql.DB, r *http.Request) *types.User {
|
||||
sessionId := getSessionID(r)
|
||||
return GetUserFromSessionId(db, sessionId)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user