Skip to content

GitLab

Commit 3da8ac81 authored by Robert Czechowski's avatar Robert Czechowski
Browse files

OAuth: Set and update is_admin on OAuth login. Fixes #93

parent 435bbd50
Pipeline #685 failed with stages
in 8 minutes and 57 seconds
Hide whitespace changes
Inline Side-by-side
src/core.rs
View file @ 3da8ac81
......@@ -585,9 +585,9 @@ pub fn save_submission<T: MedalConnection>(conn: &T, task_id: i32, session_token
let left_secs = i64::from(c.duration) * 60 - passed_secs;
if c.duration > 0 && left_secs < -10 {
return Err(MedalError::AccessDenied)
// Contest over
// TODO: Nicer message!
return Err(MedalError::AccessDenied);
// Contest over
// TODO: Nicer message!
}
}
}
......@@ -1067,7 +1067,8 @@ pub fn edit_profile<T: MedalConnection>(conn: &T, session_token: &str, user_id:
Ok(result)
}
pub fn teacher_infos<T: MedalConnection>(conn: &T, session_token: &str, teacher_page: Option<&str>) -> MedalValueResult {
pub fn teacher_infos<T: MedalConnection>(conn: &T, session_token: &str, teacher_page: Option<&str>)
-> MedalValueResult {
let session = conn.get_session(&session_token).ensure_logged_in().ok_or(MedalError::NotLoggedIn)?;
if !session.is_teacher {
return Err(MedalError::AccessDenied);
......@@ -1085,8 +1086,10 @@ pub fn teacher_infos<T: MedalConnection>(conn: &T, session_token: &str, teacher_
pub fn admin_index<T: MedalConnection>(conn: &T, session_token: &str) -> MedalValueResult {
conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
let data = json_val::Map::new();
Ok(("admin".to_string(), data))
......@@ -1102,8 +1105,10 @@ pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
-> MedalValueResult
{
conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
let mut data = json_val::Map::new();
......@@ -1113,7 +1118,7 @@ pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
if users.len() >= 30 {
data.insert("more_users".to_string(), to_json(&true));
}
},
}
Err(groups) => {
data.insert("groups".to_string(), to_json(&groups));
if groups.len() >= 30 {
......@@ -1127,8 +1132,10 @@ pub fn admin_search_users<T: MedalConnection>(conn: &T, session_token: &str,
pub fn admin_show_user<T: MedalConnection>(conn: &T, user_id: i32, session_token: &str) -> MedalValueResult {
let session = conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
let mut data = json_val::Map::new();
......@@ -1167,8 +1174,10 @@ pub fn admin_delete_user<T: MedalConnection>(conn: &T, user_id: i32, session_tok
pub fn admin_show_group<T: MedalConnection>(conn: &T, group_id: i32, session_token: &str) -> MedalValueResult {
conn.get_session(&session_token)
.ensure_logged_in().ok_or(MedalError::NotLoggedIn)?
.ensure_admin().ok_or(MedalError::AccessDenied)?;
.ensure_logged_in()
.ok_or(MedalError::NotLoggedIn)?
.ensure_admin()
.ok_or(MedalError::AccessDenied)?;
let group = conn.get_group_complete(group_id).unwrap(); // TODO handle error
......@@ -1251,14 +1260,14 @@ pub fn login_oauth<T: MedalConnection>(conn: &T, user_data: ForeignUserData, oau
&oauth_provider_id,
&user_data.foreign_id,
user_data.foreign_type != UserType::User,
user_data.foreign_type == UserType::Admin,
&user_data.firstname,
&user_data.lastname,
match user_data.sex {
UserSex::Male => Some(1),
UserSex::Female => Some(2),
UserSex::Unknown => Some(0),
})
{
}) {
Ok(session_token) => Ok(session_token),
Err(()) => {
let mut data = json_val::Map::new();
......
src/db_conn.base.rs
View file @ 3da8ac81
......@@ -442,7 +442,7 @@ impl MedalConnection for Connection {
//TODO: use session
fn login_foreign(&self, _session: Option<&str>, provider_id: &str, foreign_id: &str, is_teacher: bool,
firstname: &str, lastname: &str, sex: Option<i32>)
is_admin: bool, firstname: &str, lastname: &str, sex: Option<i32>)
-> Result<String, ()>
{
let session_token = helpers::make_session_token();
......@@ -457,18 +457,18 @@ impl MedalConnection for Connection {
Ok(Some(id)) => {
let query = "UPDATE session
SET session_token = $1, csrf_token = $2, last_login = $3, last_activity = $3,
is_teacher = $4, firstname = $5, lastname = $6, sex = $7
WHERE id = $8";
self.execute(query, &[&session_token, &csrf_token, &now, &is_teacher, &firstname, &lastname, &sex, &id]).unwrap();
is_teacher = $4, is_admin = $5, firstname = $6, lastname = $7, sex = $8
WHERE id = $9";
self.execute(query, &[&session_token, &csrf_token, &now, &is_teacher, &is_admin, &firstname, &lastname, &sex, &id]).unwrap();
Ok(session_token)
}
// Add!
_ => {
let query = "INSERT INTO session (session_token, csrf_token, last_login, last_activity,
permanent_login, grade, sex, is_teacher, oauth_foreign_id,
permanent_login, grade, sex, is_teacher, is_admin, oauth_foreign_id,
oauth_provider, firstname, lastname)
VALUES ($1, $2, $3, $3, $4, $5, $6, $7, $8, $9, $10, $11)";
VALUES ($1, $2, $3, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)";
self.execute(query,
&[&session_token,
&csrf_token,
......@@ -477,6 +477,7 @@ impl MedalConnection for Connection {
&(if is_teacher { 255 } else { 0 }),
&sex,
&is_teacher,
&is_admin,
&foreign_id,
&provider_id,
&firstname,
......
src/db_conn.rs
View file @ 3da8ac81
......@@ -33,7 +33,7 @@ pub trait MedalConnection {
fn login(&self, session: Option<&str>, username: &str, password: &str) -> Result<String, ()>;
fn login_with_code(&self, session: Option<&str>, logincode: &str) -> Result<String, ()>;
fn login_foreign(&self, session: Option<&str>, provider_id: &str, foreign_id: &str, is_teacher: bool,
firstname: &str, lastname: &str, sex: Option<i32>)
is_admin: bool, firstname: &str, lastname: &str, sex: Option<i32>)
-> Result<String, ()>;
fn create_user_with_groupcode(&self, session: Option<&str>, groupcode: &str) -> Result<String, ()>;
fn create_group_with_users(&self, group: Group);
......
src/db_conn_postgres.rs
View file @ 3da8ac81
......@@ -552,7 +552,7 @@ impl MedalConnection for Connection {
//TODO: use session
fn login_foreign(&self, _session: Option<&str>, provider_id: &str, foreign_id: &str, is_teacher: bool,
firstname: &str, lastname: &str, sex: Option<i32>)
is_admin: bool, firstname: &str, lastname: &str, sex: Option<i32>)
-> Result<String, ()>
{
let session_token = helpers::make_session_token();
......@@ -567,18 +567,28 @@ impl MedalConnection for Connection {
Ok(Some(id)) => {
let query = "UPDATE session
SET session_token = $1, csrf_token = $2, last_login = $3, last_activity = $3,
is_teacher = $4, firstname = $5, lastname = $6, sex = $7
WHERE id = $8";
self.execute(query, &[&session_token, &csrf_token, &now, &is_teacher, &firstname, &lastname, &sex, &id]).unwrap();
is_teacher = $4, is_admin = $5, firstname = $6, lastname = $7, sex = $8
WHERE id = $9";
self.execute(query,
&[&session_token,
&csrf_token,
&now,
&is_teacher,
&is_admin,
&firstname,
&lastname,
&sex,
&id])
.unwrap();
Ok(session_token)
}
// Add!
_ => {
let query = "INSERT INTO session (session_token, csrf_token, last_login, last_activity,
permanent_login, grade, sex, is_teacher, oauth_foreign_id,
permanent_login, grade, sex, is_teacher, is_admin, oauth_foreign_id,
oauth_provider, firstname, lastname)
VALUES ($1, $2, $3, $3, $4, $5, $6, $7, $8, $9, $10, $11)";
VALUES ($1, $2, $3, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12)";
self.execute(query,
&[&session_token,
&csrf_token,
......@@ -587,6 +597,7 @@ impl MedalConnection for Connection {
&(if is_teacher { 255 } else { 0 }),
&sex,
&is_teacher,
&is_admin,
&foreign_id,
&provider_id,
&firstname,
......
src/db_conn_sqlite_new.rs
View file @ 3da8ac81
......@@ -552,7 +552,7 @@ impl MedalConnection for Connection {
//TODO: use session
fn login_foreign(&self, _session: Option<&str>, provider_id: &str, foreign_id: &str, is_teacher: bool,
firstname: &str, lastname: &str, sex: Option<i32>)
is_admin: bool, firstname: &str, lastname: &str, sex: Option<i32>)
-> Result<String, ()>
{
let session_token = helpers::make_session_token();
......@@ -567,18 +567,28 @@ impl MedalConnection for Connection {
Ok(Some(id)) => {
let query = "UPDATE session
SET session_token = ?1, csrf_token = ?2, last_login = ?3, last_activity = ?3,
is_teacher = ?4, firstname = ?5, lastname = ?6, sex = ?7
WHERE id = ?8";
self.execute(query, &[&session_token, &csrf_token, &now, &is_teacher, &firstname, &lastname, &sex, &id]).unwrap();
is_teacher = ?4, is_admin = ?5, firstname = ?6, lastname = ?7, sex = ?8
WHERE id = ?9";
self.execute(query,
&[&session_token,
&csrf_token,
&now,
&is_teacher,
&is_admin,
&firstname,
&lastname,
&sex,
&id])
.unwrap();
Ok(session_token)
}
// Add!
_ => {
let query = "INSERT INTO session (session_token, csrf_token, last_login, last_activity,
permanent_login, grade, sex, is_teacher, oauth_foreign_id,
permanent_login, grade, sex, is_teacher, is_admin, oauth_foreign_id,
oauth_provider, firstname, lastname)
VALUES (?1, ?2, ?3, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11)";
VALUES (?1, ?2, ?3, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12)";
self.execute(query,
&[&session_token,
&csrf_token,
......@@ -587,6 +597,7 @@ impl MedalConnection for Connection {
&(if is_teacher { 255 } else { 0 }),
&sex,
&is_teacher,
&is_admin,
&foreign_id,
&provider_id,
&firstname,
......
src/db_objects.rs
View file @ 3da8ac81
......@@ -276,13 +276,9 @@ impl SessionUser {
(self.password.is_some() || self.logincode.is_some() || self.oauth_foreign_id.is_some()) && self.is_alive()
}
pub fn is_teacher(&self) -> bool {
self.is_teacher
}
pub fn is_teacher(&self) -> bool { self.is_teacher }
pub fn is_admin(&self) -> bool {
self.is_admin == Some(true)
}
pub fn is_admin(&self) -> bool { self.is_admin == Some(true) }
pub fn ensure_alive(self) -> Option<Self> {
if self.is_alive() {
......
src/main.rs
View file @ 3da8ac81
......@@ -147,12 +147,12 @@ fn add_admin_user<C>(conn: &mut C, resetpw: bool)
print!("'{}', ", &password);
let logincode: String = thread_rng().sample_iter(&Alphanumeric)
.filter(|x| {
let x = *x;
!(x == 'l' || x == 'I' || x == '1' || x == 'O' || x == 'o' || x == '0')
})
.take(8)
.collect();
.filter(|x| {
let x = *x;
!(x == 'l' || x == 'I' || x == '1' || x == 'O' || x == 'o' || x == '0')
})
.take(8)
.collect();
let logincode = format!("a{}", logincode);
print!(" logincode:'{}' …", &logincode);
......
src/webfw_iron.rs
View file @ 3da8ac81
......@@ -891,7 +891,8 @@ fn teacherinfos<C>(req: &mut Request) -> IronResult<Response>
let config = req.get::<Read<SharedConfiguration>>().unwrap();
let (template, data) = with_conn![core::teacher_infos, C, req, &session_token, config.teacher_page.as_ref().map(|x| &**x)].aug(req)?;
let (template, data) =
with_conn![core::teacher_infos, C, req, &session_token, config.teacher_page.as_ref().map(|x| &**x)].aug(req)?;
// .as_ref().map(|x| &**x) can be written as .as_deref() since rust 1.40
let mut resp = Response::new();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment