fix: don't panic when using api token when not correctly put into context (#1119)
This commit is contained in:
parent
95df6190f7
commit
42534cdd79
|
|
@ -25,6 +25,7 @@ import (
|
|||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/log"
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
|
||||
echojwt "github.com/labstack/echo-jwt/v4"
|
||||
"github.com/labstack/echo/v4"
|
||||
|
|
@ -87,7 +88,13 @@ func checkAPITokenAndPutItInContext(tokenHeaderValue string, c echo.Context) err
|
|||
return echo.NewHTTPError(http.StatusUnauthorized)
|
||||
}
|
||||
|
||||
u, err := user.GetUserByID(s, token.OwnerID)
|
||||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError).SetInternal(err)
|
||||
}
|
||||
|
||||
c.Set("api_token", token)
|
||||
c.Set("api_user", u)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -632,3 +632,30 @@ const ErrorCodeUsernameReserved = 1026
|
|||
func (err ErrUsernameReserved) HTTPError() web.HTTPError {
|
||||
return web.HTTPError{HTTPCode: http.StatusBadRequest, Code: ErrorCodeUsernameReserved, Message: "This username is reserved and cannot be used."}
|
||||
}
|
||||
|
||||
// ErrInvalidUserContext represents an error where the user context is invalid or missing
|
||||
type ErrInvalidUserContext struct {
|
||||
Reason string
|
||||
}
|
||||
|
||||
// IsErrInvalidUserContext checks if an error is a ErrInvalidUserContext.
|
||||
func IsErrInvalidUserContext(err error) bool {
|
||||
_, ok := err.(ErrInvalidUserContext)
|
||||
return ok
|
||||
}
|
||||
|
||||
func (err ErrInvalidUserContext) Error() string {
|
||||
return fmt.Sprintf("Invalid user context: %s", err.Reason)
|
||||
}
|
||||
|
||||
// ErrorCodeInvalidUserContext holds the unique world-error code of this error
|
||||
const ErrorCodeInvalidUserContext = 1027
|
||||
|
||||
// HTTPError holds the http error description
|
||||
func (err ErrInvalidUserContext) HTTPError() web.HTTPError {
|
||||
return web.HTTPError{
|
||||
HTTPCode: http.StatusUnauthorized,
|
||||
Code: ErrorCodeInvalidUserContext,
|
||||
Message: "Invalid user context. Please make sure the passed token is valid and try again.",
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -429,7 +429,21 @@ func GetCurrentUserFromDB(s *xorm.Session, c echo.Context) (user *User, err erro
|
|||
|
||||
// GetCurrentUser returns the current user based on its jwt token
|
||||
func GetCurrentUser(c echo.Context) (user *User, err error) {
|
||||
jwtinf := c.Get("user").(*jwt.Token)
|
||||
if apiUser, ok := c.Get("api_user").(*User); ok {
|
||||
return apiUser, nil
|
||||
}
|
||||
|
||||
jwtinf, is := c.Get("user").(*jwt.Token)
|
||||
if jwtinf == nil {
|
||||
log.Error("No user found in context")
|
||||
return nil, ErrInvalidUserContext{Reason: "no user found in context"}
|
||||
}
|
||||
|
||||
if !is {
|
||||
log.Errorf("User in context is not a JWT token, got type: %T", jwtinf)
|
||||
return nil, ErrInvalidUserContext{Reason: "user in context is not a JWT token"}
|
||||
}
|
||||
|
||||
claims := jwtinf.Claims.(jwt.MapClaims)
|
||||
return GetUserFromClaims(claims)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue