diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-12-07 15:27:36 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-07 15:27:36 +0800 |
| commit | dd30d9d5c0f577cb6e084aae6de2752ad43474d8 (patch) | |
| tree | 1e3799a672a23424484b849827ba39eae447856a /models/user | |
| parent | beb71f5ef6e8074dc744ac995c15f7b5947a3f2e (diff) | |
| download | gitea-dd30d9d5c0f577cb6e084aae6de2752ad43474d8.tar.gz gitea-dd30d9d5c0f577cb6e084aae6de2752ad43474d8.zip | |
Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220)
The function `GetByBean` has an obvious defect that when the fields are
empty values, it will be ignored. Then users will get a wrong result
which is possibly used to make a security problem.
To avoid the possibility, this PR removed function `GetByBean` and all
references.
And some new generic functions have been introduced to be used.
The recommand usage like below.
```go
// if query an object according id
obj, err := db.GetByID[Object](ctx, id)
// query with other conditions
obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b})
```
Diffstat (limited to 'models/user')
| -rw-r--r-- | models/user/email_address.go | 18 | ||||
| -rw-r--r-- | models/user/external_login_user.go | 14 |
2 files changed, 18 insertions, 14 deletions
diff --git a/models/user/email_address.go b/models/user/email_address.go index f1ed6692cf..2af2621f5f 100644 --- a/models/user/email_address.go +++ b/models/user/email_address.go @@ -527,12 +527,13 @@ func ActivateUserEmail(ctx context.Context, userID int64, email string, activate // Activate/deactivate a user's secondary email address // First check if there's another user active with the same address - addr := EmailAddress{UID: userID, LowerEmail: strings.ToLower(email)} - if has, err := db.GetByBean(ctx, &addr); err != nil { + addr, exist, err := db.Get[EmailAddress](ctx, builder.Eq{"uid": userID, "lower_email": strings.ToLower(email)}) + if err != nil { return err - } else if !has { + } else if !exist { return fmt.Errorf("no such email: %d (%s)", userID, email) } + if addr.IsActivated == activate { // Already in the desired state; no action return nil @@ -544,25 +545,26 @@ func ActivateUserEmail(ctx context.Context, userID int64, email string, activate return ErrEmailAlreadyUsed{Email: email} } } - if err = updateActivation(ctx, &addr, activate); err != nil { + if err = updateActivation(ctx, addr, activate); err != nil { return fmt.Errorf("unable to updateActivation() for %d:%s: %w", addr.ID, addr.Email, err) } // Activate/deactivate a user's primary email address and account if addr.IsPrimary { - user := User{ID: userID, Email: email} - if has, err := db.GetByBean(ctx, &user); err != nil { + user, exist, err := db.Get[User](ctx, builder.Eq{"id": userID, "email": email}) + if err != nil { return err - } else if !has { + } else if !exist { return fmt.Errorf("no user with ID: %d and Email: %s", userID, email) } + // The user's activation state should be synchronized with the primary email if user.IsActive != activate { user.IsActive = activate if user.Rands, err = GetUserSalt(); err != nil { return fmt.Errorf("unable to generate salt: %w", err) } - if err = UpdateUserCols(ctx, &user, "is_active", "rands"); err != nil { + if err = UpdateUserCols(ctx, user, "is_active", "rands"); err != nil { return fmt.Errorf("unable to updateUserCols() for user ID: %d: %w", userID, err) } } diff --git a/models/user/external_login_user.go b/models/user/external_login_user.go index 0db702f225..965b7a5ed1 100644 --- a/models/user/external_login_user.go +++ b/models/user/external_login_user.go @@ -98,9 +98,10 @@ func GetExternalLogin(ctx context.Context, externalLoginUser *ExternalLoginUser) // LinkExternalToUser link the external user to the user func LinkExternalToUser(ctx context.Context, user *User, externalLoginUser *ExternalLoginUser) error { - has, err := db.GetEngine(ctx).Where("external_id=? AND login_source_id=?", externalLoginUser.ExternalID, externalLoginUser.LoginSourceID). - NoAutoCondition(). - Exist(externalLoginUser) + has, err := db.Exist[ExternalLoginUser](ctx, builder.Eq{ + "external_id": externalLoginUser.ExternalID, + "login_source_id": externalLoginUser.LoginSourceID, + }) if err != nil { return err } else if has { @@ -145,9 +146,10 @@ func GetUserIDByExternalUserID(ctx context.Context, provider, userID string) (in // UpdateExternalUserByExternalID updates an external user's information func UpdateExternalUserByExternalID(ctx context.Context, external *ExternalLoginUser) error { - has, err := db.GetEngine(ctx).Where("external_id=? AND login_source_id=?", external.ExternalID, external.LoginSourceID). - NoAutoCondition(). - Exist(external) + has, err := db.Exist[ExternalLoginUser](ctx, builder.Eq{ + "external_id": external.ExternalID, + "login_source_id": external.LoginSourceID, + }) if err != nil { return err } else if !has { |