Delete snippets when banning and prevent banned users from logging in

This commit is contained in:
Asaf Gartner 2022-08-09 12:57:12 +03:00
parent 822a489c09
commit 319b1a05b9
2 changed files with 23 additions and 1 deletions

View File

@ -345,6 +345,10 @@ func AdminApprovalQueueSubmit(c *RequestContext) ResponseData {
if err != nil { if err != nil {
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete spammer's projects")) return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete spammer's projects"))
} }
err = deleteAllSnippetsForUser(c, c.Conn, user.ID)
if err != nil {
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete spammer's snippets"))
}
whatHappened = fmt.Sprintf("%s banned successfully", user.Username) whatHappened = fmt.Sprintf("%s banned successfully", user.Username)
} else { } else {
whatHappened = fmt.Sprintf("Unrecognized action: %s", action) whatHappened = fmt.Sprintf("Unrecognized action: %s", action)
@ -537,3 +541,17 @@ func deleteAllProjectsForUser(ctx context.Context, conn *pgxpool.Pool, userId in
return nil return nil
} }
func deleteAllSnippetsForUser(ctx context.Context, conn *pgxpool.Pool, userId int) error {
_, err := conn.Exec(ctx,
`
DELETE FROM snippet
WHERE owner_id = $1
`,
userId,
)
if err != nil {
return oops.New(err, "failed to delete snippets for user")
}
return nil
}

View File

@ -471,7 +471,7 @@ func RequestPasswordResetSubmit(c *RequestContext) ResponseData {
} }
} }
if user != nil { if user != nil && user.Status != models.UserStatusBanned {
c.Perf.StartBlock("SQL", "Fetching existing token") c.Perf.StartBlock("SQL", "Fetching existing token")
resetToken, err := db.QueryOne[models.OneTimeToken](c, c.Conn, resetToken, err := db.QueryOne[models.OneTimeToken](c, c.Conn,
` `
@ -679,6 +679,10 @@ func DoPasswordResetSubmit(c *RequestContext) ResponseData {
} }
func tryLogin(c *RequestContext, user *models.User, password string) (bool, error) { func tryLogin(c *RequestContext, user *models.User, password string) (bool, error) {
if user.Status == models.UserStatusBanned {
return false, nil
}
c.Perf.StartBlock("AUTH", "Checking password") c.Perf.StartBlock("AUTH", "Checking password")
defer c.Perf.EndBlock() defer c.Perf.EndBlock()
hashed, err := auth.ParsePasswordString(user.Password) hashed, err := auth.ParsePasswordString(user.Password)