implemented user locking authentication

2025-03-31 16:00:39 +08:00 · 2020-09-06 18:42:57 -07:00 · 2020-09-06 18:42:57 -07:00 · c2184e7856
commit c2184e7856
parent 5a89a45053
4 changed files with 26 additions and 9 deletions
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -94,6 +94,7 @@ services:
      DB_USER: "hangarauth"
      DB_PASSWORD: "hangarauth"
      DB_HOST: "db"
+      APP_HOST: "http://localhost:8080"
      SSO_ENDPOINT_hangar: "{ 'sync_sso_endpoint': ('http://app:8080/api/sync_sso'), 'sso_secret': 'changeme', 'api_key': 'changeme' }"
      DEBUG: "true"
      DJANGO_SETTINGS_MODULE: "spongeauth.settings.prod"
--- a/src/main/java/io/papermc/hangar/controller/UsersController.java
+++ b/src/main/java/io/papermc/hangar/controller/UsersController.java
@ -8,11 +8,13 @@ import io.papermc.hangar.db.model.NotificationsTable;
 import io.papermc.hangar.db.model.OrganizationsTable;
 import io.papermc.hangar.db.model.UsersTable;
 import io.papermc.hangar.model.InviteFilter;
+import io.papermc.hangar.model.NamedPermission;
 import io.papermc.hangar.model.NotificationFilter;
 import io.papermc.hangar.model.Prompt;
 import io.papermc.hangar.model.viewhelpers.InviteSubject;
 import io.papermc.hangar.model.viewhelpers.UserData;
 import io.papermc.hangar.model.viewhelpers.UserRole;
+import io.papermc.hangar.security.annotations.GlobalPermission;
 import io.papermc.hangar.service.ApiKeyService;
 import io.papermc.hangar.service.AuthenticationService;
 import io.papermc.hangar.service.NotificationService;
@ -21,6 +23,7 @@ import io.papermc.hangar.service.PermissionService;
 import io.papermc.hangar.service.RoleService;
 import io.papermc.hangar.service.SitemapService;
 import io.papermc.hangar.service.SsoService;
+import io.papermc.hangar.service.SsoService.SignatureException;
 import io.papermc.hangar.service.UserActionLogService;
 import io.papermc.hangar.service.UserService;
 import io.papermc.hangar.service.sso.AuthUser;
@ -44,7 +47,6 @@ import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.server.ResponseStatusException;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
-import org.springframework.web.servlet.view.RedirectView;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@ -240,12 +242,27 @@ public class UsersController extends HangarController {
        return fillModel(mav);
    }

+    @GlobalPermission(NamedPermission.EDIT_OWN_USER_SETTINGS)
    @Secured("ROLE_USER")
-    @PostMapping("/{user}/settings/lock/{locked}")
-    public RedirectView setLocked(@PathVariable String user, @PathVariable boolean locked, @RequestParam String sso, @RequestParam String sig) {
-        // TODO auth
-        userService.setLocked(user, locked);
-        return new RedirectView(Routes.getRouteUrlOf("users.showProjects", user));
+    @GetMapping("/{user}/settings/lock/{locked}")
+    public ModelAndView setLocked(@PathVariable String user, @PathVariable boolean locked, @RequestParam(required = false) String sso, @RequestParam(required = false) String sig) {
+        UsersTable curUser = getCurrentUser();
+        if (!hangarConfig.fakeUser.isEnabled()) {
+            try {
+                AuthUser authUser = ssoService.authenticate(sso, sig);
+                if (authUser == null || authUser.getId() != curUser.getId()) {
+                    throw new ResponseStatusException(HttpStatus.UNAUTHORIZED);
+                }
+            } catch (SignatureException e) {
+                throw new ResponseStatusException(HttpStatus.UNAUTHORIZED);
+            }
+        }
+
+        if (!locked) {
+            // TODO email!
+        }
+        userService.setLocked(curUser, locked);
+        return Routes.USERS_SHOW_PROJECTS.getRedirect(user);
    }

    @Secured("ROLE_USER")
--- a/src/main/java/io/papermc/hangar/service/UserService.java
+++ b/src/main/java/io/papermc/hangar/service/UserService.java
@ -156,8 +156,7 @@ public class UserService extends HangarService {
        }
    }

-    public void setLocked(String userName, boolean locked) {
-        UsersTable user = userDao.get().getByName(userName);
+    public void setLocked(UsersTable user, boolean locked) {
        user.setIsLocked(locked);
        userDao.get().update(user);
    }
--- a/src/main/resources/templates/users/view.ftlh
+++ b/src/main/resources/templates/users/view.ftlh
@ -75,7 +75,7 @@

                                <span data-toggle="modal" data-target="#modal-lock">
                                    <i class="fas <#if u.user.isLocked()>fa-lock<#else>fa-unlock-alt</#if> action-lock-account" data-toggle="tooltip"
-                                    data-placement="top" title="<@spring.message "user.lock" />"></i>
+                                    data-placement="top" title="<#if !u.user.isLocked()><@spring.message "user.lock" /><#else><@spring.message "user.unlock" /></#if>"></i>
                                </span>

                                <a class="action-api" href="${Routes.USERS_EDIT_API_KEYS.getRouteUrl(u.user.name)}">