fix double login bug with db constraint, only show new users as requestable, add flash messages

This commit is contained in:
flynn 2019-02-16 00:41:39 +01:00
parent ad4e95f98c
commit 7ccb7b9150
9 changed files with 65 additions and 72 deletions

View file

@ -88,6 +88,7 @@
</div>
</div>
</nav>
{% include "parts/flash.html" %}
<section class="section">
<div class="container">
<div id="view">
@ -145,7 +146,8 @@
<div class="control">
<div class="select">
<select name="to_id" id="to_id">
{% for user in other_users %}
<option hidden disabled selected value> -- select an option -- </option>
{% for user in non_requested_users %}
<option value="{{user.id}}">{{user.name}}</option>
{% endfor %}
</select>

View file

@ -0,0 +1,16 @@
{% if flash %}
<div class="section">
<div class="container">
{% if flash.error %}
<div class="notification is-danger">
<button class="delete" onclick="removeThis(this);"></button>
{{ flash.error }}
</div>
{% endif %}
</div>
</div>
{% endif %}

View file

@ -0,0 +1,3 @@
ALTER TABLE users
DROP INDEX UC_user;

View file

@ -0,0 +1,2 @@
ALTER TABLE users
ADD CONSTRAINT UC_user UNIQUE (zeusid);

View file

@ -23,3 +23,7 @@ document.addEventListener('DOMContentLoaded', () => {
}
});
function removeThis(ele) {
ele.parentNode.remove();
}

View file

@ -62,7 +62,7 @@ WHERE id = :id
-- :name get-relation-requests-from-user :? :*
-- :doc retrieves all relations requests that a user made
SELECT rr.id as rr_id, rr.status, u_to.name as to_name FROM relation_requests as rr
SELECT rr.id as rr_id, rr.status, u_to.name as to_name, u_to.id as to_id FROM relation_requests as rr
JOIN users u_to on rr.to_id = u_to.id
WHERE from_id = :from_id

View file

@ -1,42 +0,0 @@
(ns cat.oauth
(:require [cat.config :refer [env]]
[oauth.client :as oauth]
[mount.core :refer [defstate]]
[clojure.tools.logging :as log]))
(defstate consumer
:start (oauth/make-consumer
(env :oauth-consumer-key)
(env :oauth-consumer-secret)
(env :request-token-uri)
(env :access-token-uri)
(env :authorize-uri)
:hmac-sha1))
(defn oauth-callback-uri
"Generates the oauth request callback URI"
[{:keys [headers]}]
(let [callback-url (str "http://" (headers "host") "/oauth/oauth-callback")]
(println "Generated callback url:" callback-url)
callback-url))
(defn fetch-request-token
"Fetches a request token."
[request]
(let [callback-uri (oauth-callback-uri request)]
(log/info "Fetching request token using callback-uri" callback-uri)
(log/info "Oauth consumer: " consumer)
(oauth/request-token consumer callback-uri {:grant_type "authorization_code"})))
(defn fetch-access-token
[request_token]
(oauth/access-token consumer request_token (:oauth_verifier request_token)))
(defn auth-redirect-uri
"Gets the URI the user should be redirected to when authenticating."
([request]
(auth-redirect-uri request ""))
([request request-token]
(str (oauth/user-approval-uri consumer request-token {:response_type "code"
:client_id (env :oauth-consumer-key)
:redirect_uri (oauth-callback-uri request)}))))

View file

@ -38,13 +38,6 @@
(defroutes home-routes
(GET "/" req
(log/info "------")
(log/info "key: " (env :oauth-consumer-key))
(log/info "secret: " (env :oauth-consumer-secret))
(log/info "host: " (env :app-host))
(log/info "token: " (env :access-token-uri))
(log/info "auth uri: " (env :authorize-uri))
(log/info "------")
(let [users (get-users)
relations (get-relations)
user (-> (get-in req [:session :user]))
@ -58,18 +51,22 @@
(seq (filter (fn [usr] (not (= (:id usr) (:id user))))
users)))
rel-requests-out (seq (db/get-relation-requests-from-user {:from_id (:id user)}))
rel-requests-in (seq (db/get-relation-requests-to-user {:to_id (:id user)}))]
rel-requests-in (seq (db/get-relation-requests-to-user {:to_id (:id user)}))
non_requested_users (seq (filter (fn [other-user] (not (some (partial = (:id other-user)) (map :to_id rel-requests-out)))) other_users))]
(log/info (str "Session: " (:session req)))
;(log/info (str "Relation requests: \n OUTGOING: " rel-requests-out "\n INCOMING: " rel-requests-in))
;(log/info (str "User relations: " user-relations))
;(log/info (str "Other Users: " other_users))
;(log/info (str "rel reqs out: " rel-requests-out))
;(log/info (str "rel reqs out id: " (seq (map :to_id rel-requests-out))))
(home-page {:relations relations
:users users
:user user
:user-relations user-relations
:other_users other_users
:rel-requests-out rel-requests-out
:rel-requests-in rel-requests-in})))
:rel-requests-in rel-requests-in
:non_requested_users non_requested_users
:flash (:flash req)})))
;(GET "/docs" []
; (-> (response/ok (-> "docs/docs.md" io/resource slurp))
; (response/header "Content-Type" "text/plain; charset=utf-8")))
@ -119,17 +116,20 @@
[err result] (st/validate data request_relation-schema)
from-id (get-in req [:session :user :id])]
(if (nil? from-id) (response/found (error-page
{:status 400
:title "No user id found in session"})))
{:status 400
:title "No user id found in session"})))
(log/info "Post to " (:uri req) "\n with data " result)
(if (nil? err)
(do
(log/debug "Create relation request")
(db/create-relation-request! {:from_id from-id
:to_id (:to_id result)
:status "open"})
(response/found "/"))
(do
(response/bad-request "Incorrect input")))))
(log/debug "Relation request failed")
(log/debug err)
(response/unprocessable-entity "Incorrect input")))))
; TODO make bottom 2 admin protected
(POST "/relations" req

View file

@ -5,7 +5,7 @@
[cat.moauth :as mo]
[cat.db.core :refer [*db*] :as db]))
(def admins #{10 ;flynn
(def admins #{10 ;flynn
})
(defn set-user! [user session redirect-url]
@ -48,19 +48,27 @@
(let [{:keys [access_token refresh_token]} (mo/get-authentication-response nil req_token)]
(log/info "Successfully fetched access-id: " access_token)
(log/info "Fetching user info")
(let [user (mo/get-user-info access_token)]
(log/info "User info: " user)
(let [zeususer (db/get-zeus-user {:zeusid (:id user)})]
(log/info "Zeus user from db: " zeususer)
(if zeususer
(set-user! zeususer session "/")
(let [user-template {:name (:username user)
:gender nil
:zeusid (:id user)}
generated-key (-> user-template
(db/create-user!,,,))]
(log/info "Created user: " generated-key)
(set-user! (assoc user-template :id (:generated_key generated-key)) session "/"))))))))
(let [fetched-user (mo/get-user-info access_token)]
(log/info "Fetched user info: " fetched-user)
(let [local-user (db/get-zeus-user {:zeusid (:id fetched-user)})]
(log/info "Zeus user from db: " local-user)
(if local-user
(set-user! local-user session "/")
(try
(let [user-template {:name (:username fetched-user)
:gender nil
:zeusid (:id fetched-user)}
generated-key (-> user-template
(db/create-user!,,,))]
(log/info "Created user: " generated-key)
(set-user! (assoc user-template :id (:generated_key generated-key)) session "/"))
(catch Exception e
(do
(log/warn "fetched user" fetched-user "already exists, but was not found")
(log/warn (:cause (Throwable->map e)))
(-> (found "/")
(assoc :flash {:error "An error occurred, please try again."})))
))))))))
;(catch [:status 401] _
; (error-page {:status 401