fix: abort if oauth user info is invalid
This commit is contained in:
parent
61b69d1026
commit
6dd3478ff9
|
@ -193,6 +193,11 @@ func (s *Server) discordLink(w http.ResponseWriter, r *http.Request) error {
|
||||||
return server.APIError{Code: server.ErrInvalidTicket}
|
return server.APIError{Code: server.ErrInvalidTicket}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if du.ID == "" {
|
||||||
|
log.Errorf("linking user with id %v: discord user ID was empty", claims.UserID)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Discord user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromDiscord(ctx, s.DB, du)
|
err = u.UpdateFromDiscord(ctx, s.DB, du)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from discord")
|
return errors.Wrap(err, "updating user from discord")
|
||||||
|
@ -302,6 +307,11 @@ func (s *Server) discordSignup(w http.ResponseWriter, r *http.Request) error {
|
||||||
return errors.Wrap(err, "creating user")
|
return errors.Wrap(err, "creating user")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if du.ID == "" {
|
||||||
|
log.Errorf("creating user with name %q: user ID was empty", req.Username)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Discord user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromDiscord(ctx, tx, du)
|
err = u.UpdateFromDiscord(ctx, tx, du)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from discord")
|
return errors.Wrap(err, "updating user from discord")
|
||||||
|
|
|
@ -220,6 +220,11 @@ func (s *Server) mastodonLink(w http.ResponseWriter, r *http.Request) error {
|
||||||
return server.APIError{Code: server.ErrInvalidTicket}
|
return server.APIError{Code: server.ErrInvalidTicket}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if mu.ID == "" {
|
||||||
|
log.Errorf("linking user with id %v: user ID was empty", claims.UserID)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Mastodon user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromFedi(ctx, s.DB, mu.ID, mu.Username, app.ID)
|
err = u.UpdateFromFedi(ctx, s.DB, mu.ID, mu.Username, app.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from mastoAPI")
|
return errors.Wrap(err, "updating user from mastoAPI")
|
||||||
|
@ -330,6 +335,11 @@ func (s *Server) mastodonSignup(w http.ResponseWriter, r *http.Request) error {
|
||||||
return errors.Wrap(err, "creating user")
|
return errors.Wrap(err, "creating user")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if mu.ID == "" {
|
||||||
|
log.Errorf("creating user with name %q: user ID was empty", req.Username)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Mastodon user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromFedi(ctx, tx, mu.ID, mu.Username, app.ID)
|
err = u.UpdateFromFedi(ctx, tx, mu.ID, mu.Username, app.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from mastoAPI")
|
return errors.Wrap(err, "updating user from mastoAPI")
|
||||||
|
|
|
@ -195,6 +195,11 @@ func (s *Server) misskeyLink(w http.ResponseWriter, r *http.Request) error {
|
||||||
return server.APIError{Code: server.ErrInvalidTicket}
|
return server.APIError{Code: server.ErrInvalidTicket}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if mu.ID == "" {
|
||||||
|
log.Errorf("linking user with id %v: user ID was empty", claims.UserID)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Misskey user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromFedi(ctx, s.DB, mu.ID, mu.Username, app.ID)
|
err = u.UpdateFromFedi(ctx, s.DB, mu.ID, mu.Username, app.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from misskey")
|
return errors.Wrap(err, "updating user from misskey")
|
||||||
|
@ -260,6 +265,11 @@ func (s *Server) misskeySignup(w http.ResponseWriter, r *http.Request) error {
|
||||||
return errors.Wrap(err, "creating user")
|
return errors.Wrap(err, "creating user")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if mu.ID == "" {
|
||||||
|
log.Errorf("creating user with name %q: user ID was empty", req.Username)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Misskey user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromFedi(ctx, tx, mu.ID, mu.Username, app.ID)
|
err = u.UpdateFromFedi(ctx, tx, mu.ID, mu.Username, app.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from misskey")
|
return errors.Wrap(err, "updating user from misskey")
|
||||||
|
|
|
@ -208,6 +208,11 @@ func (s *Server) googleLink(w http.ResponseWriter, r *http.Request) error {
|
||||||
return server.APIError{Code: server.ErrInvalidTicket}
|
return server.APIError{Code: server.ErrInvalidTicket}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if gu.ID == "" {
|
||||||
|
log.Errorf("linking user with id %v: user ID was empty", claims.UserID)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Google user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromGoogle(ctx, s.DB, gu.ID, gu.Email)
|
err = u.UpdateFromGoogle(ctx, s.DB, gu.ID, gu.Email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from google")
|
return errors.Wrap(err, "updating user from google")
|
||||||
|
@ -306,6 +311,11 @@ func (s *Server) googleSignup(w http.ResponseWriter, r *http.Request) error {
|
||||||
return errors.Wrap(err, "creating user")
|
return errors.Wrap(err, "creating user")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if gu.ID == "" {
|
||||||
|
log.Errorf("creating user with name %q: user ID was empty", req.Username)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Google user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromGoogle(ctx, tx, gu.ID, gu.Email)
|
err = u.UpdateFromGoogle(ctx, tx, gu.ID, gu.Email)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from google")
|
return errors.Wrap(err, "updating user from google")
|
||||||
|
|
|
@ -241,6 +241,11 @@ func (s *Server) tumblrLink(w http.ResponseWriter, r *http.Request) error {
|
||||||
return server.APIError{Code: server.ErrInvalidTicket}
|
return server.APIError{Code: server.ErrInvalidTicket}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if tui.ID == "" {
|
||||||
|
log.Errorf("linking user with id %v: user ID was empty", claims.UserID)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Tumblr user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromTumblr(ctx, s.DB, tui.ID, tui.Name)
|
err = u.UpdateFromTumblr(ctx, s.DB, tui.ID, tui.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from tumblr")
|
return errors.Wrap(err, "updating user from tumblr")
|
||||||
|
@ -339,6 +344,11 @@ func (s *Server) tumblrSignup(w http.ResponseWriter, r *http.Request) error {
|
||||||
return errors.Wrap(err, "creating user")
|
return errors.Wrap(err, "creating user")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if tui.ID == "" {
|
||||||
|
log.Errorf("creating user with name %q: user ID was empty", req.Username)
|
||||||
|
return server.APIError{Code: server.ErrInternalServerError, Details: "Tumblr user ID is empty"}
|
||||||
|
}
|
||||||
|
|
||||||
err = u.UpdateFromTumblr(ctx, tx, tui.ID, tui.Name)
|
err = u.UpdateFromTumblr(ctx, tx, tui.ID, tui.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "updating user from tumblr")
|
return errors.Wrap(err, "updating user from tumblr")
|
||||||
|
|
Loading…
Reference in New Issue