diff --git a/.travis.yml b/.travis.yml index b86e1adae2..c28a181998 100644 --- a/.travis.yml +++ b/.travis.yml @@ -53,8 +53,8 @@ install: - go get -d github.com/go-sql-driver/mysql - go get github.com/golang/lint/golint - go get github.com/GeertJohan/fgt - - sudo apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" docker-engine=1.11.1-0~trusty - - sudo rm /usr/local/bin/docker-compose +# - sudo apt-get install -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" docker-engine=1.11.1-0~trusty +# - sudo rm /usr/local/bin/docker-compose - curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > docker-compose - chmod +x docker-compose - sudo mv docker-compose /usr/local/bin diff --git a/api/base.go b/api/base.go index 72f9da50b0..b761e4452f 100644 --- a/api/base.go +++ b/api/base.go @@ -81,7 +81,28 @@ func (b *BaseAPI) DecodeJSONReqAndValidate(v interface{}) { // ValidateUser checks if the request triggered by a valid user func (b *BaseAPI) ValidateUser() int { + userID, needsCheck, ok := b.GetUserIDForRequest() + if !ok { + log.Warning("No user id in session, canceling request") + b.CustomAbort(http.StatusUnauthorized, "") + } + if needsCheck { + u, err := dao.GetUser(models.User{UserID: userID}) + if err != nil { + log.Errorf("Error occurred in GetUser, error: %v", err) + b.CustomAbort(http.StatusInternalServerError, "Internal error.") + } + if u == nil { + log.Warningf("User was deleted already, user id: %d, canceling request.", userID) + b.CustomAbort(http.StatusUnauthorized, "") + } + } + return userID +} +// GetUserIDForRequest tries to get user ID from basic auth header and session. +// It returns the user ID, whether need further verification(when the id is from session) and if the action is successful +func (b *BaseAPI) GetUserIDForRequest() (int, bool, bool) { username, password, ok := b.Ctx.Request.BasicAuth() if ok { log.Infof("Requst with Basic Authentication header, username: %s", username) @@ -94,25 +115,17 @@ func (b *BaseAPI) ValidateUser() int { user = nil } if user != nil { - return user.UserID + // User login successfully no further check required. + return user.UserID, false, true } } - sessionUserID := b.GetSession("userId") - if sessionUserID == nil { - log.Warning("No user id in session, canceling request") - b.CustomAbort(http.StatusUnauthorized, "") + sessionUserID, ok := b.GetSession("userId").(int) + if ok { + // The ID is from session + return sessionUserID, true, true } - userID := sessionUserID.(int) - u, err := dao.GetUser(models.User{UserID: userID}) - if err != nil { - log.Errorf("Error occurred in GetUser, error: %v", err) - b.CustomAbort(http.StatusInternalServerError, "Internal error.") - } - if u == nil { - log.Warningf("User was deleted already, user id: %d, canceling request.", userID) - b.CustomAbort(http.StatusUnauthorized, "") - } - return userID + log.Debug("No valid user id in session.") + return 0, false, false } // Redirect does redirection to resource URI with http header status code. diff --git a/api/search.go b/api/search.go index 4da0068c00..e590d67161 100644 --- a/api/search.go +++ b/api/search.go @@ -39,7 +39,7 @@ type searchResult struct { // Get ... func (s *SearchAPI) Get() { - userID, ok := s.GetSession("userId").(int) + userID, _, ok := s.GetUserIDForRequest() if !ok { userID = dao.NonExistUserID }