miniflux-v2/storage/user.go

// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.

package storage

import (
	"database/sql"
	"errors"
	"fmt"
	"strings"
	"time"

	"github.com/miniflux/miniflux/model"
	"github.com/miniflux/miniflux/timer"

	"github.com/lib/pq/hstore"
	"golang.org/x/crypto/bcrypt"
)

// SetLastLogin updates the last login date of a user.
func (s *Storage) SetLastLogin(userID int64) error {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:SetLastLogin] userID=%d", userID))
	query := "UPDATE users SET last_login_at=now() WHERE id=$1"
	_, err := s.db.Exec(query, userID)
	if err != nil {
		return fmt.Errorf("unable to update last login date: %v", err)
	}

	return nil
}

// UserExists checks if a user exists by using the given username.
func (s *Storage) UserExists(username string) bool {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserExists] username=%s", username))

	var result int
	s.db.QueryRow(`SELECT count(*) as c FROM users WHERE username=LOWER($1)`, username).Scan(&result)
	return result >= 1
}

// AnotherUserExists checks if another user exists with the given username.
func (s *Storage) AnotherUserExists(userID int64, username string) bool {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:AnotherUserExists] userID=%d, username=%s", userID, username))

	var result int
	s.db.QueryRow(`SELECT count(*) as c FROM users WHERE id != $1 AND username=LOWER($2)`, userID, username).Scan(&result)
	return result >= 1
}

// CreateUser creates a new user.
func (s *Storage) CreateUser(user *model.User) (err error) {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:CreateUser] username=%s", user.Username))
	password := ""
	extra := hstore.Hstore{Map: make(map[string]sql.NullString)}

	if user.Password != "" {
		password, err = hashPassword(user.Password)
		if err != nil {
			return err
		}
	}

	if len(user.Extra) > 0 {
		for key, value := range user.Extra {
			extra.Map[key] = sql.NullString{String: value, Valid: true}
		}
	}

	query := `INSERT INTO users
		(username, password, is_admin, extra)
		VALUES
		(LOWER($1), $2, $3, $4)
		RETURNING id, username, is_admin, language, theme, timezone, entry_direction`

	err = s.db.QueryRow(query, user.Username, password, user.IsAdmin, extra).Scan(
		&user.ID,
		&user.Username,
		&user.IsAdmin,
		&user.Language,
		&user.Theme,
		&user.Timezone,
		&user.EntryDirection,
	)
	if err != nil {
		return fmt.Errorf("unable to create user: %v", err)
	}

	s.CreateCategory(&model.Category{Title: "All", UserID: user.ID})
	s.CreateIntegration(user.ID)
	return nil
}

// UpdateExtraField updates an extra field of the given user.
func (s *Storage) UpdateExtraField(userID int64, field, value string) error {
	query := fmt.Sprintf(`UPDATE users SET extra = hstore('%s', $1) WHERE id=$2`, field)
	_, err := s.db.Exec(query, value, userID)
	if err != nil {
		return fmt.Errorf("unable to update user extra field: %v", err)
	}
	return nil
}

// RemoveExtraField deletes an extra field for the given user.
func (s *Storage) RemoveExtraField(userID int64, field string) error {
	query := `UPDATE users SET extra = delete(extra, $1) WHERE id=$2`
	_, err := s.db.Exec(query, field, userID)
	if err != nil {
		return fmt.Errorf("unable to remove user extra field: %v", err)
	}
	return nil
}

// UpdateUser updates a user.
func (s *Storage) UpdateUser(user *model.User) error {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UpdateUser] userID=%d", user.ID))

	if user.Password != "" {
		hashedPassword, err := hashPassword(user.Password)
		if err != nil {
			return err
		}

		query := `UPDATE users SET
			username=LOWER($1),
			password=$2,
			is_admin=$3,
			theme=$4,
			language=$5,
			timezone=$6,
			entry_direction=$7
			WHERE id=$8`

		_, err = s.db.Exec(
			query,
			user.Username,
			hashedPassword,
			user.IsAdmin,
			user.Theme,
			user.Language,
			user.Timezone,
			user.EntryDirection,
			user.ID,
		)
		if err != nil {
			return fmt.Errorf("unable to update user: %v", err)
		}
	} else {
		query := `UPDATE users SET
			username=LOWER($1),
			is_admin=$2,
			theme=$3,
			language=$4,
			timezone=$5,
			entry_direction=$6
			WHERE id=$7`

		_, err := s.db.Exec(
			query,
			user.Username,
			user.IsAdmin,
			user.Theme,
			user.Language,
			user.Timezone,
			user.EntryDirection,
			user.ID,
		)

		if err != nil {
			return fmt.Errorf("unable to update user: %v", err)
		}
	}

	return nil
}

// UserLanguage returns the language of the given user.
func (s *Storage) UserLanguage(userID int64) (language string, err error) {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserLanguage] userID=%d", userID))
	err = s.db.QueryRow(`SELECT language FROM users WHERE id = $1`, userID).Scan(&language)
	if err == sql.ErrNoRows {
		return "en_US", nil
	} else if err != nil {
		return "", fmt.Errorf("unable to fetch user language: %v", err)
	}
	return language, nil
}

// UserByID finds a user by the ID.
func (s *Storage) UserByID(userID int64) (*model.User, error) {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserByID] userID=%d", userID))
	query := `SELECT
		id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra
		FROM users
		WHERE id = $1`

	return s.fetchUser(query, userID)
}

// UserByUsername finds a user by the username.
func (s *Storage) UserByUsername(username string) (*model.User, error) {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserByUsername] username=%s", username))
	query := `SELECT
		id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra
		FROM users
		WHERE username=LOWER($1)`

	return s.fetchUser(query, username)
}

// UserByExtraField finds a user by an extra field value.
func (s *Storage) UserByExtraField(field, value string) (*model.User, error) {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserByExtraField] field=%s", field))
	query := `SELECT
		id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra
		FROM users
		WHERE extra->$1=$2`

	return s.fetchUser(query, field, value)
}

func (s *Storage) fetchUser(query string, args ...interface{}) (*model.User, error) {
	var extra hstore.Hstore

	user := model.NewUser()
	err := s.db.QueryRow(query, args...).Scan(
		&user.ID,
		&user.Username,
		&user.IsAdmin,
		&user.Theme,
		&user.Language,
		&user.Timezone,
		&user.EntryDirection,
		&user.LastLoginAt,
		&extra,
	)

	if err == sql.ErrNoRows {
		return nil, nil
	} else if err != nil {
		return nil, fmt.Errorf("unable to fetch user: %v", err)
	}

	for key, value := range extra.Map {
		if value.Valid {
			user.Extra[key] = value.String
		}
	}

	return user, nil
}

// RemoveUser deletes a user.
func (s *Storage) RemoveUser(userID int64) error {
	defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:RemoveUser] userID=%d", userID))

	result, err := s.db.Exec("DELETE FROM users WHERE id = $1", userID)
	if err != nil {
		return fmt.Errorf("unable to remove this user: %v", err)
	}

	count, err := result.RowsAffected()
	if err != nil {
		return fmt.Errorf("unable to remove this user: %v", err)
	}

	if count == 0 {
		return errors.New("nothing has been removed")
	}

	return nil
}

// Users returns all users.
func (s *Storage) Users() (model.Users, error) {
	defer timer.ExecutionTime(time.Now(), "[Storage:Users]")
	query := `
		SELECT
			id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra
		FROM users
		ORDER BY username ASC`

	rows, err := s.db.Query(query)
	if err != nil {
		return nil, fmt.Errorf("unable to fetch users: %v", err)
	}
	defer rows.Close()

	var users model.Users
	for rows.Next() {
		var extra hstore.Hstore
		user := model.NewUser()
		err := rows.Scan(
			&user.ID,
			&user.Username,
			&user.IsAdmin,
			&user.Theme,
			&user.Language,
			&user.Timezone,
			&user.EntryDirection,
			&user.LastLoginAt,
			&extra,
		)

		if err != nil {
			return nil, fmt.Errorf("unable to fetch users row: %v", err)
		}

		for key, value := range extra.Map {
			if value.Valid {
				user.Extra[key] = value.String
			}
		}

		users = append(users, user)
	}

	return users, nil
}

// CheckPassword validate the hashed password.
func (s *Storage) CheckPassword(username, password string) error {
	defer timer.ExecutionTime(time.Now(), "[Storage:CheckPassword]")

	var hash string
	username = strings.ToLower(username)

	err := s.db.QueryRow("SELECT password FROM users WHERE username=$1", username).Scan(&hash)
	if err == sql.ErrNoRows {
		return fmt.Errorf("unable to find this user: %s", username)
	} else if err != nil {
		return fmt.Errorf("unable to fetch user: %v", err)
	}

	if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)); err != nil {
		return fmt.Errorf(`invalid password for "%s" (%v)`, username, err)
	}

	return nil
}

// HasPassword returns true if the given user has a password defined.
func (s *Storage) HasPassword(userID int64) (bool, error) {
	var result bool
	query := `SELECT true FROM users WHERE id=$1 AND password <> ''`

	err := s.db.QueryRow(query, userID).Scan(&result)
	if err == sql.ErrNoRows {
		return false, nil
	} else if err != nil {
		return false, fmt.Errorf("unable to execute query: %v", err)
	}

	if result {
		return true, nil
	}
	return false, nil
}

func hashPassword(password string) (string, error) {
	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	return string(bytes), err
}
First commit 2017-11-20 06:10:04 +01:00			`// Copyright 2017 Frédéric Guillot. All rights reserved.`
			`// Use of this source code is governed by the Apache 2.0`
			`// license that can be found in the LICENSE file.`

			`package storage`

			`import (`
			`"database/sql"`
			`"errors"`
			`"fmt"`
			`"strings"`
			`"time"`

Rewrite imports 2017-12-13 06:48:13 +01:00			`"github.com/miniflux/miniflux/model"`
Rename helper packages 2018-01-03 04:15:08 +01:00			`"github.com/miniflux/miniflux/timer"`
Add OAuth2 authentication 2017-11-23 07:22:33 +01:00
Show last login and session creation date in current timezone 2018-03-05 02:04:31 +01:00			`"github.com/lib/pq/hstore"`
First commit 2017-11-20 06:10:04 +01:00			`"golang.org/x/crypto/bcrypt"`
			`)`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// SetLastLogin updates the last login date of a user.`
First commit 2017-11-20 06:10:04 +01:00			`func (s *Storage) SetLastLogin(userID int64) error {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:SetLastLogin] userID=%d", userID))`
First commit 2017-11-20 06:10:04 +01:00			`query := "UPDATE users SET last_login_at=now() WHERE id=$1"`
			`_, err := s.db.Exec(query, userID)`
			`if err != nil {`
			`return fmt.Errorf("unable to update last login date: %v", err)`
			`}`

			`return nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// UserExists checks if a user exists by using the given username.`
First commit 2017-11-20 06:10:04 +01:00			`func (s *Storage) UserExists(username string) bool {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserExists] username=%s", username))`
First commit 2017-11-20 06:10:04 +01:00
			`var result int`
Make sure username are always lowercase 2017-12-29 23:55:16 +01:00			s.db.QueryRow(`SELECT count(*) as c FROM users WHERE username=LOWER($1)`, username).Scan(&result)
First commit 2017-11-20 06:10:04 +01:00			`return result >= 1`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// AnotherUserExists checks if another user exists with the given username.`
First commit 2017-11-20 06:10:04 +01:00			`func (s *Storage) AnotherUserExists(userID int64, username string) bool {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:AnotherUserExists] userID=%d, username=%s", userID, username))`
First commit 2017-11-20 06:10:04 +01:00
			`var result int`
Make sure username are always lowercase 2017-12-29 23:55:16 +01:00			s.db.QueryRow(`SELECT count(*) as c FROM users WHERE id != $1 AND username=LOWER($2)`, userID, username).Scan(&result)
First commit 2017-11-20 06:10:04 +01:00			`return result >= 1`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// CreateUser creates a new user.`
Add OAuth2 authentication 2017-11-23 07:22:33 +01:00			`func (s Storage) CreateUser(user model.User) (err error) {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:CreateUser] username=%s", user.Username))`
Add OAuth2 authentication 2017-11-23 07:22:33 +01:00			`password := ""`
			`extra := hstore.Hstore{Map: make(map[string]sql.NullString)}`
First commit 2017-11-20 06:10:04 +01:00
Add OAuth2 authentication 2017-11-23 07:22:33 +01:00			`if user.Password != "" {`
			`password, err = hashPassword(user.Password)`
			`if err != nil {`
			`return err`
			`}`
First commit 2017-11-20 06:10:04 +01:00			`}`

Add OAuth2 authentication 2017-11-23 07:22:33 +01:00			`if len(user.Extra) > 0 {`
			`for key, value := range user.Extra {`
			`extra.Map[key] = sql.NullString{String: value, Valid: true}`
			`}`
			`}`

Add first integration test 2017-11-25 19:40:23 +01:00			query := `INSERT INTO users
			`(username, password, is_admin, extra)`
			`VALUES`
Make sure username are always lowercase 2017-12-29 23:55:16 +01:00			`(LOWER($1), $2, $3, $4)`
			RETURNING id, username, is_admin, language, theme, timezone, entry_direction`
Add first integration test 2017-11-25 19:40:23 +01:00
Make sure username are always lowercase 2017-12-29 23:55:16 +01:00			`err = s.db.QueryRow(query, user.Username, password, user.IsAdmin, extra).Scan(`
Add first integration test 2017-11-25 19:40:23 +01:00			`&user.ID,`
Make sure username are always lowercase 2017-12-29 23:55:16 +01:00			`&user.Username,`
			`&user.IsAdmin,`
Add first integration test 2017-11-25 19:40:23 +01:00			`&user.Language,`
			`&user.Theme,`
			`&user.Timezone,`
Improve API 2017-12-25 03:04:34 +01:00			`&user.EntryDirection,`
Add first integration test 2017-11-25 19:40:23 +01:00			`)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
			`return fmt.Errorf("unable to create user: %v", err)`
			`}`

			`s.CreateCategory(&model.Category{Title: "All", UserID: user.ID})`
Add Pinboard integration 2017-12-03 04:32:14 +01:00			`s.CreateIntegration(user.ID)`
First commit 2017-11-20 06:10:04 +01:00			`return nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// UpdateExtraField updates an extra field of the given user.`
Improve OAuth2 integration 2017-11-25 01:09:10 +01:00			`func (s *Storage) UpdateExtraField(userID int64, field, value string) error {`
			query := fmt.Sprintf(`UPDATE users SET extra = hstore('%s', $1) WHERE id=$2`, field)
			`_, err := s.db.Exec(query, value, userID)`
			`if err != nil {`
			`return fmt.Errorf("unable to update user extra field: %v", err)`
			`}`
			`return nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// RemoveExtraField deletes an extra field for the given user.`
Improve OAuth2 integration 2017-11-25 01:09:10 +01:00			`func (s *Storage) RemoveExtraField(userID int64, field string) error {`
			query := `UPDATE users SET extra = delete(extra, $1) WHERE id=$2`
			`_, err := s.db.Exec(query, field, userID)`
			`if err != nil {`
			`return fmt.Errorf("unable to remove user extra field: %v", err)`
			`}`
			`return nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// UpdateUser updates a user.`
First commit 2017-11-20 06:10:04 +01:00			`func (s Storage) UpdateUser(user model.User) error {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UpdateUser] userID=%d", user.ID))`
Add logger 2017-12-16 03:55:57 +01:00
First commit 2017-11-20 06:10:04 +01:00			`if user.Password != "" {`
			`hashedPassword, err := hashPassword(user.Password)`
			`if err != nil {`
			`return err`
			`}`

Make entries sorting configurable 2017-12-03 02:04:01 +01:00			query := `UPDATE users SET
			`username=LOWER($1),`
			`password=$2,`
			`is_admin=$3,`
			`theme=$4,`
			`language=$5,`
			`timezone=$6,`
			`entry_direction=$7`
			WHERE id=$8`

			`_, err = s.db.Exec(`
			`query,`
			`user.Username,`
			`hashedPassword,`
			`user.IsAdmin,`
			`user.Theme,`
			`user.Language,`
			`user.Timezone,`
			`user.EntryDirection,`
			`user.ID,`
			`)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
			`return fmt.Errorf("unable to update user: %v", err)`
			`}`
			`} else {`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			query := `UPDATE users SET
Make sure username are always lowercase 2017-12-29 23:55:16 +01:00			`username=LOWER($1),`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`is_admin=$2,`
			`theme=$3,`
			`language=$4,`
			`timezone=$5,`
			`entry_direction=$6`
			WHERE id=$7`

			`_, err := s.db.Exec(`
			`query,`
			`user.Username,`
			`user.IsAdmin,`
			`user.Theme,`
			`user.Language,`
			`user.Timezone,`
			`user.EntryDirection,`
			`user.ID,`
			`)`

First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
			`return fmt.Errorf("unable to update user: %v", err)`
			`}`
			`}`

			`return nil`
			`}`

Support localized feed errors generated by background workers 2018-02-28 06:08:32 +01:00			`// UserLanguage returns the language of the given user.`
			`func (s *Storage) UserLanguage(userID int64) (language string, err error) {`
			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserLanguage] userID=%d", userID))`
			err = s.db.QueryRow(`SELECT language FROM users WHERE id = $1`, userID).Scan(&language)
			`if err == sql.ErrNoRows {`
			`return "en_US", nil`
			`} else if err != nil {`
			`return "", fmt.Errorf("unable to fetch user language: %v", err)`
			`}`
			`return language, nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// UserByID finds a user by the ID.`
			`func (s Storage) UserByID(userID int64) (model.User, error) {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserByID] userID=%d", userID))`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			query := `SELECT
Improve user API responses 2017-12-29 22:53:02 +01:00			`id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`FROM users`
			WHERE id = $1`
First commit 2017-11-20 06:10:04 +01:00
Improve user API responses 2017-12-29 22:53:02 +01:00			`return s.fetchUser(query, userID)`
First commit 2017-11-20 06:10:04 +01:00			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// UserByUsername finds a user by the username.`
			`func (s Storage) UserByUsername(username string) (model.User, error) {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserByUsername] username=%s", username))`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			query := `SELECT
Improve user API responses 2017-12-29 22:53:02 +01:00			`id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`FROM users`
			WHERE username=LOWER($1)`
First commit 2017-11-20 06:10:04 +01:00
Improve user API responses 2017-12-29 22:53:02 +01:00			`return s.fetchUser(query, username)`
Add OAuth2 authentication 2017-11-23 07:22:33 +01:00			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// UserByExtraField finds a user by an extra field value.`
			`func (s Storage) UserByExtraField(field, value string) (model.User, error) {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:UserByExtraField] field=%s", field))`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			query := `SELECT
Improve user API responses 2017-12-29 22:53:02 +01:00			`id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`FROM users`
			WHERE extra->$1=$2`

Improve user API responses 2017-12-29 22:53:02 +01:00			`return s.fetchUser(query, field, value)`
			`}`

			`func (s Storage) fetchUser(query string, args ...interface{}) (model.User, error) {`
			`var extra hstore.Hstore`

			`user := model.NewUser()`
			`err := s.db.QueryRow(query, args...).Scan(`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`&user.ID,`
			`&user.Username,`
			`&user.IsAdmin,`
			`&user.Theme,`
			`&user.Language,`
			`&user.Timezone,`
			`&user.EntryDirection,`
Improve user API responses 2017-12-29 22:53:02 +01:00			`&user.LastLoginAt,`
			`&extra,`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`)`
Improve user API responses 2017-12-29 22:53:02 +01:00
Add OAuth2 authentication 2017-11-23 07:22:33 +01:00			`if err == sql.ErrNoRows {`
			`return nil, nil`
			`} else if err != nil {`
			`return nil, fmt.Errorf("unable to fetch user: %v", err)`
First commit 2017-11-20 06:10:04 +01:00			`}`

Improve user API responses 2017-12-29 22:53:02 +01:00			`for key, value := range extra.Map {`
			`if value.Valid {`
			`user.Extra[key] = value.String`
			`}`
			`}`

			`return user, nil`
First commit 2017-11-20 06:10:04 +01:00			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// RemoveUser deletes a user.`
First commit 2017-11-20 06:10:04 +01:00			`func (s *Storage) RemoveUser(userID int64) error {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), fmt.Sprintf("[Storage:RemoveUser] userID=%d", userID))`
First commit 2017-11-20 06:10:04 +01:00
			`result, err := s.db.Exec("DELETE FROM users WHERE id = $1", userID)`
			`if err != nil {`
			`return fmt.Errorf("unable to remove this user: %v", err)`
			`}`

			`count, err := result.RowsAffected()`
			`if err != nil {`
			`return fmt.Errorf("unable to remove this user: %v", err)`
			`}`

			`if count == 0 {`
Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`return errors.New("nothing has been removed")`
First commit 2017-11-20 06:10:04 +01:00			`}`

			`return nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// Users returns all users.`
			`func (s *Storage) Users() (model.Users, error) {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), "[Storage:Users]")`
Improve user API responses 2017-12-29 22:53:02 +01:00			query := `
			`SELECT`
			`id, username, is_admin, theme, language, timezone, entry_direction, last_login_at, extra`
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`FROM users`
			ORDER BY username ASC`
First commit 2017-11-20 06:10:04 +01:00
Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`rows, err := s.db.Query(query)`
First commit 2017-11-20 06:10:04 +01:00			`if err != nil {`
			`return nil, fmt.Errorf("unable to fetch users: %v", err)`
			`}`
			`defer rows.Close()`

Make entries sorting configurable 2017-12-03 02:04:01 +01:00			`var users model.Users`
First commit 2017-11-20 06:10:04 +01:00			`for rows.Next() {`
Improve user API responses 2017-12-29 22:53:02 +01:00			`var extra hstore.Hstore`
			`user := model.NewUser()`
First commit 2017-11-20 06:10:04 +01:00			`err := rows.Scan(`
			`&user.ID,`
			`&user.Username,`
			`&user.IsAdmin,`
			`&user.Theme,`
			`&user.Language,`
			`&user.Timezone,`
Improve user API responses 2017-12-29 22:53:02 +01:00			`&user.EntryDirection,`
First commit 2017-11-20 06:10:04 +01:00			`&user.LastLoginAt,`
Improve user API responses 2017-12-29 22:53:02 +01:00			`&extra,`
First commit 2017-11-20 06:10:04 +01:00			`)`

			`if err != nil {`
			`return nil, fmt.Errorf("unable to fetch users row: %v", err)`
			`}`

Improve user API responses 2017-12-29 22:53:02 +01:00			`for key, value := range extra.Map {`
			`if value.Valid {`
			`user.Extra[key] = value.String`
			`}`
			`}`

			`users = append(users, user)`
First commit 2017-11-20 06:10:04 +01:00			`}`

			`return users, nil`
			`}`

Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`// CheckPassword validate the hashed password.`
First commit 2017-11-20 06:10:04 +01:00			`func (s *Storage) CheckPassword(username, password string) error {`
Rename helper packages 2018-01-03 04:15:08 +01:00			`defer timer.ExecutionTime(time.Now(), "[Storage:CheckPassword]")`
First commit 2017-11-20 06:10:04 +01:00
			`var hash string`
			`username = strings.ToLower(username)`

			`err := s.db.QueryRow("SELECT password FROM users WHERE username=$1", username).Scan(&hash)`
			`if err == sql.ErrNoRows {`
Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`return fmt.Errorf("unable to find this user: %s", username)`
First commit 2017-11-20 06:10:04 +01:00			`} else if err != nil {`
Make sure golint pass on the code base 2017-11-28 06:30:04 +01:00			`return fmt.Errorf("unable to fetch user: %v", err)`
First commit 2017-11-20 06:10:04 +01:00			`}`

			`if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)); err != nil {`
Fill login form on failed sign in 2017-12-23 01:30:17 +01:00			return fmt.Errorf(`invalid password for "%s" (%v)`, username, err)
First commit 2017-11-20 06:10:04 +01:00			`}`

			`return nil`
			`}`

Avoid people to unlink their OAuth2 account without having a local password 2018-04-30 02:04:23 +02:00			`// HasPassword returns true if the given user has a password defined.`
			`func (s *Storage) HasPassword(userID int64) (bool, error) {`
			`var result bool`
			query := `SELECT true FROM users WHERE id=$1 AND password <> ''`

			`err := s.db.QueryRow(query, userID).Scan(&result)`
			`if err == sql.ErrNoRows {`
			`return false, nil`
			`} else if err != nil {`
			`return false, fmt.Errorf("unable to execute query: %v", err)`
			`}`

			`if result {`
			`return true, nil`
			`}`
			`return false, nil`
			`}`

First commit 2017-11-20 06:10:04 +01:00			`func hashPassword(password string) (string, error) {`
			`bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
			`return string(bytes), err`
			`}`