From 1a4b1a82541094951070ec575cefb30117602e64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Wed, 30 May 2018 22:30:45 +0200 Subject: [PATCH] Enabled unused variable warning again, fixed some possible bugs where we didn't check some parameters, and explicitly marked all unused parameters (mostly orgheaders) --- src/api/core/accounts.rs | 2 +- src/api/core/mod.rs | 6 +++-- src/api/core/organizations.rs | 47 +++++++++++++++++++++++++---------- src/api/core/two_factor.rs | 2 +- src/db/models/organization.rs | 2 +- src/main.rs | 2 -- 6 files changed, 41 insertions(+), 20 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index eda3b68d..8bdf2c32 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -65,7 +65,7 @@ fn profile(headers: Headers, conn: DbConn) -> JsonResult { } #[get("/users//public-key")] -fn get_public_keys(uuid: String, headers: Headers, conn: DbConn) -> JsonResult { +fn get_public_keys(uuid: String, _headers: Headers, conn: DbConn) -> JsonResult { let user = match User::find_by_uuid(&uuid, &conn) { Some(user) => user, None => err!("User doesn't exist") diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs index 30713517..438b8a06 100644 --- a/src/api/core/mod.rs +++ b/src/api/core/mod.rs @@ -104,12 +104,14 @@ use api::{JsonResult, EmptyResult}; use auth::Headers; #[put("/devices/identifier//clear-token")] -fn clear_device_token(uuid: String, conn: DbConn) -> JsonResult { +fn clear_device_token(uuid: String, _conn: DbConn) -> JsonResult { + println!("{}", uuid); err!("Not implemented") } #[put("/devices/identifier//token")] -fn put_device_token(uuid: String, conn: DbConn) -> JsonResult { +fn put_device_token(uuid: String, _conn: DbConn) -> JsonResult { + println!("{}", uuid); err!("Not implemented") } diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index bf141897..af94e5e7 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -16,7 +16,8 @@ struct OrgData { collectionName: String, key: String, name: String, - planType: String, + #[serde(rename = "planType")] + _planType: String, // Ignored, always use the same plan } #[derive(Deserialize, Debug)] @@ -73,7 +74,7 @@ fn delete_organization(org_id: String, data: Json, headers: OwnerH } #[get("/organizations/")] -fn get_organization(org_id: String, headers: OwnerHeaders, conn: DbConn) -> JsonResult { +fn get_organization(org_id: String, _headers: OwnerHeaders, conn: DbConn) -> JsonResult { match Organization::find_by_uuid(&org_id, &conn) { Some(organization) => Ok(Json(organization.to_json())), None => err!("Can't find organization details") @@ -81,7 +82,7 @@ fn get_organization(org_id: String, headers: OwnerHeaders, conn: DbConn) -> Json } #[post("/organizations/", data = "")] -fn post_organization(org_id: String, headers: OwnerHeaders, data: Json, conn: DbConn) -> JsonResult { +fn post_organization(org_id: String, _headers: OwnerHeaders, data: Json, conn: DbConn) -> JsonResult { let data: OrganizationUpdateData = data.into_inner(); let mut org = match Organization::find_by_uuid(&org_id, &conn) { @@ -112,7 +113,7 @@ fn get_user_collections(headers: Headers, conn: DbConn) -> JsonResult { } #[get("/organizations//collections")] -fn get_org_collections(org_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { +fn get_org_collections(org_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult { Ok(Json(json!({ "Data": Collection::find_by_organization(&org_id, &conn) @@ -125,7 +126,7 @@ fn get_org_collections(org_id: String, headers: AdminHeaders, conn: DbConn) -> J } #[post("/organizations//collections", data = "")] -fn post_organization_collections(org_id: String, headers: AdminHeaders, data: Json, conn: DbConn) -> JsonResult { +fn post_organization_collections(org_id: String, _headers: AdminHeaders, data: Json, conn: DbConn) -> JsonResult { let data: NewCollectionData = data.into_inner(); let org = match Organization::find_by_uuid(&org_id, &conn) { @@ -141,7 +142,7 @@ fn post_organization_collections(org_id: String, headers: AdminHeaders, data: Js } #[post("/organizations//collections/", data = "")] -fn post_organization_collection_update(org_id: String, col_id: String, headers: AdminHeaders, data: Json, conn: DbConn) -> JsonResult { +fn post_organization_collection_update(org_id: String, col_id: String, _headers: AdminHeaders, data: Json, conn: DbConn) -> JsonResult { let data: NewCollectionData = data.into_inner(); let org = match Organization::find_by_uuid(&org_id, &conn) { @@ -154,6 +155,10 @@ fn post_organization_collection_update(org_id: String, col_id: String, headers: None => err!("Collection not found") }; + if collection.org_uuid != org.uuid { + err!("Collection is not owned by organization"); + } + collection.name = data.name.clone(); collection.save(&conn); @@ -161,7 +166,7 @@ fn post_organization_collection_update(org_id: String, col_id: String, headers: } #[post("/organizations//collections//delete-user/")] -fn post_organization_collection_delete_user(org_id: String, col_id: String, org_user_id: String, headers: AdminHeaders, conn: DbConn) -> EmptyResult { +fn post_organization_collection_delete_user(org_id: String, col_id: String, org_user_id: String, _headers: AdminHeaders, conn: DbConn) -> EmptyResult { let collection = match Collection::find_by_uuid(&col_id, &conn) { None => err!("Collection not found"), Some(collection) => if collection.org_uuid == org_id { @@ -195,7 +200,9 @@ struct DeleteCollectionData { } #[post("/organizations//collections//delete", data = "")] -fn post_organization_collection_delete(org_id: String, col_id: String, headers: AdminHeaders, data: Json, conn: DbConn) -> EmptyResult { +fn post_organization_collection_delete(org_id: String, col_id: String, _headers: AdminHeaders, data: Json, conn: DbConn) -> EmptyResult { + let _data: DeleteCollectionData = data.into_inner(); + match Collection::find_by_uuid(&col_id, &conn) { None => err!("Collection not found"), Some(collection) => if collection.org_uuid == org_id { @@ -213,12 +220,18 @@ fn post_organization_collection_delete(org_id: String, col_id: String, headers: fn get_org_collection_detail(org_id: String, coll_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { match Collection::find_by_uuid_and_user(&coll_id, &headers.user.uuid, &conn) { None => err!("Collection not found"), - Some(collection) => Ok(Json(collection.to_json())) + Some(collection) => { + if collection.org_uuid != org_id { + err!("Collection is not owned by organization") + } + + Ok(Json(collection.to_json())) + } } } #[get("/organizations//collections//users")] -fn get_collection_users(org_id: String, coll_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { +fn get_collection_users(org_id: String, coll_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult { // Get org and collection, check that collection is from org let collection = match Collection::find_by_uuid_and_org(&coll_id, &org_id, &conn) { None => err!("Collection not found in Organization"), @@ -344,9 +357,13 @@ fn send_invite(org_id: String, data: Json, headers: AdminHeaders, co fn confirm_invite(org_id: String, user_id: String, data: Json, headers: AdminHeaders, conn: DbConn) -> EmptyResult { let mut user_to_confirm = match UserOrganization::find_by_uuid(&user_id, &conn) { Some(user) => user, - None => err!("User to confirm isn't member of the organization") + None => err!("User to confirm doesn't exist") }; + if user_to_confirm.org_uuid != org_id { + err!("The specified user isn't a member of the organization") + } + if user_to_confirm.type_ != UserOrgType::User as i32 && headers.org_user_type != UserOrgType::Owner as i32 { err!("Only Owners can confirm Admins or Owners") @@ -368,12 +385,16 @@ fn confirm_invite(org_id: String, user_id: String, data: Json, headers: A } #[get("/organizations//users/")] -fn get_user(org_id: String, user_id: String, headers: AdminHeaders, conn: DbConn) -> JsonResult { +fn get_user(org_id: String, user_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonResult { let user = match UserOrganization::find_by_uuid(&user_id, &conn) { Some(user) => user, - None => err!("The specified user isn't member of the organization") + None => err!("The specified user doesn't exist") }; + if user.org_uuid != org_id { + err!("The specified user isn't a member of the organization") + } + Ok(Json(user.to_json_details(&conn))) } diff --git a/src/api/core/two_factor.rs b/src/api/core/two_factor.rs index b42ce340..291ecbd5 100644 --- a/src/api/core/two_factor.rs +++ b/src/api/core/two_factor.rs @@ -157,7 +157,7 @@ fn activate_authenticator(data: Json, headers: Headers, con struct DisableTwoFactorData { masterPasswordHash: String, #[serde(rename = "type")] - type_: NumberOrString, + _type: NumberOrString, } #[post("/two-factor/disable", data = "")] diff --git a/src/db/models/organization.rs b/src/db/models/organization.rs index 17599000..c97741b2 100644 --- a/src/db/models/organization.rs +++ b/src/db/models/organization.rs @@ -26,7 +26,7 @@ pub struct UserOrganization { } pub enum UserOrgStatus { - Invited = 0, + _Invited = 0, // Unused, users are accepted automatically Accepted = 1, Confirmed = 2, } diff --git a/src/main.rs b/src/main.rs index cbc4d0d8..92eb22e6 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,5 +1,3 @@ -#![allow(unused_variables, dead_code)] - #![feature(plugin, custom_derive)] #![plugin(rocket_codegen)] extern crate rocket;