From 669b101e6a68ab639526bc5b1405e8ced4a9f94e Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 19 Mar 2020 16:50:47 +0100 Subject: [PATCH 1/2] Fixing issue #908 Sometimes an org-uuid is not within the path but in a query value, This fixes the check for that. --- src/auth.rs | 85 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 52 insertions(+), 33 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index f5aeaa1e..83845bc9 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -315,41 +315,60 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { Outcome::Forward(_) => Outcome::Forward(()), Outcome::Failure(f) => Outcome::Failure(f), Outcome::Success(headers) => { - // org_id is expected to be the second param ("/organizations/") - match request.get_param::(1) { - Some(Ok(org_id)) => { - let conn = match request.guard::() { - Outcome::Success(conn) => conn, - _ => err_handler!("Error getting DB"), - }; + // org_id is usually the second param ("/organizations/") + // But there are cases where it is located in a query value. + // First check the param, if this is not a valid uuid, we will try the query value. + let query_org_id = match request.get_query_value::("organizationId") { + Some(Ok(query_org_id)) => { query_org_id } + _ => { "".into() } + }; + let param_org_id = match request.get_param::(1) { + Some(Ok(param_org_id)) => { param_org_id } + _ => { "".into() } + }; - let user = headers.user; - let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) { - Some(user) => { - if user.status == UserOrgStatus::Confirmed as i32 { - user - } else { - err_handler!("The current user isn't confirmed member of the organization") - } - } - None => err_handler!("The current user isn't member of the organization"), - }; - - Outcome::Success(Self { - host: headers.host, - device: headers.device, - user, - org_user_type: { - if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) { - org_usr_type - } else { - // This should only happen if the DB is corrupted - err_handler!("Unknown user type in the database") - } - }, - }) + let org_uuid: _ = match uuid::Uuid::parse_str(¶m_org_id) { + Ok(uuid) => uuid, + _ => match uuid::Uuid::parse_str(&query_org_id) { + Ok(uuid) => uuid, + _ => err_handler!("Error getting the organization id"), } - _ => err_handler!("Error getting the organization id"), + }; + + let org_id: &str = &org_uuid.to_string(); + if !org_id.is_empty() { + let conn = match request.guard::() { + Outcome::Success(conn) => conn, + _ => err_handler!("Error getting DB"), + }; + + let user = headers.user; + let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) { + Some(user) => { + if user.status == UserOrgStatus::Confirmed as i32 { + user + } else { + err_handler!("The current user isn't confirmed member of the organization") + } + } + None => err_handler!("The current user isn't member of the organization"), + }; + + Outcome::Success(Self { + host: headers.host, + device: headers.device, + user, + org_user_type: { + if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) { + org_usr_type + } else { + // This should only happen if the DB is corrupted + err_handler!("Unknown user type in the database") + } + }, + }) + } else { + err_handler!("Error getting the organization id") } } } From baac8d9627945c7a307d8c617558eb9be07308b0 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 19 Mar 2020 17:37:10 +0100 Subject: [PATCH 2/2] Fixed issue #908 The organization uuid is most of the time within the uri path as a parameter. But sometimes it only is there as a query value. This fix checks both, and returns the uuid when possible. --- src/auth.rs | 101 ++++++++++++++++++++++++++-------------------------- 1 file changed, 50 insertions(+), 51 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 83845bc9..38425306 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -307,6 +307,25 @@ pub struct OrgHeaders { pub org_user_type: UserOrgType, } +// org_id is usually the second param ("/organizations/") +// But there are cases where it is located in a query value. +// First check the param, if this is not a valid uuid, we will try the query value. +fn get_org_id(request: &Request) -> Option { + if let Some(Ok(org_id)) = request.get_param::(1) { + if uuid::Uuid::parse_str(&org_id).is_ok() { + return Some(org_id); + } + } + + if let Some(Ok(org_id)) = request.get_query_value::("organizationId") { + if uuid::Uuid::parse_str(&org_id).is_ok() { + return Some(org_id); + } + } + + None +} + impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { type Error = &'static str; @@ -315,60 +334,40 @@ impl<'a, 'r> FromRequest<'a, 'r> for OrgHeaders { Outcome::Forward(_) => Outcome::Forward(()), Outcome::Failure(f) => Outcome::Failure(f), Outcome::Success(headers) => { - // org_id is usually the second param ("/organizations/") - // But there are cases where it is located in a query value. - // First check the param, if this is not a valid uuid, we will try the query value. - let query_org_id = match request.get_query_value::("organizationId") { - Some(Ok(query_org_id)) => { query_org_id } - _ => { "".into() } - }; - let param_org_id = match request.get_param::(1) { - Some(Ok(param_org_id)) => { param_org_id } - _ => { "".into() } - }; + match get_org_id(request) { + Some(org_id) => { + let conn = match request.guard::() { + Outcome::Success(conn) => conn, + _ => err_handler!("Error getting DB"), + }; - let org_uuid: _ = match uuid::Uuid::parse_str(¶m_org_id) { - Ok(uuid) => uuid, - _ => match uuid::Uuid::parse_str(&query_org_id) { - Ok(uuid) => uuid, - _ => err_handler!("Error getting the organization id"), - } - }; - - let org_id: &str = &org_uuid.to_string(); - if !org_id.is_empty() { - let conn = match request.guard::() { - Outcome::Success(conn) => conn, - _ => err_handler!("Error getting DB"), - }; - - let user = headers.user; - let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) { - Some(user) => { - if user.status == UserOrgStatus::Confirmed as i32 { - user - } else { - err_handler!("The current user isn't confirmed member of the organization") + let user = headers.user; + let org_user = match UserOrganization::find_by_user_and_org(&user.uuid, &org_id, &conn) { + Some(user) => { + if user.status == UserOrgStatus::Confirmed as i32 { + user + } else { + err_handler!("The current user isn't confirmed member of the organization") + } } - } - None => err_handler!("The current user isn't member of the organization"), - }; + None => err_handler!("The current user isn't member of the organization"), + }; - Outcome::Success(Self { - host: headers.host, - device: headers.device, - user, - org_user_type: { - if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) { - org_usr_type - } else { - // This should only happen if the DB is corrupted - err_handler!("Unknown user type in the database") - } - }, - }) - } else { - err_handler!("Error getting the organization id") + Outcome::Success(Self { + host: headers.host, + device: headers.device, + user, + org_user_type: { + if let Some(org_usr_type) = UserOrgType::from_i32(org_user.atype) { + org_usr_type + } else { + // This should only happen if the DB is corrupted + err_handler!("Unknown user type in the database") + } + }, + }) + }, + _ => err_handler!("Error getting the organization id"), } } }