coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitcbb7a7c

f0ssel

authored and

kylecarbs

committed

fix: prevent email from being altered (#1863)

1 parentb7f4ce1 commitcbb7a7cCopy full SHA for cbb7a7c

File tree

7 files changed

+23

-95

lines changed

coderd
- users.go
- users_test.go
codersdk
- users.go
site/src
- api
  - typesGenerated.ts
- components/SettingsAccountForm
  - SettingsAccountForm.tsx
- pages/SettingsPages/AccountPage
  - AccountPage.test.tsx
  - AccountPage.tsx

7 files changed

+23

-95

lines changed

`‎coderd/users.go`

Lines changed: 1 addition & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -254,19 +254,12 @@ func (api API) putUserProfile(rw http.ResponseWriter, r http.Request) {`
`254`	`254`	`return`
`255`	`255`	`}`
`256`	`256`	`existentUser,err:=api.Database.GetUserByEmailOrUsername(r.Context(), database.GetUserByEmailOrUsernameParams{`
`257`		`-Email:params.Email,`
`258`	`257`	`Username:params.Username,`
`259`	`258`	`})`
`260`	`259`	`isDifferentUser:=existentUser.ID!=user.ID`
`261`	`260`
`262`	`261`	`iferr==nil&&isDifferentUser {`
`263`	`262`	`responseErrors:= []httpapi.Error{}`
`264`		`-ifexistentUser.Email==params.Email {`
`265`		`-responseErrors=append(responseErrors, httpapi.Error{`
`266`		`-Field:"email",`
`267`		`-Detail:"this value is already in use and should be unique",`
`268`		`-})`
`269`		`-}`
`270`	`263`	`ifexistentUser.Username==params.Username {`
`271`	`264`	`responseErrors=append(responseErrors, httpapi.Error{`
`272`	`265`	`Field:"username",`
`@@ -288,7 +281,7 @@ func (api API) putUserProfile(rw http.ResponseWriter, r http.Request) {`
`288`	`281`
`289`	`282`	`updatedUserProfile,err:=api.Database.UpdateUserProfile(r.Context(), database.UpdateUserProfileParams{`
`290`	`283`	`ID:user.ID,`
`291`		`-Email:params.Email,`
	`284`	`+Email:user.Email,`
`292`	`285`	`Username:params.Username,`
`293`	`286`	`UpdatedAt:database.Now(),`
`294`	`287`	`})`

`‎coderd/users_test.go`

Lines changed: 2 additions & 38 deletions

Original file line number	Diff line number	Diff line change
`@@ -259,7 +259,6 @@ func TestUpdateUserProfile(t *testing.T) {`
`259`	`259`	`coderdtest.CreateFirstUser(t,client)`
`260`	`260`	`_,err:=client.UpdateUserProfile(context.Background(),uuid.New().String(), codersdk.UpdateUserProfileRequest{`
`261`	`261`	`Username:"newusername",`
`262`		`-Email:"newemail@coder.com",`
`263`	`262`	`})`
`264`	`263`	`varapiErr*codersdk.Error`
`265`	`264`	`require.ErrorAs(t,err,&apiErr)`
`@@ -268,25 +267,6 @@ func TestUpdateUserProfile(t *testing.T) {`
`268`	`267`	`require.Equal(t,http.StatusBadRequest,apiErr.StatusCode())`
`269`	`268`	`})`
`270`	`269`
`271`		`-t.Run("ConflictingEmail",func(t*testing.T) {`
`272`		`-t.Parallel()`
`273`		`-client:=coderdtest.New(t,nil)`
`274`		`-user:=coderdtest.CreateFirstUser(t,client)`
`275`		`-existentUser,_:=client.CreateUser(context.Background(), codersdk.CreateUserRequest{`
`276`		`-Email:"bruno@coder.com",`
`277`		`-Username:"bruno",`
`278`		`-Password:"password",`
`279`		`-OrganizationID:user.OrganizationID,`
`280`		`-})`
`281`		`-_,err:=client.UpdateUserProfile(context.Background(),codersdk.Me, codersdk.UpdateUserProfileRequest{`
`282`		`-Username:"newusername",`
`283`		`-Email:existentUser.Email,`
`284`		`-})`
`285`		`-varapiErr*codersdk.Error`
`286`		`-require.ErrorAs(t,err,&apiErr)`
`287`		`-require.Equal(t,http.StatusConflict,apiErr.StatusCode())`
`288`		`-})`
`289`		`-`
`290`	`270`	`t.Run("ConflictingUsername",func(t*testing.T) {`
`291`	`271`	`t.Parallel()`
`292`	`272`	`client:=coderdtest.New(t,nil)`
`@@ -300,38 +280,22 @@ func TestUpdateUserProfile(t *testing.T) {`
`300`	`280`	`require.NoError(t,err)`
`301`	`281`	`_,err=client.UpdateUserProfile(context.Background(),codersdk.Me, codersdk.UpdateUserProfileRequest{`
`302`	`282`	`Username:existentUser.Username,`
`303`		`-Email:"newemail@coder.com",`
`304`	`283`	`})`
`305`	`284`	`varapiErr*codersdk.Error`
`306`	`285`	`require.ErrorAs(t,err,&apiErr)`
`307`	`286`	`require.Equal(t,http.StatusConflict,apiErr.StatusCode())`
`308`	`287`	`})`
`309`	`288`
`310`		`-t.Run("UpdateUsernameAndEmail",func(t*testing.T) {`
	`289`	`+t.Run("UpdateUsername",func(t*testing.T) {`
`311`	`290`	`t.Parallel()`
`312`	`291`	`client:=coderdtest.New(t,nil)`
`313`	`292`	`coderdtest.CreateFirstUser(t,client)`
	`293`	`+_,_=client.User(context.Background(),codersdk.Me)`
`314`	`294`	`userProfile,err:=client.UpdateUserProfile(context.Background(),codersdk.Me, codersdk.UpdateUserProfileRequest{`
`315`	`295`	`Username:"newusername",`
`316`		`-Email:"newemail@coder.com",`
`317`	`296`	`})`
`318`	`297`	`require.NoError(t,err)`
`319`	`298`	`require.Equal(t,userProfile.Username,"newusername")`
`320`		`-require.Equal(t,userProfile.Email,"newemail@coder.com")`
`321`		`-})`
`322`		`-`
`323`		`-t.Run("UpdateUsername",func(t*testing.T) {`
`324`		`-t.Parallel()`
`325`		`-client:=coderdtest.New(t,nil)`
`326`		`-coderdtest.CreateFirstUser(t,client)`
`327`		`-me,_:=client.User(context.Background(),codersdk.Me)`
`328`		`-userProfile,err:=client.UpdateUserProfile(context.Background(),codersdk.Me, codersdk.UpdateUserProfileRequest{`
`329`		`-Username:me.Username,`
`330`		`-Email:"newemail@coder.com",`
`331`		`-})`
`332`		`-require.NoError(t,err)`
`333`		`-require.Equal(t,userProfile.Username,me.Username)`
`334`		`-require.Equal(t,userProfile.Email,"newemail@coder.com")`
`335`	`299`	`})`
`336`	`300`	`}`
`337`	`301`

`‎codersdk/users.go`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,6 @@ type CreateUserRequest struct {`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`typeUpdateUserProfileRequeststruct {`
`63`		-Emailstring`json:"email" validate:"required,email"`
`64`	`63`	Usernamestring`json:"username" validate:"required,username"`
`65`	`64`	`}`
`66`	`65`

`‎site/src/api/typesGenerated.ts`

Lines changed: 12 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@ export interface AgentGitSSHKey {`
`12`	`12`	`readonlyprivate_key:string`
`13`	`13`	`}`
`14`	`14`
`15`		`-// From codersdk/users.go:152:6`
	`15`	`+// From codersdk/users.go:151:6`
`16`	`16`	`exportinterfaceAuthMethods{`
`17`	`17`	`readonlypassword:boolean`
`18`	`18`	`readonlygithub:boolean`
`@@ -44,7 +44,7 @@ export interface CreateFirstUserResponse {`
`44`	`44`	`readonlyorganization_id:string`
`45`	`45`	`}`
`46`	`46`
`47`		`-// From codersdk/users.go:147:6`
	`47`	`+// From codersdk/users.go:146:6`
`48`	`48`	`exportinterfaceCreateOrganizationRequest{`
`49`	`49`	`readonlyname:string`
`50`	`50`	`}`
`@@ -100,7 +100,7 @@ export interface CreateWorkspaceRequest {`
`100`	`100`	`readonlyparameter_values?:CreateParameterRequest[]`
`101`	`101`	`}`
`102`	`102`
`103`		`-// From codersdk/users.go:143:6`
	`103`	`+// From codersdk/users.go:142:6`
`104`	`104`	`exportinterfaceGenerateAPIKeyResponse{`
`105`	`105`	`readonlykey:string`
`106`	`106`	`}`
`@@ -118,13 +118,13 @@ export interface GoogleInstanceIdentityToken {`
`118`	`118`	`readonlyjson_web_token:string`
`119`	`119`	`}`
`120`	`120`
`121`		`-// From codersdk/users.go:132:6`
	`121`	`+// From codersdk/users.go:131:6`
`122`	`122`	`exportinterfaceLoginWithPasswordRequest{`
`123`	`123`	`readonlyemail:string`
`124`	`124`	`readonlypassword:string`
`125`	`125`	`}`
`126`	`126`
`127`		`-// From codersdk/users.go:138:6`
	`127`	`+// From codersdk/users.go:137:6`
`128`	`128`	`exportinterfaceLoginWithPasswordResponse{`
`129`	`129`	`readonlysession_token:string`
`130`	`130`	`}`
`@@ -276,20 +276,19 @@ export interface UpdateActiveTemplateVersion {`
`276`	`276`	`readonlyid:string`
`277`	`277`	`}`
`278`	`278`
`279`		`-// From codersdk/users.go:72:6`
	`279`	`+// From codersdk/users.go:71:6`
`280`	`280`	`exportinterfaceUpdateRoles{`
`281`	`281`	`readonlyroles:string[]`
`282`	`282`	`}`
`283`	`283`
`284`		`-// From codersdk/users.go:67:6`
	`284`	`+// From codersdk/users.go:66:6`
`285`	`285`	`exportinterfaceUpdateUserPasswordRequest{`
`286`	`286`	`readonlyold_password:string`
`287`	`287`	`readonlypassword:string`
`288`	`288`	`}`
`289`	`289`
`290`	`290`	`// From codersdk/users.go:62:6`
`291`	`291`	`exportinterfaceUpdateUserProfileRequest{`
`292`		`-readonlyemail:string`
`293`	`292`	`readonlyusername:string`
`294`	`293`	`}`
`295`	`294`
`@@ -320,29 +319,29 @@ export interface User {`
`320`	`319`	`readonlyroles:Role[]`
`321`	`320`	`}`
`322`	`321`
`323`		`-// From codersdk/users.go:97:6`
	`322`	`+// From codersdk/users.go:96:6`
`324`	`323`	`exportinterfaceUserAuthorization{`
`325`	`324`	`readonlyobject:UserAuthorizationObject`
`326`	`325`	`readonlyaction:string`
`327`	`326`	`}`
`328`	`327`
`329`		`-// From codersdk/users.go:113:6`
	`328`	`+// From codersdk/users.go:112:6`
`330`	`329`	`exportinterfaceUserAuthorizationObject{`
`331`	`330`	`readonlyresource_type:string`
`332`	`331`	`readonlyowner_id?:string`
`333`	`332`	`readonlyorganization_id?:string`
`334`	`333`	`readonlyresource_id?:string`
`335`	`334`	`}`
`336`	`335`
`337`		`-// From codersdk/users.go:86:6`
	`336`	`+// From codersdk/users.go:85:6`
`338`	`337`	`exportinterfaceUserAuthorizationRequest{`
`339`	`338`	`readonlychecks:Record<string,UserAuthorization>`
`340`	`339`	`}`
`341`	`340`
`342`		`-// From codersdk/users.go:81:6`
	`341`	`+// From codersdk/users.go:80:6`
`343`	`342`	`exporttypeUserAuthorizationResponse=Record<string,boolean>`
`344`	`343`
`345`		`-// From codersdk/users.go:76:6`
	`344`	`+// From codersdk/users.go:75:6`
`346`	`345`	`exportinterfaceUserRoles{`
`347`	`346`	`readonlyroles:string[]`
`348`	`347`	`readonlyorganization_roles:Record<string,string[]>`

`‎site/src/components/SettingsAccountForm/SettingsAccountForm.tsx`

Lines changed: 4 additions & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,25 +8,23 @@ import { LoadingButton } from "../LoadingButton/LoadingButton"`
`8`	`8`	`import{Stack}from"../Stack/Stack"`
`9`	`9`
`10`	`10`	`interfaceAccountFormValues{`
`11`		`-email:string`
`12`	`11`	`username:string`
`13`	`12`	`}`
`14`	`13`
`15`	`14`	`exportconstLanguage={`
`16`	`15`	`usernameLabel:"Username",`
`17`	`16`	`emailLabel:"Email",`
`18`		`-emailInvalid:"Please enter a valid email address.",`
`19`		`-emailRequired:"Please enter an email address.",`
`20`	`17`	`updateSettings:"Update settings",`
`21`	`18`	`}`
`22`	`19`
`23`	`20`	`constvalidationSchema=Yup.object({`
`24`		`-email:Yup.string().trim().email(Language.emailInvalid).required(Language.emailRequired),`
`25`	`21`	`username:nameValidator(Language.usernameLabel),`
`26`	`22`	`})`
`27`	`23`
`28`	`24`	`exporttypeAccountFormErrors=FormikErrors<AccountFormValues>`
	`25`	`+`
`29`	`26`	`exportinterfaceAccountFormProps{`
	`27`	`+email:string`
`30`	`28`	`isLoading:boolean`
`31`	`29`	`initialValues:AccountFormValues`
`32`	`30`	`onSubmit:(values:AccountFormValues)=>void`
`@@ -35,6 +33,7 @@ export interface AccountFormProps {`
`35`	`33`	`}`
`36`	`34`
`37`	`35`	`exportconstAccountForm:React.FC<AccountFormProps>=({`
	`36`	`+ email,`
`38`	`37`	`isLoading,`
`39`	`38`	`onSubmit,`
`40`	`39`	`initialValues,`
`@@ -52,14 +51,7 @@ export const AccountForm: React.FC<AccountFormProps> = ({`
`52`	`51`	`<>`
`53`	`52`	`<formonSubmit={form.handleSubmit}>`
`54`	`53`	`<Stack>`
`55`		`-<TextField`
`56`		`-{...getFieldHelpers("email")}`
`57`		`-onChange={onChangeTrimmed(form)}`
`58`		`-autoComplete="email"`
`59`		`-fullWidth`
`60`		`-label={Language.emailLabel}`
`61`		`-variant="outlined"`
`62`		`-/>`
	`54`	`+<TextFielddisabledfullWidthlabel={Language.emailLabel}value={email}variant="outlined"/>`
`63`	`55`	`<TextField`
`64`	`56`	`{...getFieldHelpers("username")}`
`65`	`57`	`onChange={onChangeTrimmed(form)}`

`‎site/src/pages/SettingsPages/AccountPage/AccountPage.test.tsx`

Lines changed: 2 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,13 +17,11 @@ const renderPage = () => {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`constnewData={`
`20`		`-email:"user@coder.com",`
`21`	`20`	`username:"user",`
`22`	`21`	`}`
`23`	`22`
`24`	`23`	`constfillAndSubmitForm=async()=>{`
`25`		`-awaitwaitFor(()=>screen.findByLabelText("Email"))`
`26`		`-fireEvent.change(screen.getByLabelText("Email"),{target:{value:newData.email}})`
	`24`	`+awaitwaitFor(()=>screen.findByLabelText("Username"))`
`27`	`25`	`fireEvent.change(screen.getByLabelText("Username"),{target:{value:newData.username}})`
`28`	`26`	`fireEvent.click(screen.getByText(AccountForm.Language.updateSettings))`
`29`	`27`	`}`
`@@ -34,6 +32,7 @@ describe("AccountPage", () => {`
`34`	`32`	`jest.spyOn(API,"updateProfile").mockImplementationOnce((userId,data)=>`
`35`	`33`	`Promise.resolve({`
`36`	`34`	`id:userId,`
	`35`	`+email:"user@coder.com",`
`37`	`36`	`created_at:newDate().toString(),`
`38`	`37`	`status:"active",`
`39`	`38`	`organization_ids:["123"],`
`@@ -51,25 +50,6 @@ describe("AccountPage", () => {`
`51`	`50`	`})`
`52`	`51`	`})`
`53`	`52`
`54`		`-describe("when the email is already taken",()=>{`
`55`		`-it("shows an error",async()=>{`
`56`		`-jest.spyOn(API,"updateProfile").mockRejectedValueOnce({`
`57`		`-isAxiosError:true,`
`58`		`-response:{`
`59`		`-data:{message:"Invalid profile",errors:[{detail:"Email is already in use",field:"email"}]},`
`60`		`-},`
`61`		`-})`
`62`		`-`
`63`		`-const{ user}=renderPage()`
`64`		`-awaitfillAndSubmitForm()`
`65`		`-`
`66`		`-consterrorMessage=awaitscreen.findByText("Email is already in use")`
`67`		`-expect(errorMessage).toBeDefined()`
`68`		`-expect(API.updateProfile).toBeCalledTimes(1)`
`69`		`-expect(API.updateProfile).toBeCalledWith(user.id,newData)`
`70`		`-})`
`71`		`-})`
`72`		`-`
`73`	`53`	`describe("when the username is already taken",()=>{`
`74`	`54`	`it("shows an error",async()=>{`
`75`	`55`	`jest.spyOn(API,"updateProfile").mockRejectedValueOnce({`

`‎site/src/pages/SettingsPages/AccountPage/AccountPage.tsx`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -26,10 +26,11 @@ export const AccountPage: React.FC = () => {`
`26`	`26`	`return(`
`27`	`27`	`<Sectiontitle={Language.title}>`
`28`	`28`	`<AccountForm`
	`29`	`+email={me.email}`
`29`	`30`	`error={hasUnknownError ?Language.unknownError :undefined}`
`30`	`31`	`formErrors={formErrors}`
`31`	`32`	`isLoading={authState.matches("signedIn.profile.updatingProfile")}`
`32`		`-initialValues={{username:me.username,email:me.email}}`
	`33`	`+initialValues={{username:me.username}}`
`33`	`34`	`onSubmit={(data)=>{`
`34`	`35`	`authSend({`
`35`	`36`	`type:"UPDATE_PROFILE",`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitcbb7a7c

File tree

7 files changed

7 files changed

`‎coderd/users.go`

`‎coderd/users_test.go`

`‎codersdk/users.go`

`‎site/src/api/typesGenerated.ts`

`‎site/src/components/SettingsAccountForm/SettingsAccountForm.tsx`

`‎site/src/pages/SettingsPages/AccountPage/AccountPage.test.tsx`

`‎site/src/pages/SettingsPages/AccountPage/AccountPage.tsx`

0 commit comments