always verify user for oauth · scanash.com/boop.cat@5ccb486

scanash.com / boop.cat

fork atom

The codebase that powers boop.cat boop.cat

fork atom

always verify user for oauth

scanash.com 2 months ago 5ccb4861 0513bee5

+9 -16

2 changed files

expand all

unified split

backend-go

atproto.go

handlers

oauth.go

+4 -6

backend-go/db/atproto.go

··· 62 } 63 64 if updates { 65 - 66 - _, _ = db.Exec(`UPDATE users SET username = ?, avatarUrl = ?, email = ? WHERE id = ?`, 67 user.Username, user.AvatarURL, user.Email, user.ID) 68 } 69 70 UpdateLastLogin(db, user.ID) ··· 119 uid := cuid2.Generate() 120 now := time.Now().UTC().Format(time.RFC3339) 121 122 - emailVerified := 0 123 - if email != "" { 124 - emailVerified = 1 125 - } 126 127 _, err = db.Exec(`INSERT INTO users (id, email, username, avatarUrl, emailVerified, createdAt, lastLoginAt) VALUES (?, ?, ?, ?, ?, ?, ?)`, 128 uid, finalEmail, username, avatar, emailVerified, now, now)

··· 62 } 63 64 if updates { 65 + _, _ = db.Exec(`UPDATE users SET username = ?, avatarUrl = ?, email = ?, emailVerified = 1 WHERE id = ?`, 66 user.Username, user.AvatarURL, user.Email, user.ID) 67 + } else { 68 + _, _ = db.Exec(`UPDATE users SET emailVerified = 1 WHERE id = ?`, user.ID) 69 } 70 71 UpdateLastLogin(db, user.ID) ··· 120 uid := cuid2.Generate() 121 now := time.Now().UTC().Format(time.RFC3339) 122 123 + emailVerified := 1 124 125 _, err = db.Exec(`INSERT INTO users (id, email, username, avatarUrl, emailVerified, createdAt, lastLoginAt) VALUES (?, ?, ?, ?, ?, ?, ?)`, 126 uid, finalEmail, username, avatar, emailVerified, now, now)

+5 -10

backend-go/handlers/oauth.go

··· 50 51 _, _ = h.DB.Exec(`UPDATE oauthAccounts SET accessToken = ? WHERE id = ?`, gothUser.AccessToken, existingAcc.ID) 52 53 if err := middleware.LoginUser(w, r, existingAcc.UserID); err != nil { 54 http.Redirect(w, r, "/?error=session-error", http.StatusTemporaryRedirect) 55 return ··· 78 return 79 } 80 81 if err := middleware.LoginUser(w, r, existingUser.ID); err != nil { 82 http.Redirect(w, r, "/?error=session-error", http.StatusTemporaryRedirect) 83 return ··· 95 return 96 } 97 98 - verified := false 99 - if v, ok := gothUser.RawData["verified"].(bool); ok && v { 100 - verified = true 101 - } else if v, ok := gothUser.RawData["email_verified"].(bool); ok && v { 102 - verified = true 103 - } 104 - 105 - if verified { 106 - _, _ = h.DB.Exec(`UPDATE users SET emailVerified = 1 WHERE id = ?`, userID) 107 - } 108 109 err = db.CreateOAuthAccount(h.DB, cuid2.Generate(), provider, gothUser.UserID, userID, gothUser.AccessToken, gothUser.Name) 110 if err != nil {

··· 50 51 _, _ = h.DB.Exec(`UPDATE oauthAccounts SET accessToken = ? WHERE id = ?`, gothUser.AccessToken, existingAcc.ID) 52 53 + h.DB.Exec(`UPDATE users SET emailVerified = 1 WHERE id = ?`, existingAcc.UserID) 54 + 55 if err := middleware.LoginUser(w, r, existingAcc.UserID); err != nil { 56 http.Redirect(w, r, "/?error=session-error", http.StatusTemporaryRedirect) 57 return ··· 80 return 81 } 82 83 + h.DB.Exec(`UPDATE users SET emailVerified = 1 WHERE id = ?`, existingUser.ID) 84 + 85 if err := middleware.LoginUser(w, r, existingUser.ID); err != nil { 86 http.Redirect(w, r, "/?error=session-error", http.StatusTemporaryRedirect) 87 return ··· 99 return 100 } 101 102 + _, _ = h.DB.Exec(`UPDATE users SET emailVerified = 1 WHERE id = ?`, userID) 103 104 err = db.CreateOAuthAccount(h.DB, cuid2.Generate(), provider, gothUser.UserID, userID, gothUser.AccessToken, gothUser.Name) 105 if err != nil {