USEFULL/gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-05-31 11:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

db: include the Team ID in the error message (#6056)

Browse Source 
This means that when using the API to create a new team, the output
contains the existing team ID, not just the name.
While there may be the thought that this reveals sensitive
information, it is never the case that a user can create or update
a team without permission to view the teams in the first place.
This commit is contained in:
☃ Stephen Shkardoon ☃ 2020-04-07 07:03:22 +12:00 committed by GitHub
parent 571be84e26
commit 4ebdcb719a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
internal/db/error.go
View File

@ -368,6 +368,7 @@ func (err ErrLoginSourceInUse) Error() string {
// \/ \/ \/
type ErrTeamAlreadyExist struct {
ID int64
OrgID int64
Name string
}
@ -378,7 +379,7 @@ func IsErrTeamAlreadyExist(err error) bool {
}
func (err ErrTeamAlreadyExist) Error() string {
return fmt.Sprintf("team already exists [org_id: %d, name: %s]", err.OrgID, err.Name)
return fmt.Sprintf("team already exists [id: %d, org_id: %d, name: %s]", err.ID, err.OrgID, err.Name)
}
// ____ ___ .__ .___

10
internal/db/org_team.go
View File

@ -241,11 +241,12 @@ func NewTeam(t *Team) error {
}
t.LowerName = strings.ToLower(t.Name)
has, err = x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).Get(new(Team))
existingTeam := Team{}
has, err = x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).Get(&existingTeam)
if err != nil {
return err
} else if has {
return ErrTeamAlreadyExist{t.OrgID, t.LowerName}
return ErrTeamAlreadyExist{existingTeam.ID, t.OrgID, t.LowerName}
}
sess := x.NewSession()
@ -346,11 +347,12 @@ func UpdateTeam(t *Team, authChanged bool) (err error) {
}
t.LowerName = strings.ToLower(t.Name)
has, err := x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).And("id!=?", t.ID).Get(new(Team))
existingTeam := new(Team)
has, err := x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).And("id!=?", t.ID).Get(&existingTeam)
if err != nil {
return err
} else if has {
return ErrTeamAlreadyExist{t.OrgID, t.LowerName}
return ErrTeamAlreadyExist{existingTeam.ID, t.OrgID, t.LowerName}
}
if _, err = sess.ID(t.ID).AllCols().Update(t); err != nil {