MCPcopy
hub / github.com/tinode/chat / replyUpdateUser

Function replyUpdateUser

server/user.go:226–333  ·  view source on GitHub ↗

Process update to an account: * Authentication update, i.e. login/password change * Credentials update

(s *Session, msg *ClientComMessage, rec *auth.Rec)

Source from the content-addressed store, hash-verified

224// * Authentication update, i.e. login/password change
225// * Credentials update
226func replyUpdateUser(s *Session, msg *ClientComMessage, rec *auth.Rec) {
227 if s.uid.IsZero() && rec == nil {
228 // Session is not authenticated and no temporary auth is provided.
229 logs.Warn.Println("replyUpdateUser: not a new account and not authenticated", s.sid)
230 s.queueOut(ErrPermissionDenied(msg.Id, "", msg.Timestamp))
231 return
232 } else if msg.AsUser != "" && rec != nil {
233 // Two UIDs: one from msg.from, one from temporary auth. Ambigous, reject.
234 logs.Warn.Println("replyUpdateUser: got both authenticated session and token", s.sid)
235 s.queueOut(ErrMalformed(msg.Id, "", msg.Timestamp))
236 return
237 }
238
239 userId := msg.AsUser
240 authLvl := auth.Level(msg.AuthLvl)
241 if rec != nil {
242 userId = rec.Uid.UserId()
243 authLvl = rec.AuthLevel
244 }
245
246 if msg.Acc.User != "" && msg.Acc.User != userId {
247 if s.authLvl != auth.LevelRoot {
248 logs.Warn.Println("replyUpdateUser: attempt to change another's account by non-root", s.sid)
249 s.queueOut(ErrPermissionDenied(msg.Id, "", msg.Timestamp))
250 return
251 }
252 // Root is editing someone else's account.
253 userId = msg.Acc.User
254 authLvl = auth.ParseAuthLevel(msg.Acc.AuthLevel)
255 }
256
257 uid := types.ParseUserId(userId)
258 if uid.IsZero() {
259 // msg.Acc.User contains invalid data.
260 s.queueOut(ErrMalformed(msg.Id, "", msg.Timestamp))
261 logs.Warn.Println("replyUpdateUser: user id is invalid or missing", s.sid)
262 return
263 }
264
265 // Only root can suspend accounts, including own account.
266 if msg.Acc.State != "" && s.authLvl != auth.LevelRoot {
267 s.queueOut(ErrPermissionDenied(msg.Id, "", msg.Timestamp))
268 logs.Warn.Println("replyUpdateUser: attempt to change account state by non-root", s.sid)
269 return
270 }
271
272 user, err := store.Users.Get(uid)
273 if user == nil && err == nil {
274 err = types.ErrNotFound
275 }
276 if err != nil {
277 logs.Warn.Println("replyUpdateUser: failed to fetch user from DB", err, s.sid)
278 s.queueOut(decodeStoreError(err, msg.Id, msg.Timestamp, nil))
279 return
280 }
281
282 var params map[string]any
283 if msg.Acc.Scheme != "" {

Callers 1

accMethod · 0.85

Calls 15

LevelTypeAlias · 0.92
ParseAuthLevelFunction · 0.92
ParseUserIdFunction · 0.92
DurationTypeAlias · 0.92
ErrPermissionDeniedFunction · 0.85
ErrMalformedFunction · 0.85
decodeStoreErrorFunction · 0.85
updateUserAuthFunction · 0.85
addCredsFunction · 0.85
stringSliceDeltaFunction · 0.85
changeUserStateFunction · 0.85
InfoNotModifiedFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…