server|FEAT: Update database logic to handle message key

mindit-io · Aug 26, 2020 · 091854f · 091854f
1 parent 4054d1f
commit 091854f
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 42 deletions.
diff --git a/owasp-top10-2016-mobile/m5/panda_zap/server/database/database.go b/owasp-top10-2016-mobile/m5/panda_zap/server/database/database.go
@@ -9,9 +9,10 @@ import (
 type Database interface {
 	Ping() error
 	Close() error
-	InsertUser(user *user.User) error
+	InsertUser(user *user.User, keyRemoval bool) error
 	GetUser(username string) (*user.User, error)
+	GetUserWithoutKeyWipe(username string) (*user.User, error)
 	GetUserKey(username string) (string, error)
-	UpdateUserMessages(username string, messages *[]message.Message) error
+	UpdateUserMessages(username string, messages []message.Message) error
 	UpdateUserKey(username string, newKey string) error
 }
diff --git a/owasp-top10-2016-mobile/m5/panda_zap/server/database/gocache.go b/owasp-top10-2016-mobile/m5/panda_zap/server/database/gocache.go
@@ -2,6 +2,7 @@ package database
 
 import (
 	"errors"
+	"fmt"
 
 	"github.com/globocom/secDevLabs/owasp-top10-2016-mobile/m5/panda_zap/server/message"
 	"github.com/globocom/secDevLabs/owasp-top10-2016-mobile/m5/panda_zap/server/user"
@@ -31,14 +32,14 @@ func NewGoCacheDBSession(logger *zap.SugaredLogger, settings *viper.Viper) (*GoC
 
 // removeKey attempts to remove a given user's key from the database.
 func (gc *GoCacheDB) removeKey(user *user.User) error {
-	keylessUser := user
-	keylessUser.Key = ""
+	// keylessUser := user
+	// keylessUser.Key = ""
 
-	if err := gc.InsertUser(keylessUser); err != nil {
-		return err
-	}
+	// if err := gc.InsertUser(keylessUser, true); err != nil {
+	// 	return err
+	// }
 
-	gc.Logger.Info("User key removed from database")
+	// gc.Logger.Info("User key removed from database")
 	return nil
 }
 
@@ -57,30 +58,30 @@ func (gc *GoCacheDB) Close() error {
 }
 
 // InsertUser returns nil if an user was inserted successfully.
-func (gc *GoCacheDB) InsertUser(user *user.User) error {
+func (gc *GoCacheDB) InsertUser(user *user.User, keyRemoval bool) error {
 
 	gc.Session.Set(user.Name, user, cache.NoExpiration)
-	gc.Logger.Info("User inserted into the database")
+	if !keyRemoval {
+		gc.Logger.Info(fmt.Sprintf("User '%s' inserted into the database", user.Name))
+	}
 
 	return nil
 }
 
-// GetUser returns a user from the database.
+// GetUser returns an user from the database.
 func (gc *GoCacheDB) GetUser(username string) (*user.User, error) {
 
 	userFromDBInterface, found := gc.Session.Get(username)
 	if !found {
-		gc.Logger.Warn("User not present in the database")
-		return nil, errors.New("User not present in the database")
+		return nil, fmt.Errorf("User '%s' not found in the database", username)
 	}
-	gc.Logger.Info("Got user from the database")
 
 	userFromDB := userFromDBInterface.(*user.User)
 
 	keyLessUser := &user.User{
-		ID:       userFromDB.ID,
-		Name:     userFromDB.Name,
-		Key:      "",
+		ID:   userFromDB.ID,
+		Name: userFromDB.Name,
+		// Key:      "",
 		Messages: userFromDB.Messages,
 	}
 
@@ -91,34 +92,54 @@ func (gc *GoCacheDB) GetUser(username string) (*user.User, error) {
 	return userFromDB, nil
 }
 
-// GetUserKey returns the key of a given user.
-func (gc *GoCacheDB) GetUserKey(username string) (string, error) {
-
+// GetUserWithoutKeyWipe returns an user from the database.
+func (gc *GoCacheDB) GetUserWithoutKeyWipe(username string) (*user.User, error) {
 	userFromDBInterface, found := gc.Session.Get(username)
 	if !found {
-		gc.Logger.Warn("User not present in the database")
-		return "", errors.New("User not present in the database")
+		return nil, fmt.Errorf("User '%s' not present in the database", username)
 	}
-	gc.Logger.Info("Got user key from the database")
 
 	userFromDB := userFromDBInterface.(*user.User)
 
-	keyLessUser := &user.User{
+	userWithMessagesRemoved := &user.User{
 		ID:       userFromDB.ID,
 		Name:     userFromDB.Name,
-		Key:      "",
-		Messages: userFromDB.Messages,
+		Messages: nil,
 	}
+	gc.InsertUser(userWithMessagesRemoved, true)
 
-	if err := gc.removeKey(keyLessUser); err != nil {
-		gc.Logger.Warn("Error removing user key from database")
-	}
+	return userFromDB, nil
+}
+
+// GetUserKey returns the key of a given user.
+func (gc *GoCacheDB) GetUserKey(username string) (string, error) {
+
+	// userFromDBInterface, found := gc.Session.Get(username)
+	// if !found {
+	// 	gc.Logger.Warn("User not present in the database")
+	// 	return "", errors.New("User not present in the database")
+	// }
+	// gc.Logger.Info("Got user key from the database")
+
+	// userFromDB := userFromDBInterface.(*user.User)
+
+	// keyLessUser := &user.User{
+	// 	ID:       userFromDB.ID,
+	// 	Name:     userFromDB.Name,
+	// 	Key:      "",
+	// 	Messages: userFromDB.Messages,
+	// }
+
+	// if err := gc.removeKey(keyLessUser); err != nil {
+	// 	gc.Logger.Warn("Error removing user key from database")
+	// }
 
-	return userFromDB.Key, nil
+	// return userFromDB.Key, nil
+	return "", nil
 }
 
 // UpdateUserMessages attempts to update messages from a given user.
-func (gc *GoCacheDB) UpdateUserMessages(username string, messages *[]message.Message) error {
+func (gc *GoCacheDB) UpdateUserMessages(username string, messages []message.Message) error {
 
 	userFromDBInterface, found := gc.Session.Get(username)
 	if !found {
@@ -127,28 +148,27 @@ func (gc *GoCacheDB) UpdateUserMessages(username string, messages *[]message.Mes
 	}
 
 	userFromDB := userFromDBInterface.(*user.User)
-	userFromDB.Messages = messages
+	userFromDB.Messages = append(userFromDB.Messages, messages...)
 
 	gc.Session.Set(username, userFromDB, cache.NoExpiration)
-	gc.Logger.Info("User messages updated")
 
 	return nil
 }
 
 // UpdateUserKey attempts to update messages from a given user.
 func (gc *GoCacheDB) UpdateUserKey(username string, newKey string) error {
 
-	userFromDBInterface, found := gc.Session.Get(username)
-	if !found {
-		gc.Logger.Warn("User not present in the database")
-		return errors.New("User not present in the database")
-	}
+	// userFromDBInterface, found := gc.Session.Get(username)
+	// if !found {
+	// 	gc.Logger.Warn("User not present in the database")
+	// 	return errors.New("User not present in the database")
+	// }
 
-	userFromDB := userFromDBInterface.(*user.User)
-	userFromDB.Key = newKey
+	// userFromDB := userFromDBInterface.(*user.User)
+	// userFromDB.Key = newKey
 
-	gc.Session.Set(username, userFromDB, cache.NoExpiration)
-	gc.Logger.Info("User key updated")
+	// gc.Session.Set(username, userFromDB, cache.NoExpiration)
+	// gc.Logger.Info("User key updated")
 
 	return nil
 }