From 818a48190ed0c27e231fd82d545142a10f440ee0 Mon Sep 17 00:00:00 2001 From: Scott Bishel Date: Wed, 8 Nov 2023 07:27:42 -0700 Subject: [PATCH] MM-54774 - update session roles when promote/demote guests (#25156) * update session roles from user roles. * update so user is not retrieved again * return error, rather than log warning * Update session.go Fix bad merge --------- Co-authored-by: Mattermost Build --- server/channels/app/platform/session.go | 9 +++- server/channels/app/platform/session_test.go | 56 ++++++++++++++++++++ server/channels/app/user.go | 4 +- 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/server/channels/app/platform/session.go b/server/channels/app/platform/session.go index d298b560d2..87262b465c 100644 --- a/server/channels/app/platform/session.go +++ b/server/channels/app/platform/session.go @@ -223,8 +223,13 @@ func (ps *PlatformService) ExtendSessionExpiry(session *model.Session, newExpiry return nil } -func (ps *PlatformService) UpdateSessionsIsGuest(c request.CTX, userID string, isGuest bool) error { - sessions, err := ps.GetSessions(c, userID) +func (ps *PlatformService) UpdateSessionsIsGuest(c request.CTX, user *model.User, isGuest bool) error { + sessions, err := ps.GetSessions(c, user.Id) + if err != nil { + return err + } + + _, err = ps.Store.Session().UpdateRoles(user.Id, user.GetRawRoles()) if err != nil { return err } diff --git a/server/channels/app/platform/session_test.go b/server/channels/app/platform/session_test.go index 111410a55c..99e4fd488e 100644 --- a/server/channels/app/platform/session_test.go +++ b/server/channels/app/platform/session_test.go @@ -132,3 +132,59 @@ func TestOAuthRevokeAccessToken(t *testing.T) { err = th.Service.RevokeAccessToken(th.Context, accessData.Token) require.NoError(t, err) } + +func TestUpdateSessionsIsGuest(t *testing.T) { + th := Setup(t) + defer th.TearDown() + + t.Run("Test session is demoted", func(t *testing.T) { + user := th.CreateUserOrGuest(false) + + session := &model.Session{} + session.CreateAt = model.GetMillis() + session.UserId = user.Id + session.Token = model.NewId() + session.Roles = "fake_role" + th.Service.SetSessionExpireInHours(session, 24) + + session, _ = th.Service.CreateSession(th.Context, session) + + demotedUser, err := th.Service.Store.User().DemoteUserToGuest(user.Id) + require.NoError(t, err) + require.Equal(t, model.SystemGuestRoleId, demotedUser.Roles) + + err = th.Service.UpdateSessionsIsGuest(th.Context, demotedUser, true) + require.NoError(t, err) + + session, err = th.Service.GetSession(th.Context, session.Id) + require.NoError(t, err) + require.Equal(t, model.SystemGuestRoleId, session.Roles) + require.Equal(t, "true", session.Props[model.SessionPropIsGuest]) + }) + + t.Run("Test session is promoted", func(t *testing.T) { + user := th.CreateUserOrGuest(true) + + session := &model.Session{} + session.CreateAt = model.GetMillis() + session.UserId = user.Id + session.Token = model.NewId() + session.Roles = "fake_role" + th.Service.SetSessionExpireInHours(session, 24) + + session, _ = th.Service.CreateSession(th.Context, session) + + err := th.Service.Store.User().PromoteGuestToUser(user.Id) + require.NoError(t, err) + + promotedUser, err := th.Service.Store.User().Get(th.Context.Context(), user.Id) + require.NoError(t, err) + err = th.Service.UpdateSessionsIsGuest(th.Context, promotedUser, false) + require.NoError(t, err) + + session, err = th.Service.GetSession(th.Context, session.Id) + require.NoError(t, err) + require.Equal(t, model.SystemUserRoleId, session.Roles) + require.Equal(t, "false", session.Props[model.SessionPropIsGuest]) + }) +} diff --git a/server/channels/app/user.go b/server/channels/app/user.go index 1aaa4db909..c6b1e81e43 100644 --- a/server/channels/app/user.go +++ b/server/channels/app/user.go @@ -2322,7 +2322,7 @@ func (a *App) PromoteGuestToUser(c request.CTX, user *model.User, requestorId st c.Logger().Warn("Failed to get user on promote guest to user", mlog.Err(err)) } else { a.sendUpdatedUserEvent(*promotedUser) - if uErr := a.ch.srv.platform.UpdateSessionsIsGuest(c, promotedUser.Id, promotedUser.IsGuest()); uErr != nil { + if uErr := a.ch.srv.platform.UpdateSessionsIsGuest(c, promotedUser, promotedUser.IsGuest()); uErr != nil { c.Logger().Warn("Unable to update user sessions", mlog.String("user_id", promotedUser.Id), mlog.Err(uErr)) } } @@ -2367,7 +2367,7 @@ func (a *App) DemoteUserToGuest(c request.CTX, user *model.User) *model.AppError } a.sendUpdatedUserEvent(*demotedUser) - if uErr := a.ch.srv.platform.UpdateSessionsIsGuest(c, demotedUser.Id, demotedUser.IsGuest()); uErr != nil { + if uErr := a.ch.srv.platform.UpdateSessionsIsGuest(c, demotedUser, demotedUser.IsGuest()); uErr != nil { c.Logger().Warn("Unable to update user sessions", mlog.String("user_id", demotedUser.Id), mlog.Err(uErr)) }