Fix signup risk of enumeration to test emails

* Now, if a known email is used, it will still return the same result * If a known email is used, we will ping the email address to know that there was a signup attempt
2022-05-01 13:23:51 +02:00
parent dd8d2a677d
commit 0af09dcc01
3 changed files with 59 additions and 25 deletions
--- a/models/user.go
+++ b/models/user.go
@@ -5,6 +5,7 @@ import (
 	"time"

 	"github.com/golang-jwt/jwt"
+	"github.com/google/uuid"
 	"github.com/yxzzy-wtf/gin-gonic-prepack/database"
 	"github.com/yxzzy-wtf/gin-gonic-prepack/util"
 )
@@ -42,3 +43,27 @@ func (u *User) ByEmail(email string) error {

 	return nil
 }
+
+func (u *User) Create() error {
+	if u.Uid != uuid.Nil {
+		return errors.New("cannot create with existing uid")
+	}
+
+	if err := database.Db.Create(&u).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (u *User) Save() error {
+	if u.Uid == uuid.Nil {
+		return errors.New("cannot save without uid")
+	}
+
+	if err := database.Db.Save(&u).Error; err != nil {
+		return err
+	}
+
+	return nil
+}