From a90cd9ad824d3969b829065a919f0448688da9b4 Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Fri, 10 May 2019 11:58:40 -0700 Subject: [PATCH] Some improvments to cloud connect flow. --- server/instance_cloud.go | 2 +- server/user.go | 5 +++++ server/user_cloud.go | 7 +------ 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/server/instance_cloud.go b/server/instance_cloud.go index 09afbd1ab..d10753b4d 100644 --- a/server/instance_cloud.go +++ b/server/instance_cloud.go @@ -165,7 +165,7 @@ func (jci jiraCloudInstance) parseHTTPRequestJWT(r *http.Request) (*jwt.Token, s // HMAC secret is a []byte return []byte(jci.AtlassianSecurityContext.SharedSecret), nil }) - if err != nil { + if err != nil || !token.Valid { return nil, "", errors.WithMessage(err, "failed to validatte JWT") } diff --git a/server/user.go b/server/user.go index dccd8034c..8da3361e1 100644 --- a/server/user.go +++ b/server/user.go @@ -41,6 +41,11 @@ func httpUserConnect(ji Instance, w http.ResponseWriter, r *http.Request) (int, return http.StatusUnauthorized, errors.New("not authorized") } + // Users shouldn't be able to make multiple connections. + if jiraUser, err := ji.GetPlugin().LoadJIRAUser(ji, mattermostUserId); err == nil && len(jiraUser.Key) != 0 { + return http.StatusBadRequest, errors.New("Already connected to a JIRA account. Please use /jira disconnect to disconnect.") + } + redirectURL, err := ji.GetUserConnectURL(mattermostUserId) if err != nil { return http.StatusInternalServerError, err diff --git a/server/user_cloud.go b/server/user_cloud.go index 050bcfa0d..10d671ade 100644 --- a/server/user_cloud.go +++ b/server/user_cloud.go @@ -19,8 +19,6 @@ const ( argMMToken = "mm_token" ) -const requireUserApproval = true - func httpACUserRedirect(jci *jiraCloudInstance, w http.ResponseWriter, r *http.Request) (int, error) { if r.Method != http.MethodGet { return http.StatusMethodNotAllowed, @@ -32,10 +30,7 @@ func httpACUserRedirect(jci *jiraCloudInstance, w http.ResponseWriter, r *http.R return http.StatusBadRequest, err } - submitURL := path.Join(jci.Plugin.GetPluginURLPath(), routeACUserConnected) - if requireUserApproval { - submitURL = path.Join(jci.Plugin.GetPluginURLPath(), routeACUserConfirm) - } + submitURL := path.Join(jci.Plugin.GetPluginURLPath(), routeACUserConfirm) return jci.Plugin.respondWithTemplate(w, r, "text/html", struct { SubmitURL string