fix a potential race condition for pre-login and ext auth

hooks doing something like this: err = provider.updateUser(u) ... return provider.userExists(username) could be racy if another update happen before provider.userExists(username) also pass a pointer to updateUser so if the user is modified inside "validateUser" we can just return the modified user without do a new query
2025-12-07 14:50:55 +03:00 · 2021-01-05 09:50:22 +01:00
parent 72b2c83392
commit daac90c4e1
26 changed files with 167 additions and 163 deletions
--- a/httpd/api_folder.go
+++ b/httpd/api_folder.go
@@ -63,7 +63,7 @@ func addFolder(w http.ResponseWriter, r *http.Request) {
 		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
 		return
 	}
-	err = dataprovider.AddFolder(folder)
+	err = dataprovider.AddFolder(&folder)
 	if err == nil {
 		folder, err = dataprovider.GetFolderByPath(folder.MappedPath)
 		if err == nil {
@@ -81,7 +81,7 @@ func deleteFolderByPath(w http.ResponseWriter, r *http.Request) {
 	if _, ok := r.URL.Query()["folder_path"]; ok {
 		folderPath = r.URL.Query().Get("folder_path")
 	}
-	if len(folderPath) == 0 {
+	if folderPath == "" {
 		err := errors.New("a non-empty folder path is required")
 		sendAPIResponse(w, r, err, "", http.StatusBadRequest)
 		return
@@ -92,7 +92,7 @@ func deleteFolderByPath(w http.ResponseWriter, r *http.Request) {
 		sendAPIResponse(w, r, err, "", getRespStatus(err))
 		return
 	}
-	err = dataprovider.DeleteFolder(folder)
+	err = dataprovider.DeleteFolder(&folder)
 	if err != nil {
 		sendAPIResponse(w, r, err, "", http.StatusInternalServerError)
 	} else {