From b9404f14dc6104ac89b3b128b3e53ecc9b8f83bf Mon Sep 17 00:00:00 2001
From: leoshine <71440988+leo220yuyaodog@users.noreply.github.com>
Date: Sun, 10 Jul 2022 00:40:52 +0800
Subject: [PATCH] feat: fix bug of using email provider from wrong application
 (#869)

---
 controllers/verification.go    | 17 ++++++++---------
 web/src/ResetModal.js          |  4 ++--
 web/src/Setting.js             |  4 ++++
 web/src/UserEditPage.js        |  4 ++--
 web/src/auth/ForgetPage.js     |  4 ++--
 web/src/auth/LoginPage.js      |  2 +-
 web/src/auth/SignupPage.js     |  4 ++--
 web/src/backend/UserBackend.js |  4 ++--
 8 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/controllers/verification.go b/controllers/verification.go
index 615fad86..b6c2cc75 100644
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -42,14 +42,14 @@ func (c *ApiController) getCurrentUser() *object.User {
 func (c *ApiController) SendVerificationCode() {
 	destType := c.Ctx.Request.Form.Get("type")
 	dest := c.Ctx.Request.Form.Get("dest")
-	orgId := c.Ctx.Request.Form.Get("organizationId")
 	checkType := c.Ctx.Request.Form.Get("checkType")
 	checkId := c.Ctx.Request.Form.Get("checkId")
 	checkKey := c.Ctx.Request.Form.Get("checkKey")
 	checkUser := c.Ctx.Request.Form.Get("checkUser")
+	applicationId := c.Ctx.Request.Form.Get("applicationId")
 	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)
 
-	if len(destType) == 0 || len(dest) == 0 || len(orgId) == 0 || !strings.Contains(orgId, "/") || len(checkType) == 0 {
+	if destType == "" || dest == "" || applicationId == "" || !strings.Contains(applicationId, "/") || checkType == "" {
 		c.ResponseError("Missing parameter.")
 		return
 	}
@@ -74,8 +74,8 @@ func (c *ApiController) SendVerificationCode() {
 	}
 
 	user := c.getCurrentUser()
-	organization := object.GetOrganization(orgId)
-	application := object.GetApplicationByOrganizationName(organization.Name)
+	application := object.GetApplication(applicationId)
+	organization := object.GetOrganization(fmt.Sprintf("%s/%s", application.Owner, application.Organization))
 
 	if checkUser == "true" && user == nil && object.GetUserByFields(organization.Name, dest) == nil {
 		c.ResponseError("Please login first")
@@ -85,7 +85,7 @@ func (c *ApiController) SendVerificationCode() {
 	sendResp := errors.New("Invalid dest type")
 
 	if user == nil && checkUser != "" && checkUser != "true" {
-		_, name := util.GetOwnerAndNameFromId(orgId)
+		name := application.Organization
 		user = object.GetUser(fmt.Sprintf("%s/%s", name, checkUser))
 	}
 	switch destType {
@@ -108,13 +108,12 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError("Invalid phone number")
 			return
 		}
-		org := object.GetOrganization(orgId)
-		if org == nil {
-			c.ResponseError("Missing parameter.")
+		if organization == nil {
+			c.ResponseError("The organization doesn't exist.")
 			return
 		}
 
-		dest = fmt.Sprintf("+%s%s", org.PhonePrefix, dest)
+		dest = fmt.Sprintf("+%s%s", organization.PhonePrefix, dest)
 		provider := application.GetSmsProvider()
 		sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, dest)
 	}
diff --git a/web/src/ResetModal.js b/web/src/ResetModal.js
index bc6233ce..fce545c0 100644
--- a/web/src/ResetModal.js
+++ b/web/src/ResetModal.js
@@ -25,7 +25,7 @@ export const ResetModal = (props) => {
   const [confirmLoading, setConfirmLoading] = React.useState(false);
   const [dest, setDest] = React.useState("");
   const [code, setCode] = React.useState("");
-  const {buttonText, destType, org} = props;
+  const {buttonText, destType, application} = props;
 
   const showModal = () => {
     setVisible(true);
@@ -89,7 +89,7 @@ export const ResetModal = (props) => {
             <CountDownInput
               textBefore={i18next.t("code:Code You Received")}
               onChange={setCode}
-              onButtonClickArgs={[dest, destType, `${org?.owner}/${org?.name}`]}
+              onButtonClickArgs={[dest, destType, Setting.getApplicationName(application)]}
             />
           </Row>
         </Col>
diff --git a/web/src/Setting.js b/web/src/Setting.js
index 3525ad09..2fd0e91b 100644
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -817,6 +817,10 @@ export function getApplicationOrgName(application) {
   return `${application?.organizationObj.owner}/${application?.organizationObj.name}`;
 }
 
+export function getApplicationName(application) {
+  return `${application?.owner}/${application?.name}`;
+}
+
 export function getRandomName() {
   return Math.random().toString(36).slice(-6);
 }
diff --git a/web/src/UserEditPage.js b/web/src/UserEditPage.js
index 27f4f5a8..dc21f65a 100644
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -289,7 +289,7 @@ class UserEditPage extends React.Component {
                    }} />
           </Col>
           <Col span={11} >
-            { this.state.user.id === this.props.account?.id ? (<ResetModal org={this.state.application?.organizationObj} buttonText={i18next.t("user:Reset Email...")} destType={"email"} />) : null}
+            { this.state.user.id === this.props.account?.id ? (<ResetModal application={this.state.application} buttonText={i18next.t("user:Reset Email...")} destType={"email"} />) : null}
           </Col>
         </Row>
       )
@@ -307,7 +307,7 @@ class UserEditPage extends React.Component {
                    }}/>
           </Col>
           <Col span={11} >
-            { this.state.user.id === this.props.account?.id ? (<ResetModal org={this.state.application?.organizationObj} buttonText={i18next.t("user:Reset Phone...")} destType={"phone"} />) : null}
+            { this.state.user.id === this.props.account?.id ? (<ResetModal application={this.state.application} buttonText={i18next.t("user:Reset Phone...")} destType={"phone"} />) : null}
           </Col>
         </Row>
       )
diff --git a/web/src/auth/ForgetPage.js b/web/src/auth/ForgetPage.js
index 1c22e72f..96f2fa50 100644
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@@ -351,12 +351,12 @@ class ForgetPage extends React.Component {
               {this.state.verifyType === "email" ? (
                   <CountDownInput
                     disabled={this.state.username === "" || this.state.verifyType === ""}
-                    onButtonClickArgs={[this.state.email, "email", Setting.getApplicationOrgName(this.state.application), this.state.name]}
+                    onButtonClickArgs={[this.state.email, "email", Setting.getApplicationName(this.state.application), this.state.name]}
                   />
               ) : (
                   <CountDownInput
                     disabled={this.state.username === "" || this.state.verifyType === ""}
-                    onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationOrgName(this.state.application), this.state.name]}
+                    onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationName(this.state.application), this.state.name]}
                   />
               )}
             </Form.Item>
diff --git a/web/src/auth/LoginPage.js b/web/src/auth/LoginPage.js
index ecf4b78e..27336fd1 100644
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -455,7 +455,7 @@ class LoginPage extends React.Component {
               >
                 <CountDownInput
                   disabled={this.state.username?.length === 0 || !this.state.validEmailOrPhone}
-                  onButtonClickArgs={[this.state.username, this.state.validEmail ? "email" : "phone", Setting.getApplicationOrgName(application)]}
+                  onButtonClickArgs={[this.state.username, this.state.validEmail ? "email" : "phone", Setting.getApplicationName(application)]}
                 />
               </Form.Item>
             ) : (
diff --git a/web/src/auth/SignupPage.js b/web/src/auth/SignupPage.js
index 3f06a255..dd985610 100644
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@@ -343,7 +343,7 @@ class SignupPage extends React.Component {
             >
               <CountDownInput
                 disabled={!this.state.validEmail}
-                onButtonClickArgs={[this.state.email, "email", Setting.getApplicationOrgName(application)]}
+                onButtonClickArgs={[this.state.email, "email", Setting.getApplicationName(application)]}
               />
             </Form.Item>
           }
@@ -395,7 +395,7 @@ class SignupPage extends React.Component {
           >
             <CountDownInput
               disabled={!this.state.validPhone}
-              onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationOrgName(application)]}
+              onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationName(application)]}
             />
           </Form.Item>
         </React.Fragment>
diff --git a/web/src/backend/UserBackend.js b/web/src/backend/UserBackend.js
index ea9eb455..67636f05 100644
--- a/web/src/backend/UserBackend.js
+++ b/web/src/backend/UserBackend.js
@@ -88,14 +88,14 @@ export function setPassword(userOwner, userName, oldPassword, newPassword) {
   }).then(res => res.json());
 }
 
-export function sendCode(checkType, checkId, checkKey, dest, type, orgId, checkUser) {
+export function sendCode(checkType, checkId, checkKey, dest, type, applicationId, checkUser) {
   let formData = new FormData();
   formData.append("checkType", checkType);
   formData.append("checkId", checkId);
   formData.append("checkKey", checkKey);
   formData.append("dest", dest);
   formData.append("type", type);
-  formData.append("organizationId", orgId);
+  formData.append("applicationId", applicationId);
   formData.append("checkUser", checkUser);
   return fetch(`${Setting.ServerUrl}/api/send-verification-code`, {
     method: "POST",