Skip to content

Commit 6360bfb

Browse files
ocielliottcocielliottc
committed
Renamed and modified the unsecure update method to only update the last seen field of a member profile to reduce the security impact.
1 parent 40b92b4 commit 6360bfb

File tree

3 files changed

+10
-6
lines changed

3 files changed

+10
-6
lines changed

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/MemberProfileServices.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,5 +28,5 @@ Set<MemberProfile> findByValues(String firstName, String lastName, String title,
2828

2929
MemberProfile updateProfile(MemberProfile memberProfile);
3030

31-
MemberProfile unsecureUpdateProfile(MemberProfile memberProfile);
31+
void updateLastSeen(UUID id);
3232
}

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/MemberProfileServicesImpl.java

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import org.slf4j.LoggerFactory;
2525

2626
import java.util.*;
27+
import java.time.LocalDate;
2728

2829
import static com.objectcomputing.checkins.util.Util.nullSafeUUIDToString;
2930
import static com.objectcomputing.checkins.services.validate.PermissionsValidation.NOT_AUTHORIZED_MSG;
@@ -258,7 +259,12 @@ public MemberProfile updateProfile(MemberProfile memberProfile) {
258259

259260
@Override
260261
@CacheInvalidate(cacheNames = {"member-cache"})
261-
public MemberProfile unsecureUpdateProfile(MemberProfile memberProfile) {
262-
return memberProfileRepository.update(memberProfile);
262+
public void updateLastSeen(UUID id) {
263+
Optional<MemberProfile> profile = memberProfileRepository.findById(id);
264+
if (profile.isPresent()) {
265+
MemberProfile memberProfile = profile.get();
266+
memberProfile.setLastSeen(LocalDate.now());
267+
memberProfileRepository.update(memberProfile);
268+
}
263269
}
264270
}

server/src/main/java/com/objectcomputing/checkins/services/memberprofile/currentuser/CurrentUserController.java

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@
1919
import io.swagger.v3.oas.annotations.tags.Tag;
2020

2121
import java.net.URI;
22-
import java.time.LocalDate;
2322
import java.util.List;
2423
import java.util.Set;
2524
import java.util.UUID;
@@ -63,8 +62,7 @@ public HttpResponse<CurrentUserDTO> currentUser(@Nullable Authentication authent
6362

6463
MemberProfile user = currentUserServices.findOrSaveUser(firstName, lastName, workEmail);
6564

66-
user.setLastSeen(LocalDate.now());
67-
memberProfileServices.unsecureUpdateProfile(user);
65+
memberProfileServices.updateLastSeen(user.getId());
6866
List<Permission> permissions = rolePermissionServices.findUserPermissions(user.getId());
6967

7068
Set<Role> roles = roleServices.findUserRoles(user.getId());

0 commit comments

Comments
 (0)