lywsvip/server
1
0
Fork 0
mirror of https://github.com/gotify/server.git synced 2026-05-06 21:42:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix required mismatch in update & create user

Browse Source 
This shouldn't break the api.
This commit is contained in:
Jannis Mattheis
2022-09-10 16:08:24 +02:00
parent ba0cee1da2
commit fcd9b88bb7
3 changed files with 128 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
api/user.go
View File

@@ -147,7 +147,7 @@ func (a *UserAPI) GetCurrentUser(ctx *gin.Context) {
// description: the user to add
// required: true
// schema:
// $ref: "#/definitions/UserWithPass"
// $ref: "#/definitions/CreateUserExternal"
// responses:
// 200:
// description: Ok
@@ -166,9 +166,13 @@ func (a *UserAPI) GetCurrentUser(ctx *gin.Context) {
// schema:
// $ref: "#/definitions/Error"
func (a *UserAPI) CreateUser(ctx *gin.Context) {
user := model.UserExternalWithPass{}
user := model.CreateUserExternal{}
if err := ctx.Bind(&user); err == nil {
internal := a.toInternalUser(&user, []byte{})
internal := &model.User{
Name: user.Name,
Admin: user.Admin,
Pass: password.CreatePassword(user.Pass, a.PasswordStrength),
}
existingUser, err := a.DB.GetUserByName(internal.Name)
if success := successOrAbort(ctx, 500, err); !success {
return
@@ -389,7 +393,7 @@ func (a *UserAPI) ChangePassword(ctx *gin.Context) {
// description: the updated user
// required: true
// schema:
// $ref: "#/definitions/UserWithPass"
// $ref: "#/definitions/UpdateUserExternal"
// responses:
// 200:
// description: Ok
@@ -413,7 +417,7 @@ func (a *UserAPI) ChangePassword(ctx *gin.Context) {
// $ref: "#/definitions/Error"
func (a *UserAPI) UpdateUserByID(ctx *gin.Context) {
withID(ctx, "id", func(id uint) {
var user *model.UserExternalWithPass
var user *model.UpdateUserExternal
if err := ctx.Bind(&user); err == nil {
oldUser, err := a.DB.GetUserByID(id)
if success := successOrAbort(ctx, 500, err); !success {
@@ -428,8 +432,15 @@ func (a *UserAPI) UpdateUserByID(ctx *gin.Context) {
ctx.AbortWithError(400, errors.New("cannot delete last admin"))
return
}
internal := a.toInternalUser(user, oldUser.Pass)
internal.ID = id
internal := &model.User{
ID: oldUser.ID,
Name: user.Name,
Admin: user.Admin,
Pass: oldUser.Pass,
}
if user.Pass != "" {
internal.Pass = password.CreatePassword(user.Pass, a.PasswordStrength)
}
if success := successOrAbort(ctx, 500, a.DB.UpdateUser(internal)); !success {
return
}
@@ -441,13 +452,13 @@ func (a *UserAPI) UpdateUserByID(ctx *gin.Context) {
})
}
func (a *UserAPI) toInternalUser(response *model.UserExternalWithPass, pw []byte) *model.User {
func (a *UserAPI) toInternalUser(response *model.UserExternal, newPass string, pw []byte) *model.User {
user := &model.User{
Name: response.Name,
Admin: response.Admin,
}
if response.Pass != "" {
user.Pass = password.CreatePassword(response.Pass, a.PasswordStrength)
if newPass != "" {
user.Pass = password.CreatePassword(newPass, a.PasswordStrength)
} else {
user.Pass = pw
}