Commit 6a5da2a2 authored by Alexis POYEN's avatar Alexis POYEN
Browse files

Fix: some code optimization

parent fdb3642b
Pipeline #13591 passed with stage
in 6 minutes and 44 seconds
......@@ -96,17 +96,20 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) {
http.Error(w, err.Error(), 400)
return
}
// Check login don't already exist
for _, val := range users {
if newUser.Login == val.Login {
http.Error(w, "login already exists", 400)
return
}
}
// Encrypt the password with bcrypt
if newUser.Password == "" {
http.Error(w, "passwords cannot be blank", 400)
return
}
if newUser.Role == "ADMIN" {
newUser.IsAdmin = true
} else {
newUser.IsAdmin = false
}
if newUser.Password != "" {
hash, err := bcrypt.GenerateFromPassword([]byte(newUser.Password), bcrypt.DefaultCost)
if err != nil {
http.Error(w, err.Error(), 400)
......@@ -115,13 +118,12 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) {
newUser.PasswordHash = string(hash)
newUser.Password = ""
}
// Check login don't already exist
for _, val := range users {
if newUser.Login == val.Login {
http.Error(w, "login already exists", 400)
return
}
if newUser.Role == "ADMIN" {
newUser.IsAdmin = true
} else {
newUser.IsAdmin = false
}
d.createUser(newUser)
d.db.Last(&newUser)
json.NewEncoder(w).Encode(newUser)
......
......@@ -59,7 +59,7 @@ func (m Manager) HandleOAuth2Login(w http.ResponseWriter, r *http.Request) {
// Generate state and store it in cookie
oauthStateString, err := common.GenerateRandomString(16)
if err != nil {
log.Logger.Fatalf("Error generating OAuth2 strate string :%v\n", err)
log.Logger.Fatalf("Error generating OAuth2 state string :%v\n", err)
}
tokens.Manager.StoreData(oauthStateString, m.Hostname, oAuth2StateKey, 30*time.Second, w)
url := m.Config.AuthCodeURL(oauthStateString)
......
......@@ -6,9 +6,8 @@ import (
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/internal/auth"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/internal/models"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/middlewares"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/common"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/middlewares"
)
// RootMux represents the main controller of the application
......
......@@ -89,28 +89,26 @@ func appTests(t *testing.T) {
json.Unmarshal([]byte(response), &token)
xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken}
const apiOperation1 = "/api/Operations/1"
const apiBankAccount1 = "/api/BankAccounts/1"
// Add invalid operation between client and Bakery must be refused with 417 (Expectation failed)
do("POST", "/api/Operations", xsrfHeader, `{"Debtor":1,"Amount":-1789,"Creditor":2}`, 417, "Not enough money")
// Add an operation between Dupond and Bakery and verify that bank accounts are updated and opposite operation is created
do("POST", "/api/Operations", xsrfHeader, `{"Debtor":1,"Amount":-100,"Creditor":2}`, 200, "")
do("GET", apiOperation1, xsrfHeader, "", 200, `{"ID":1,"Debtor":1,"Amount":-100`)
do("GET", "/api/Operations/1", xsrfHeader, "", 200, `{"ID":1,"Debtor":1,"Amount":-100`)
do("GET", "/api/Operations/2", xsrfHeader, "", 200, `{"ID":2,"Debtor":2,"Amount":100`)
do("GET", apiBankAccount1, xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":358,"BankOverdraft":-100,"Operations":[{"ID":1,"Debtor":1,"Amount":-100,"Date":"`)
do("GET", "/api/BankAccounts/1", xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":358,"BankOverdraft":-100,"Operations":[{"ID":1,"Debtor":1,"Amount":-100,"Date":"`)
do("GET", "/api/BankAccounts/2", xsrfHeader, "", 200, `{"ID":2,"Number":"02-01","UserClientID":2,"Type":"checking-account","Amount":4845,"BankOverdraft":-500,"Operations":[{"ID":2,"Debtor":2,"Amount":100,"Date":`)
// Try to delete the first operation, the opposite operation should also have been deleted and bank accounts updated
do("DELETE", apiOperation1, xsrfHeader, ``, 200, "")
do("GET", apiOperation1, xsrfHeader, "", 404, `id does not exist`)
do("DELETE", "/api/Operations/1", xsrfHeader, ``, 200, "")
do("GET", "/api/Operations/1", xsrfHeader, "", 404, `id does not exist`)
do("GET", "/api/Operations/2", xsrfHeader, "", 404, `id does not exist`)
do("GET", apiBankAccount1, xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":458,"BankOverdraft":-100,"Operations":[]}`)
do("GET", "/api/BankAccounts/1", xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":458,"BankOverdraft":-100,"Operations":[]}`)
do("GET", "/api/BankAccounts/2", xsrfHeader, "", 200, `{"ID":2,"Number":"02-01","UserClientID":2,"Type":"checking-account","Amount":4745,"BankOverdraft":-500,"Operations":[]}`)
// Delete a client should also delete his banks accounts
do("DELETE", "/api/UserClients/1", xsrfHeader, ``, 200, "")
do("GET", apiBankAccount1, xsrfHeader, "", 404, `id does not exist`)
do("GET", "/api/BankAccounts/1", xsrfHeader, "", 404, `id does not exist`)
}
// Do an OAuth2 login with an known admin
......
......@@ -52,11 +52,11 @@ func UnLoggedUserTests(t *testing.T) {
do("POST", "/api/Operations", noH, `{"Debtor":1,"Amount":-100,"Creditor":3}`, 401, errorExtractingToken)
// Unlogged user should not be able to delete an Operation
do("DELETE", "/api/Operations/1", noH, ``, 401, "error extracting token")
do("DELETE", "/api/Operations/1", noH, ``, 401, errorExtractingToken)
// Unlogged user should not be able to delete a BankAccount
do("DELETE", "/api/BankAccounts/2", noH, ``, 401, "error extracting token")
do("DELETE", "/api/BankAccounts/2", noH, ``, 401, errorExtractingToken)
// Unlogged user should not be able to delete a Client
do("DELETE", "/api/UserClients/2", noH, ``, 401, "error extracting token")
do("DELETE", "/api/UserClients/2", noH, ``, 401, errorExtractingToken)
// Unlogged user should not be able to delete a Banker
do("DELETE", "/api/UserBankers/2", noH, ``, 401, "error extracting token")
do("DELETE", "/api/UserBankers/2", noH, ``, 401, errorExtractingToken)
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment