Skip to content
Snippets Groups Projects
Commit 6a5da2a2 authored by Alexis POYEN's avatar Alexis POYEN
Browse files

Fix: some code optimization

parent fdb3642b
No related branches found
No related tags found
No related merge requests found
Checking pipeline status
Hide whitespace changes
Inline Side-by-side
internal/auth/inmemory.go
+ 14
12
View file @ 6a5da2a2
...@@ -96,17 +96,20 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) { ...@@ -96,17 +96,20 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) {
http.Error(w, err.Error(), 400) http.Error(w, err.Error(), 400)
return return
} }
// Check login don't already exist
for _, val := range users {
if newUser.Login == val.Login {
http.Error(w, "login already exists", 400)
return
}
}
// Encrypt the password with bcrypt // Encrypt the password with bcrypt
if newUser.Password == "" { if newUser.Password == "" {
http.Error(w, "passwords cannot be blank", 400) http.Error(w, "passwords cannot be blank", 400)
return return
}
if newUser.Role == "ADMIN" {
newUser.IsAdmin = true
} else { } else {
newUser.IsAdmin = false
}
if newUser.Password != "" {
hash, err := bcrypt.GenerateFromPassword([]byte(newUser.Password), bcrypt.DefaultCost) hash, err := bcrypt.GenerateFromPassword([]byte(newUser.Password), bcrypt.DefaultCost)
if err != nil { if err != nil {
http.Error(w, err.Error(), 400) http.Error(w, err.Error(), 400)
...@@ -115,13 +118,12 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) { ...@@ -115,13 +118,12 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) {
newUser.PasswordHash = string(hash) newUser.PasswordHash = string(hash)
newUser.Password = "" newUser.Password = ""
} }
// Check login don't already exist if newUser.Role == "ADMIN" {
for _, val := range users { newUser.IsAdmin = true
if newUser.Login == val.Login { } else {
http.Error(w, "login already exists", 400) newUser.IsAdmin = false
return
}
} }
d.createUser(newUser) d.createUser(newUser)
d.db.Last(&newUser) d.db.Last(&newUser)
json.NewEncoder(w).Encode(newUser) json.NewEncoder(w).Encode(newUser)
......
internal/auth/oauth2.go
+ 1
1
View file @ 6a5da2a2
...@@ -59,7 +59,7 @@ func (m Manager) HandleOAuth2Login(w http.ResponseWriter, r *http.Request) { ...@@ -59,7 +59,7 @@ func (m Manager) HandleOAuth2Login(w http.ResponseWriter, r *http.Request) {
// Generate state and store it in cookie // Generate state and store it in cookie
oauthStateString, err := common.GenerateRandomString(16) oauthStateString, err := common.GenerateRandomString(16)
if err != nil { if err != nil {
log.Logger.Fatalf("Error generating OAuth2 strate string :%v\n", err) log.Logger.Fatalf("Error generating OAuth2 state string :%v\n", err)
} }
tokens.Manager.StoreData(oauthStateString, m.Hostname, oAuth2StateKey, 30*time.Second, w) tokens.Manager.StoreData(oauthStateString, m.Hostname, oAuth2StateKey, 30*time.Second, w)
url := m.Config.AuthCodeURL(oauthStateString) url := m.Config.AuthCodeURL(oauthStateString)
......
internal/rootmux/rootmux.go
+ 1
2
View file @ 6a5da2a2
...@@ -6,9 +6,8 @@ import ( ...@@ -6,9 +6,8 @@ import (
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/internal/auth" "forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/internal/auth"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/internal/models" "forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/internal/models"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/middlewares"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/common" "forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/common"
"forge.grandlyon.com/systemes-dinformation/project-template/sdk-go/pkg/middlewares"
) )
// RootMux represents the main controller of the application // RootMux represents the main controller of the application
......
internal/rootmux/rootmux_test.go
+ 6
8
View file @ 6a5da2a2
...@@ -89,28 +89,26 @@ func appTests(t *testing.T) { ...@@ -89,28 +89,26 @@ func appTests(t *testing.T) {
json.Unmarshal([]byte(response), &token) json.Unmarshal([]byte(response), &token)
xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken} xsrfHeader := map[string]string{"XSRF-TOKEN": token.XSRFToken}
const apiOperation1 = "/api/Operations/1"
const apiBankAccount1 = "/api/BankAccounts/1"
// Add invalid operation between client and Bakery must be refused with 417 (Expectation failed) // Add invalid operation between client and Bakery must be refused with 417 (Expectation failed)
do("POST", "/api/Operations", xsrfHeader, `{"Debtor":1,"Amount":-1789,"Creditor":2}`, 417, "Not enough money") do("POST", "/api/Operations", xsrfHeader, `{"Debtor":1,"Amount":-1789,"Creditor":2}`, 417, "Not enough money")
// Add an operation between Dupond and Bakery and verify that bank accounts are updated and opposite operation is created // Add an operation between Dupond and Bakery and verify that bank accounts are updated and opposite operation is created
do("POST", "/api/Operations", xsrfHeader, `{"Debtor":1,"Amount":-100,"Creditor":2}`, 200, "") do("POST", "/api/Operations", xsrfHeader, `{"Debtor":1,"Amount":-100,"Creditor":2}`, 200, "")
do("GET", apiOperation1, xsrfHeader, "", 200, `{"ID":1,"Debtor":1,"Amount":-100`) do("GET", "/api/Operations/1", xsrfHeader, "", 200, `{"ID":1,"Debtor":1,"Amount":-100`)
do("GET", "/api/Operations/2", xsrfHeader, "", 200, `{"ID":2,"Debtor":2,"Amount":100`) do("GET", "/api/Operations/2", xsrfHeader, "", 200, `{"ID":2,"Debtor":2,"Amount":100`)
do("GET", apiBankAccount1, xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":358,"BankOverdraft":-100,"Operations":[{"ID":1,"Debtor":1,"Amount":-100,"Date":"`) do("GET", "/api/BankAccounts/1", xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":358,"BankOverdraft":-100,"Operations":[{"ID":1,"Debtor":1,"Amount":-100,"Date":"`)
do("GET", "/api/BankAccounts/2", xsrfHeader, "", 200, `{"ID":2,"Number":"02-01","UserClientID":2,"Type":"checking-account","Amount":4845,"BankOverdraft":-500,"Operations":[{"ID":2,"Debtor":2,"Amount":100,"Date":`) do("GET", "/api/BankAccounts/2", xsrfHeader, "", 200, `{"ID":2,"Number":"02-01","UserClientID":2,"Type":"checking-account","Amount":4845,"BankOverdraft":-500,"Operations":[{"ID":2,"Debtor":2,"Amount":100,"Date":`)
// Try to delete the first operation, the opposite operation should also have been deleted and bank accounts updated // Try to delete the first operation, the opposite operation should also have been deleted and bank accounts updated
do("DELETE", apiOperation1, xsrfHeader, ``, 200, "") do("DELETE", "/api/Operations/1", xsrfHeader, ``, 200, "")
do("GET", apiOperation1, xsrfHeader, "", 404, `id does not exist`) do("GET", "/api/Operations/1", xsrfHeader, "", 404, `id does not exist`)
do("GET", "/api/Operations/2", xsrfHeader, "", 404, `id does not exist`) do("GET", "/api/Operations/2", xsrfHeader, "", 404, `id does not exist`)
do("GET", apiBankAccount1, xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":458,"BankOverdraft":-100,"Operations":[]}`) do("GET", "/api/BankAccounts/1", xsrfHeader, "", 200, `{"ID":1,"Number":"01-01","UserClientID":1,"Type":"checking-account","Amount":458,"BankOverdraft":-100,"Operations":[]}`)
do("GET", "/api/BankAccounts/2", xsrfHeader, "", 200, `{"ID":2,"Number":"02-01","UserClientID":2,"Type":"checking-account","Amount":4745,"BankOverdraft":-500,"Operations":[]}`) do("GET", "/api/BankAccounts/2", xsrfHeader, "", 200, `{"ID":2,"Number":"02-01","UserClientID":2,"Type":"checking-account","Amount":4745,"BankOverdraft":-500,"Operations":[]}`)
// Delete a client should also delete his banks accounts // Delete a client should also delete his banks accounts
do("DELETE", "/api/UserClients/1", xsrfHeader, ``, 200, "") do("DELETE", "/api/UserClients/1", xsrfHeader, ``, 200, "")
do("GET", apiBankAccount1, xsrfHeader, "", 404, `id does not exist`) do("GET", "/api/BankAccounts/1", xsrfHeader, "", 404, `id does not exist`)
} }
// Do an OAuth2 login with an known admin // Do an OAuth2 login with an known admin
......
internal/rootmux/unlogged_test.go
+ 4
4
View file @ 6a5da2a2
...@@ -52,11 +52,11 @@ func UnLoggedUserTests(t *testing.T) { ...@@ -52,11 +52,11 @@ func UnLoggedUserTests(t *testing.T) {
do("POST", "/api/Operations", noH, `{"Debtor":1,"Amount":-100,"Creditor":3}`, 401, errorExtractingToken) do("POST", "/api/Operations", noH, `{"Debtor":1,"Amount":-100,"Creditor":3}`, 401, errorExtractingToken)
// Unlogged user should not be able to delete an Operation // Unlogged user should not be able to delete an Operation
do("DELETE", "/api/Operations/1", noH, ``, 401, "error extracting token") do("DELETE", "/api/Operations/1", noH, ``, 401, errorExtractingToken)
// Unlogged user should not be able to delete a BankAccount // Unlogged user should not be able to delete a BankAccount
do("DELETE", "/api/BankAccounts/2", noH, ``, 401, "error extracting token") do("DELETE", "/api/BankAccounts/2", noH, ``, 401, errorExtractingToken)
// Unlogged user should not be able to delete a Client // Unlogged user should not be able to delete a Client
do("DELETE", "/api/UserClients/2", noH, ``, 401, "error extracting token") do("DELETE", "/api/UserClients/2", noH, ``, 401, errorExtractingToken)
// Unlogged user should not be able to delete a Banker // Unlogged user should not be able to delete a Banker
do("DELETE", "/api/UserBankers/2", noH, ``, 401, "error extracting token") do("DELETE", "/api/UserBankers/2", noH, ``, 401, errorExtractingToken)
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment