Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
systemes-dinformation
project-template
SDK-GO
Commits
e9a50fb4
Commit
e9a50fb4
authored
May 04, 2020
by
Alexis POYEN
Browse files
Security : don't send back password hash
parent
f6827e83
Changes
3
Hide whitespace changes
Inline
Side-by-side
internal/rootmux/admin_test.go
View file @
e9a50fb4
...
...
@@ -64,9 +64,9 @@ func AdminTests(t *testing.T) {
xsrfHeader
:=
tester
.
Header
{
Key
:
"XSRF-TOKEN"
,
Value
:
token
.
XSRFToken
}
// Create a Client
do
(
"POST"
,
apiAdminUsers
,
xsrfHeader
,
`{"login":"UserTest","password": "password","role":"CLIENT"}`
,
200
,
`{"id":7,"idOAuth":"","login":"UserTest","role":"CLIENT"
,"passwordHash":"
`
)
do
(
"POST"
,
apiAdminUsers
,
xsrfHeader
,
`{"login":"UserTest","password": "password","role":"CLIENT"}`
,
200
,
`{"id":7,"idOAuth":"","login":"UserTest","role":"CLIENT"`
)
// Create a Banker
do
(
"POST"
,
apiAdminUsers
,
xsrfHeader
,
`{"login":"BankerTest","password": "password","role":"BANKER"}`
,
200
,
`{"id":8,"idOAuth":"","login":"BankerTest","role":"BANKER"
,"passwordHash":"
`
)
do
(
"POST"
,
apiAdminUsers
,
xsrfHeader
,
`{"login":"BankerTest","password": "password","role":"BANKER"}`
,
200
,
`{"id":8,"idOAuth":"","login":"BankerTest","role":"BANKER"`
)
// Get all users
do
(
"GET"
,
apiAdminUsers
,
xsrfHeader
,
``
,
200
,
`[{"id":1,"idOAuth":"","login":"Dupond"`
)
// Delete created users
...
...
pkg/auth/auth.go
View file @
e9a50fb4
...
...
@@ -32,7 +32,7 @@ type User struct {
IsAdmin
bool
`json:"isAdmin,omitempty"`
Name
string
`json:"name,omitempty"`
Surname
string
`json:"surname,omitempty"`
PasswordHash
string
`json:"
passwordHash,omitempty
"`
PasswordHash
string
`json:"
-
"`
Password
string
`json:"password,omitempty"`
}
...
...
pkg/auth/inmemory.go
View file @
e9a50fb4
...
...
@@ -97,7 +97,7 @@ func (d *DataHandler) AddUser(w http.ResponseWriter, req *http.Request) {
return
}
// Encrypt the password with bcrypt
if
newUser
.
Password
==
""
&&
newUser
.
PasswordHash
==
""
{
if
newUser
.
Password
==
""
{
http
.
Error
(
w
,
"passwords cannot be blank"
,
400
)
return
}
...
...
@@ -154,11 +154,6 @@ func (d *DataHandler) UpdateUser(w http.ResponseWriter, req *http.Request) {
user
.
Name
=
newUser
.
Name
user
.
Surname
=
newUser
.
Surname
user
.
Role
=
newUser
.
Role
// Encrypt the password with bcrypt if appropriate
if
newUser
.
Password
==
""
&&
newUser
.
PasswordHash
==
""
{
http
.
Error
(
w
,
"passwords cannot be blank"
,
http
.
StatusBadRequest
)
return
}
if
newUser
.
Password
!=
""
{
hash
,
err
:=
bcrypt
.
GenerateFromPassword
([]
byte
(
newUser
.
Password
),
bcrypt
.
DefaultCost
)
if
err
!=
nil
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment