fix(web2): password field for new/edited user

2025-01-20 15:29:28 +01:00 · 2021-03-13 02:13:39 +05:00 · 2021-03-13 02:13:39 +05:00 · 0787920d97
commit 0787920d97
parent 0d28c8d5b0
6 changed files with 53 additions and 36 deletions
--- a/api/users.go
+++ b/api/users.go
@ -21,7 +21,7 @@ func getUsers(w http.ResponseWriter, r *http.Request) {
 }

 func addUser(w http.ResponseWriter, r *http.Request) {
-	var user db.User
+	var user db.UserWithPwd
 	if !helpers.Bind(w, r, &user) {
 		return
 	}
@ -75,7 +75,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) {
 	oldUser := context.Get(r, "_user").(db.User)
 	editor := context.Get(r, "user").(*db.User)

-	var user db.User
+	var user db.UserWithPwd
 	if !helpers.Bind(w, r, &user) {
 		return
 	}
--- a/cli/main.go
+++ b/cli/main.go
@ -177,7 +177,7 @@ func doSetup() int {

 	stdin := bufio.NewReader(os.Stdin)

-	var user db.User
+	var user db.UserWithPwd
 	user.Username = readNewline("\n\n > Username: ", stdin)
 	user.Username = strings.ToLower(user.Username)
 	user.Email = readNewline(" > Email: ", stdin)
@ -191,9 +191,7 @@ func doSetup() int {
 		fmt.Printf("\n Welcome back, %v! (a user with this username/email is already set up..)\n\n", existingUser.Name)
 	} else {
 		user.Name = readNewline(" > Your name: ", stdin)
-		user.Password = readNewline(" > Password: ", stdin)
-		//pwdHash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 11)
-		//util.LogWarning(err)
+		user.Pwd = readNewline(" > Password: ", stdin)

 		if _, err := store.CreateUser(user); err != nil {
 			fmt.Printf(" Inserting user failed. If you already have a user, you can disregard this error.\n %v\n", err.Error())
--- a/db/Store.go
+++ b/db/Store.go
@ -73,9 +73,9 @@ type Store interface {
 	DeleteGlobalAccessKeySoft(accessKeyID int) error

 	GetUsers(params RetrieveQueryParams) ([]User, error)
-	CreateUser(user User) (User, error)
+	CreateUser(user UserWithPwd) (User, error)
 	DeleteUser(userID int) error
-	UpdateUser(user User) error
+	UpdateUser(user UserWithPwd) error
 	SetUserPassword(userID int, password string) error
 	GetUser(userID int) (User, error)
 	GetUserByLoginOrEmail(login string, email string) (User, error)
--- a/db/User.go
+++ b/db/User.go
@ -16,3 +16,8 @@ type User struct {
 	External bool      `db:"external" json:"external"`
 	Alert    bool      `db:"alert" json:"alert"`
 }
+
+type UserWithPwd struct {
+	Pwd string    `db:"-" json:"password"`
+	User
+}
--- a/db/sql/user.go
+++ b/db/sql/user.go
@ -8,53 +8,58 @@ import (
 	"time"
 )

-func (d *SqlDb) CreateUser(user db.User) (newUser db.User, err error) {
-	pwdHash, err := bcrypt.GenerateFromPassword([]byte(user.Password), 11)
+func (d *SqlDb) CreateUser(user db.UserWithPwd) (newUser db.User, err error) {
+	pwdHash, err := bcrypt.GenerateFromPassword([]byte(user.Pwd), 11)

 	if err != nil {
 		return
 	}

-	created := db.GetParsedTime(time.Now())
+	user.Password = string(pwdHash)
+	user.Created = db.GetParsedTime(time.Now())

-	res, err := d.sql.Exec(
-		"insert into `user`(name, username, email, password, admin, created) values (?, ?, ?, ?, true, ?)",
-		user.Name,
-		user.Username,
-		user.Email,
-		pwdHash,
-		created)
+	err = d.sql.Insert(&user.User)

 	if err != nil {
 		return
 	}

-	insertID, err := res.LastInsertId()
-
-	if err != nil {
-		return
-	}
-
-	newUser = user
-	newUser.ID = int(insertID)
-	newUser.Created = created
+	newUser = user.User
 	return
 }

 func (d *SqlDb) DeleteUser(userID int) error {
 	res, err := d.sql.Exec("delete from `user` where id=?", userID)
-
 	return validateMutationResult(res, err)
 }

-func (d *SqlDb) UpdateUser(user db.User) error {
-	_, err := d.sql.Exec("update `user` set name=?, username=?, email=?, alert=?, admin=? where id=?",
-		user.Name,
-		user.Username,
-		user.Email,
-		user.Alert,
-		user.Admin,
-		user.ID)
+func (d *SqlDb) UpdateUser(user db.UserWithPwd) error {
+	var err error
+
+	if user.Pwd != "" {
+		var pwdHash []byte
+		pwdHash, err = bcrypt.GenerateFromPassword([]byte(user.Pwd), 11)
+		if err != nil {
+			return err
+		}
+		_, err = d.sql.Exec(
+			"update user set name=?, username=?, email=?, alert=?, admin=?, password=? where id=?",
+			user.Name,
+			user.Username,
+			user.Email,
+			user.Alert,
+			user.Admin,
+			string(pwdHash),
+			user.ID)
+	} else {
+		_, err = d.sql.Exec("update `user` set name=?, username=?, email=?, alert=?, admin=? where id=?",
+			user.Name,
+			user.Username,
+			user.Email,
+			user.Alert,
+			user.Admin,
+			user.ID)
+	}

 	return err
 }
--- a/web2/src/components/UserForm.vue
+++ b/web2/src/components/UserForm.vue
@ -35,6 +35,15 @@
      :disabled="formSaving"
    ></v-text-field>

+    <v-text-field
+      v-model="item.password"
+      label="Password"
+      type="password"
+      :required="isNew"
+      :rules="isNew ? [v => !!v || 'Password is required'] : []"
+      :disabled="formSaving"
+    ></v-text-field>
+
    <v-checkbox
      v-model="item.admin"
      label="Admin user"