fix(settings): auth hash accidentally overridden

2024-01-28 22:17:58 -05:00 · 2024-01-28 22:17:58 -05:00 · 622dcd5702
commit 622dcd5702
parent a86e2520ef
5 changed files with 21 additions and 12 deletions
--- a/api/auth.go
+++ b/api/auth.go
@ -44,12 +44,12 @@ func (api *API) authorizeCredentials(username string, password string) (auth *au
 	}

 	// Update Auth Cache
-	api.userAuthCache[user.ID] = user.AuthHash
+	api.userAuthCache[user.ID] = *user.AuthHash

 	return &authData{
 		UserName: user.ID,
 		IsAdmin:  user.Admin,
-		AuthHash: user.AuthHash,
+		AuthHash: *user.AuthHash,
 	}
 }

@ -215,10 +215,11 @@ func (api *API) appAuthRegister(c *gin.Context) {
 	}

 	// Create User in DB
+	authHash := fmt.Sprintf("%x", rawAuthHash)
 	rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
 		ID:       username,
 		Pass:     &hashedPassword,
-		AuthHash: fmt.Sprintf("%x", rawAuthHash),
+		AuthHash: &authHash,
 	})

 	// SQL Error
@ -250,7 +251,7 @@ func (api *API) appAuthRegister(c *gin.Context) {
 	auth := authData{
 		UserName: user.ID,
 		IsAdmin:  user.Admin,
-		AuthHash: user.AuthHash,
+		AuthHash: *user.AuthHash,
 	}
 	session := sessions.Default(c)
 	if err := api.setSession(session, auth); err != nil {
@ -303,10 +304,11 @@ func (api *API) koAuthRegister(c *gin.Context) {
 		return
 	}

+	authHash := fmt.Sprintf("%x", rawAuthHash)
 	rows, err := api.db.Queries.CreateUser(api.db.Ctx, database.CreateUserParams{
 		ID:       rUser.Username,
 		Pass:     &hashedPassword,
-		AuthHash: fmt.Sprintf("%x", rawAuthHash),
+		AuthHash: &authHash,
 	})
 	if err != nil {
 		log.Error("CreateUser DB Error:", err)
@ -383,7 +385,7 @@ func (api *API) getUserAuthHash(username string) (string, error) {
 	}

 	// Update Cache
-	api.userAuthCache[username] = user.AuthHash
+	api.userAuthCache[username] = *user.AuthHash

 	return api.userAuthCache[username], nil
 }
@ -397,9 +399,10 @@ func (api *API) rotateUserAuthHash(username string) error {
 	}

 	// Update User
+	authHash := fmt.Sprintf("%x", rawAuthHash)
 	if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
 		UserID:   username,
-		AuthHash: fmt.Sprintf("%x", rawAuthHash),
+		AuthHash: &authHash,
 	}); err != nil {
 		log.Error("UpdateUser DB Error: ", err)
 		return err
@ -437,9 +440,10 @@ func (api *API) rotateAllAuthHashes() error {
 		}

 		// Update User
+		authHash := fmt.Sprintf("%x", rawAuthHash)
 		if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
 			UserID:   user.ID,
-			AuthHash: fmt.Sprintf("%x", rawAuthHash),
+			AuthHash: &authHash,
 		}); err != nil {
 			return err
 		}
--- a/database/manager_test.go
+++ b/database/manager_test.go
@ -50,10 +50,11 @@ func (dt *databaseTest) TestUser() {
 			t.Fatalf(`Expected: %v, Got: %v, Error: %v`, nil, err, err)
 		}

+		authHash := fmt.Sprintf("%x", rawAuthHash)
 		changed, err := dt.dbm.Queries.CreateUser(dt.dbm.Ctx, CreateUserParams{
 			ID:       userID,
 			Pass:     &userPass,
-			AuthHash: fmt.Sprintf("%x", rawAuthHash),
+			AuthHash: &authHash,
 		})

 		if err != nil || changed != 1 {
--- a/database/models.go
+++ b/database/models.go
@ -96,7 +96,7 @@ type Metadatum struct {
 type User struct {
 	ID         string  `json:"id"`
 	Pass       *string `json:"-"`
-	AuthHash   string  `json:"auth_hash"`
+	AuthHash   *string `json:"auth_hash"`
 	Admin      bool    `json:"-"`
 	TimeOffset *string `json:"time_offset"`
 	CreatedAt  string  `json:"created_at"`
--- a/database/query.sql.go
+++ b/database/query.sql.go
@ -121,7 +121,7 @@ ON CONFLICT DO NOTHING
 type CreateUserParams struct {
 	ID       string  `json:"id"`
 	Pass     *string `json:"-"`
-	AuthHash string  `json:"auth_hash"`
+	AuthHash *string `json:"auth_hash"`
 }

 func (q *Queries) CreateUser(ctx context.Context, arg CreateUserParams) (int64, error) {
@ -1225,7 +1225,7 @@ RETURNING id, pass, auth_hash, admin, time_offset, created_at

 type UpdateUserParams struct {
 	Password   *string `json:"-"`
-	AuthHash   string  `json:"auth_hash"`
+	AuthHash   *string `json:"auth_hash"`
 	TimeOffset *string `json:"time_offset"`
 	UserID     string  `json:"user_id"`
 }
--- a/sqlc.yaml
+++ b/sqlc.yaml
@ -123,6 +123,10 @@ sql:
            go_type:
              type: "string"
              pointer: true
+          - column: "users.auth_hash"
+            go_type:
+              type: "string"
+              pointer: true

          # Override Time
          - db_type: "DATETIME"