fix(users): update user stomped on admin
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
6c6a6dd329
commit
8e81acd381
@ -879,6 +879,7 @@ func (api *API) appEditSettings(c *gin.Context) {
|
||||
|
||||
newUserSettings := database.UpdateUserParams{
|
||||
UserID: auth.UserName,
|
||||
Admin: auth.IsAdmin,
|
||||
}
|
||||
|
||||
// Set New Password
|
||||
|
||||
27
api/auth.go
27
api/auth.go
@ -43,7 +43,7 @@ func (api *API) authorizeCredentials(username string, password string) (auth *au
|
||||
return
|
||||
}
|
||||
|
||||
// Update Auth Cache
|
||||
// Update auth cache
|
||||
api.userAuthCache[user.ID] = *user.AuthHash
|
||||
|
||||
return &authData{
|
||||
@ -413,30 +413,6 @@ func (api *API) getUserAuthHash(username string) (string, error) {
|
||||
return api.userAuthCache[username], nil
|
||||
}
|
||||
|
||||
func (api *API) rotateUserAuthHash(username string) error {
|
||||
// Generate Auth Hash
|
||||
rawAuthHash, err := utils.GenerateToken(64)
|
||||
if err != nil {
|
||||
log.Error("Failed to generate user token: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// Update User
|
||||
authHash := fmt.Sprintf("%x", rawAuthHash)
|
||||
if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
|
||||
UserID: username,
|
||||
AuthHash: &authHash,
|
||||
}); err != nil {
|
||||
log.Error("UpdateUser DB Error: ", err)
|
||||
return err
|
||||
}
|
||||
|
||||
// Update Cache
|
||||
api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (api *API) rotateAllAuthHashes() error {
|
||||
// Do Transaction
|
||||
tx, err := api.db.DB.Begin()
|
||||
@ -467,6 +443,7 @@ func (api *API) rotateAllAuthHashes() error {
|
||||
if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
|
||||
UserID: user.ID,
|
||||
AuthHash: &authHash,
|
||||
Admin: user.Admin,
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -369,7 +369,8 @@ UPDATE users
|
||||
SET
|
||||
pass = COALESCE($password, pass),
|
||||
auth_hash = COALESCE($auth_hash, auth_hash),
|
||||
time_offset = COALESCE($time_offset, time_offset)
|
||||
time_offset = COALESCE($time_offset, time_offset),
|
||||
admin = COALESCE($admin, admin)
|
||||
WHERE id = $user_id
|
||||
RETURNING *;
|
||||
|
||||
|
||||
@ -1251,8 +1251,9 @@ UPDATE users
|
||||
SET
|
||||
pass = COALESCE(?1, pass),
|
||||
auth_hash = COALESCE(?2, auth_hash),
|
||||
time_offset = COALESCE(?3, time_offset)
|
||||
WHERE id = ?4
|
||||
time_offset = COALESCE(?3, time_offset),
|
||||
admin = COALESCE(?4, admin)
|
||||
WHERE id = ?5
|
||||
RETURNING id, pass, auth_hash, admin, time_offset, created_at
|
||||
`
|
||||
|
||||
@ -1260,6 +1261,7 @@ type UpdateUserParams struct {
|
||||
Password *string `json:"-"`
|
||||
AuthHash *string `json:"auth_hash"`
|
||||
TimeOffset *string `json:"time_offset"`
|
||||
Admin bool `json:"-"`
|
||||
UserID string `json:"user_id"`
|
||||
}
|
||||
|
||||
@ -1268,6 +1270,7 @@ func (q *Queries) UpdateUser(ctx context.Context, arg UpdateUserParams) (User, e
|
||||
arg.Password,
|
||||
arg.AuthHash,
|
||||
arg.TimeOffset,
|
||||
arg.Admin,
|
||||
arg.UserID,
|
||||
)
|
||||
var i User
|
||||
|
||||
@ -2,13 +2,32 @@
|
||||
{{ define "title" }}Admin - Users{{ end }}
|
||||
{{ define "header" }}<a class="whitespace-pre" href="../admin">Admin - Users</a>{{ end }}
|
||||
{{ define "content" }}
|
||||
<div class="overflow-x-auto">
|
||||
<div class="inline-block min-w-full overflow-hidden rounded shadow">
|
||||
<div class="relative h-full overflow-x-auto">
|
||||
<input type="checkbox" id="add-button" class="hidden peer/add" />
|
||||
<div class="absolute top-10 left-10 p-3 transition-all duration-200 bg-gray-200 rounded shadow-lg shadow-gray-500 dark:shadow-gray-900 dark:bg-gray-600 hidden peer-checked/add:block">
|
||||
<form method="POST"
|
||||
action="./users"
|
||||
class="flex flex-col gap-2 text-black dark:text-white text-sm">
|
||||
<input type="text"
|
||||
id="username"
|
||||
name="username"
|
||||
placeholder="User"
|
||||
class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
|
||||
<input type="password"
|
||||
id="password"
|
||||
name="password"
|
||||
placeholder="Password"
|
||||
class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
|
||||
<button class="font-medium px-2 py-1 text-white bg-gray-500 dark:text-gray-800 hover:bg-gray-800 dark:hover:bg-gray-100"
|
||||
type="submit">Create</button>
|
||||
</form>
|
||||
</div>
|
||||
<div class="min-w-full overflow-hidden rounded shadow">
|
||||
<table class="min-w-full leading-normal bg-white dark:bg-gray-700 text-sm">
|
||||
<thead class="text-gray-800 dark:text-gray-400">
|
||||
<tr>
|
||||
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 w-12">
|
||||
{{ template "svg/add" }}
|
||||
<label class="cursor-pointer" for="add-button">{{ template "svg/add" }}</label>
|
||||
</th>
|
||||
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800">User</th>
|
||||
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 text-center">
|
||||
@ -25,7 +44,9 @@
|
||||
{{ end }}
|
||||
{{ range $user := .Data }}
|
||||
<tr>
|
||||
<td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400">{{ template "svg/delete" }}</td>
|
||||
<td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400 cursor-pointer">
|
||||
{{ template "svg/delete" }}
|
||||
</td>
|
||||
<td class="p-3 border-b border-gray-200">
|
||||
<p>{{ $user.ID }}</p>
|
||||
</td>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user