fix(users): update user stomped on admin
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Evan Reichard 2024-03-10 21:48:43 -04:00
parent 6c6a6dd329
commit 8e81acd381
6 changed files with 36 additions and 33 deletions

View File

@ -879,6 +879,7 @@ func (api *API) appEditSettings(c *gin.Context) {
newUserSettings := database.UpdateUserParams{ newUserSettings := database.UpdateUserParams{
UserID: auth.UserName, UserID: auth.UserName,
Admin: auth.IsAdmin,
} }
// Set New Password // Set New Password

View File

@ -43,7 +43,7 @@ func (api *API) authorizeCredentials(username string, password string) (auth *au
return return
} }
// Update Auth Cache // Update auth cache
api.userAuthCache[user.ID] = *user.AuthHash api.userAuthCache[user.ID] = *user.AuthHash
return &authData{ return &authData{
@ -413,30 +413,6 @@ func (api *API) getUserAuthHash(username string) (string, error) {
return api.userAuthCache[username], nil return api.userAuthCache[username], nil
} }
func (api *API) rotateUserAuthHash(username string) error {
// Generate Auth Hash
rawAuthHash, err := utils.GenerateToken(64)
if err != nil {
log.Error("Failed to generate user token: ", err)
return err
}
// Update User
authHash := fmt.Sprintf("%x", rawAuthHash)
if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
UserID: username,
AuthHash: &authHash,
}); err != nil {
log.Error("UpdateUser DB Error: ", err)
return err
}
// Update Cache
api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash)
return nil
}
func (api *API) rotateAllAuthHashes() error { func (api *API) rotateAllAuthHashes() error {
// Do Transaction // Do Transaction
tx, err := api.db.DB.Begin() tx, err := api.db.DB.Begin()
@ -467,6 +443,7 @@ func (api *API) rotateAllAuthHashes() error {
if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{ if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
UserID: user.ID, UserID: user.ID,
AuthHash: &authHash, AuthHash: &authHash,
Admin: user.Admin,
}); err != nil { }); err != nil {
return err return err
} }

File diff suppressed because one or more lines are too long

View File

@ -369,7 +369,8 @@ UPDATE users
SET SET
pass = COALESCE($password, pass), pass = COALESCE($password, pass),
auth_hash = COALESCE($auth_hash, auth_hash), auth_hash = COALESCE($auth_hash, auth_hash),
time_offset = COALESCE($time_offset, time_offset) time_offset = COALESCE($time_offset, time_offset),
admin = COALESCE($admin, admin)
WHERE id = $user_id WHERE id = $user_id
RETURNING *; RETURNING *;

View File

@ -1251,8 +1251,9 @@ UPDATE users
SET SET
pass = COALESCE(?1, pass), pass = COALESCE(?1, pass),
auth_hash = COALESCE(?2, auth_hash), auth_hash = COALESCE(?2, auth_hash),
time_offset = COALESCE(?3, time_offset) time_offset = COALESCE(?3, time_offset),
WHERE id = ?4 admin = COALESCE(?4, admin)
WHERE id = ?5
RETURNING id, pass, auth_hash, admin, time_offset, created_at RETURNING id, pass, auth_hash, admin, time_offset, created_at
` `
@ -1260,6 +1261,7 @@ type UpdateUserParams struct {
Password *string `json:"-"` Password *string `json:"-"`
AuthHash *string `json:"auth_hash"` AuthHash *string `json:"auth_hash"`
TimeOffset *string `json:"time_offset"` TimeOffset *string `json:"time_offset"`
Admin bool `json:"-"`
UserID string `json:"user_id"` UserID string `json:"user_id"`
} }
@ -1268,6 +1270,7 @@ func (q *Queries) UpdateUser(ctx context.Context, arg UpdateUserParams) (User, e
arg.Password, arg.Password,
arg.AuthHash, arg.AuthHash,
arg.TimeOffset, arg.TimeOffset,
arg.Admin,
arg.UserID, arg.UserID,
) )
var i User var i User

View File

@ -2,13 +2,32 @@
{{ define "title" }}Admin - Users{{ end }} {{ define "title" }}Admin - Users{{ end }}
{{ define "header" }}<a class="whitespace-pre" href="../admin">Admin - Users</a>{{ end }} {{ define "header" }}<a class="whitespace-pre" href="../admin">Admin - Users</a>{{ end }}
{{ define "content" }} {{ define "content" }}
<div class="overflow-x-auto"> <div class="relative h-full overflow-x-auto">
<div class="inline-block min-w-full overflow-hidden rounded shadow"> <input type="checkbox" id="add-button" class="hidden peer/add" />
<div class="absolute top-10 left-10 p-3 transition-all duration-200 bg-gray-200 rounded shadow-lg shadow-gray-500 dark:shadow-gray-900 dark:bg-gray-600 hidden peer-checked/add:block">
<form method="POST"
action="./users"
class="flex flex-col gap-2 text-black dark:text-white text-sm">
<input type="text"
id="username"
name="username"
placeholder="User"
class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
<input type="password"
id="password"
name="password"
placeholder="Password"
class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
<button class="font-medium px-2 py-1 text-white bg-gray-500 dark:text-gray-800 hover:bg-gray-800 dark:hover:bg-gray-100"
type="submit">Create</button>
</form>
</div>
<div class="min-w-full overflow-hidden rounded shadow">
<table class="min-w-full leading-normal bg-white dark:bg-gray-700 text-sm"> <table class="min-w-full leading-normal bg-white dark:bg-gray-700 text-sm">
<thead class="text-gray-800 dark:text-gray-400"> <thead class="text-gray-800 dark:text-gray-400">
<tr> <tr>
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 w-12"> <th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 w-12">
{{ template "svg/add" }} <label class="cursor-pointer" for="add-button">{{ template "svg/add" }}</label>
</th> </th>
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800">User</th> <th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800">User</th>
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 text-center"> <th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 text-center">
@ -25,7 +44,9 @@
{{ end }} {{ end }}
{{ range $user := .Data }} {{ range $user := .Data }}
<tr> <tr>
<td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400">{{ template "svg/delete" }}</td> <td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400 cursor-pointer">
{{ template "svg/delete" }}
</td>
<td class="p-3 border-b border-gray-200"> <td class="p-3 border-b border-gray-200">
<p>{{ $user.ID }}</p> <p>{{ $user.ID }}</p>
</td> </td>