fix(users): update user stomped on admin
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
6c6a6dd329
commit
8e81acd381
@ -879,6 +879,7 @@ func (api *API) appEditSettings(c *gin.Context) {
|
|||||||
|
|
||||||
newUserSettings := database.UpdateUserParams{
|
newUserSettings := database.UpdateUserParams{
|
||||||
UserID: auth.UserName,
|
UserID: auth.UserName,
|
||||||
|
Admin: auth.IsAdmin,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set New Password
|
// Set New Password
|
||||||
|
|||||||
27
api/auth.go
27
api/auth.go
@ -43,7 +43,7 @@ func (api *API) authorizeCredentials(username string, password string) (auth *au
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update Auth Cache
|
// Update auth cache
|
||||||
api.userAuthCache[user.ID] = *user.AuthHash
|
api.userAuthCache[user.ID] = *user.AuthHash
|
||||||
|
|
||||||
return &authData{
|
return &authData{
|
||||||
@ -413,30 +413,6 @@ func (api *API) getUserAuthHash(username string) (string, error) {
|
|||||||
return api.userAuthCache[username], nil
|
return api.userAuthCache[username], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (api *API) rotateUserAuthHash(username string) error {
|
|
||||||
// Generate Auth Hash
|
|
||||||
rawAuthHash, err := utils.GenerateToken(64)
|
|
||||||
if err != nil {
|
|
||||||
log.Error("Failed to generate user token: ", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update User
|
|
||||||
authHash := fmt.Sprintf("%x", rawAuthHash)
|
|
||||||
if _, err = api.db.Queries.UpdateUser(api.db.Ctx, database.UpdateUserParams{
|
|
||||||
UserID: username,
|
|
||||||
AuthHash: &authHash,
|
|
||||||
}); err != nil {
|
|
||||||
log.Error("UpdateUser DB Error: ", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Update Cache
|
|
||||||
api.userAuthCache[username] = fmt.Sprintf("%x", rawAuthHash)
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (api *API) rotateAllAuthHashes() error {
|
func (api *API) rotateAllAuthHashes() error {
|
||||||
// Do Transaction
|
// Do Transaction
|
||||||
tx, err := api.db.DB.Begin()
|
tx, err := api.db.DB.Begin()
|
||||||
@ -467,6 +443,7 @@ func (api *API) rotateAllAuthHashes() error {
|
|||||||
if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
|
if _, err = qtx.UpdateUser(api.db.Ctx, database.UpdateUserParams{
|
||||||
UserID: user.ID,
|
UserID: user.ID,
|
||||||
AuthHash: &authHash,
|
AuthHash: &authHash,
|
||||||
|
Admin: user.Admin,
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@ -369,7 +369,8 @@ UPDATE users
|
|||||||
SET
|
SET
|
||||||
pass = COALESCE($password, pass),
|
pass = COALESCE($password, pass),
|
||||||
auth_hash = COALESCE($auth_hash, auth_hash),
|
auth_hash = COALESCE($auth_hash, auth_hash),
|
||||||
time_offset = COALESCE($time_offset, time_offset)
|
time_offset = COALESCE($time_offset, time_offset),
|
||||||
|
admin = COALESCE($admin, admin)
|
||||||
WHERE id = $user_id
|
WHERE id = $user_id
|
||||||
RETURNING *;
|
RETURNING *;
|
||||||
|
|
||||||
|
|||||||
@ -1251,8 +1251,9 @@ UPDATE users
|
|||||||
SET
|
SET
|
||||||
pass = COALESCE(?1, pass),
|
pass = COALESCE(?1, pass),
|
||||||
auth_hash = COALESCE(?2, auth_hash),
|
auth_hash = COALESCE(?2, auth_hash),
|
||||||
time_offset = COALESCE(?3, time_offset)
|
time_offset = COALESCE(?3, time_offset),
|
||||||
WHERE id = ?4
|
admin = COALESCE(?4, admin)
|
||||||
|
WHERE id = ?5
|
||||||
RETURNING id, pass, auth_hash, admin, time_offset, created_at
|
RETURNING id, pass, auth_hash, admin, time_offset, created_at
|
||||||
`
|
`
|
||||||
|
|
||||||
@ -1260,6 +1261,7 @@ type UpdateUserParams struct {
|
|||||||
Password *string `json:"-"`
|
Password *string `json:"-"`
|
||||||
AuthHash *string `json:"auth_hash"`
|
AuthHash *string `json:"auth_hash"`
|
||||||
TimeOffset *string `json:"time_offset"`
|
TimeOffset *string `json:"time_offset"`
|
||||||
|
Admin bool `json:"-"`
|
||||||
UserID string `json:"user_id"`
|
UserID string `json:"user_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1268,6 +1270,7 @@ func (q *Queries) UpdateUser(ctx context.Context, arg UpdateUserParams) (User, e
|
|||||||
arg.Password,
|
arg.Password,
|
||||||
arg.AuthHash,
|
arg.AuthHash,
|
||||||
arg.TimeOffset,
|
arg.TimeOffset,
|
||||||
|
arg.Admin,
|
||||||
arg.UserID,
|
arg.UserID,
|
||||||
)
|
)
|
||||||
var i User
|
var i User
|
||||||
|
|||||||
@ -2,13 +2,32 @@
|
|||||||
{{ define "title" }}Admin - Users{{ end }}
|
{{ define "title" }}Admin - Users{{ end }}
|
||||||
{{ define "header" }}<a class="whitespace-pre" href="../admin">Admin - Users</a>{{ end }}
|
{{ define "header" }}<a class="whitespace-pre" href="../admin">Admin - Users</a>{{ end }}
|
||||||
{{ define "content" }}
|
{{ define "content" }}
|
||||||
<div class="overflow-x-auto">
|
<div class="relative h-full overflow-x-auto">
|
||||||
<div class="inline-block min-w-full overflow-hidden rounded shadow">
|
<input type="checkbox" id="add-button" class="hidden peer/add" />
|
||||||
|
<div class="absolute top-10 left-10 p-3 transition-all duration-200 bg-gray-200 rounded shadow-lg shadow-gray-500 dark:shadow-gray-900 dark:bg-gray-600 hidden peer-checked/add:block">
|
||||||
|
<form method="POST"
|
||||||
|
action="./users"
|
||||||
|
class="flex flex-col gap-2 text-black dark:text-white text-sm">
|
||||||
|
<input type="text"
|
||||||
|
id="username"
|
||||||
|
name="username"
|
||||||
|
placeholder="User"
|
||||||
|
class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
|
||||||
|
<input type="password"
|
||||||
|
id="password"
|
||||||
|
name="password"
|
||||||
|
placeholder="Password"
|
||||||
|
class="p-2 bg-gray-300 text-black dark:bg-gray-700 dark:text-white" />
|
||||||
|
<button class="font-medium px-2 py-1 text-white bg-gray-500 dark:text-gray-800 hover:bg-gray-800 dark:hover:bg-gray-100"
|
||||||
|
type="submit">Create</button>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
<div class="min-w-full overflow-hidden rounded shadow">
|
||||||
<table class="min-w-full leading-normal bg-white dark:bg-gray-700 text-sm">
|
<table class="min-w-full leading-normal bg-white dark:bg-gray-700 text-sm">
|
||||||
<thead class="text-gray-800 dark:text-gray-400">
|
<thead class="text-gray-800 dark:text-gray-400">
|
||||||
<tr>
|
<tr>
|
||||||
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 w-12">
|
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 w-12">
|
||||||
{{ template "svg/add" }}
|
<label class="cursor-pointer" for="add-button">{{ template "svg/add" }}</label>
|
||||||
</th>
|
</th>
|
||||||
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800">User</th>
|
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800">User</th>
|
||||||
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 text-center">
|
<th class="p-3 font-normal text-left uppercase border-b border-gray-200 dark:border-gray-800 text-center">
|
||||||
@ -25,7 +44,9 @@
|
|||||||
{{ end }}
|
{{ end }}
|
||||||
{{ range $user := .Data }}
|
{{ range $user := .Data }}
|
||||||
<tr>
|
<tr>
|
||||||
<td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400">{{ template "svg/delete" }}</td>
|
<td class="p-3 border-b border-gray-200 text-gray-800 dark:text-gray-400 cursor-pointer">
|
||||||
|
{{ template "svg/delete" }}
|
||||||
|
</td>
|
||||||
<td class="p-3 border-b border-gray-200">
|
<td class="p-3 border-b border-gray-200">
|
||||||
<p>{{ $user.ID }}</p>
|
<p>{{ $user.ID }}</p>
|
||||||
</td>
|
</td>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user