Add saving a password hash with a link share
This commit is contained in:
parent
4cf79625f8
commit
96553f7f7d
|
@ -23,6 +23,7 @@ import (
|
|||
|
||||
type linkShares20210411113105 struct {
|
||||
Password string `xorm:"text null"`
|
||||
SharingType int `xorm:"bigint INDEX not null default 0"`
|
||||
}
|
||||
|
||||
func (linkShares20210411113105) TableName() string {
|
||||
|
@ -34,6 +35,12 @@ func init() {
|
|||
ID: "20210411113105",
|
||||
Description: "Add password field to link shares",
|
||||
Migrate: func(tx *xorm.Engine) error {
|
||||
|
||||
// Make all existing share links type 1 (no password)
|
||||
if _, err := tx.Update(&linkShares20210411113105{SharingType: 1}); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return tx.Sync2(linkShares20210411113105{})
|
||||
},
|
||||
Rollback: func(tx *xorm.Engine) error {
|
||||
|
|
|
@ -132,7 +132,19 @@ func (share *LinkSharing) Create(s *xorm.Session, a web.Auth) (err error) {
|
|||
|
||||
share.SharedByID = a.GetID()
|
||||
share.Hash = utils.MakeRandomString(40)
|
||||
|
||||
if share.Password != "" {
|
||||
share.SharingType = SharingTypeWithPassword
|
||||
share.Password, err = user.HashPassword(share.Password)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
} else {
|
||||
share.SharingType = SharingTypeWithoutPassword
|
||||
}
|
||||
|
||||
_, err = s.Insert(share)
|
||||
share.Password = ""
|
||||
share.SharedBy, _ = user.GetFromAuth(a)
|
||||
return
|
||||
}
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
// Vikunja is a to-do list application to facilitate your life.
|
||||
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public Licensee for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public Licensee
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package models
|
||||
|
||||
import (
|
||||
"code.vikunja.io/api/pkg/db"
|
||||
"code.vikunja.io/api/pkg/user"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestLinkSharing_Create(t *testing.T) {
|
||||
doer := &user.User{ID: 1}
|
||||
|
||||
t.Run("normal", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
share := &LinkSharing{
|
||||
ListID: 1,
|
||||
Right: RightRead,
|
||||
}
|
||||
err := share.Create(s, doer)
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, share.Hash)
|
||||
assert.NotEmpty(t, share.ID)
|
||||
assert.Equal(t, SharingTypeWithoutPassword, share.SharingType)
|
||||
db.AssertExists(t, "link_shares", map[string]interface{}{
|
||||
"id": share.ID,
|
||||
}, false)
|
||||
})
|
||||
t.Run("invalid right", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
share := &LinkSharing{
|
||||
ListID: 1,
|
||||
Right: Right(123),
|
||||
}
|
||||
err := share.Create(s, doer)
|
||||
|
||||
assert.Error(t, err)
|
||||
assert.True(t, IsErrInvalidRight(err))
|
||||
})
|
||||
t.Run("password should be hashed", func(t *testing.T) {
|
||||
db.LoadAndAssertFixtures(t)
|
||||
s := db.NewSession()
|
||||
defer s.Close()
|
||||
|
||||
share := &LinkSharing{
|
||||
ListID: 1,
|
||||
Right: RightRead,
|
||||
Password: "somePassword",
|
||||
}
|
||||
err := share.Create(s, doer)
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.NotEmpty(t, share.Hash)
|
||||
assert.NotEmpty(t, share.ID)
|
||||
assert.Empty(t, share.Password)
|
||||
db.AssertExists(t, "link_shares", map[string]interface{}{
|
||||
"id": share.ID,
|
||||
"sharing_type": SharingTypeWithPassword,
|
||||
}, false)
|
||||
})
|
||||
}
|
|
@ -400,7 +400,7 @@ func UpdateUserPassword(s *xorm.Session, user *User, newPassword string) (err er
|
|||
}
|
||||
|
||||
// Hash the new password and set it
|
||||
hashed, err := hashPassword(newPassword)
|
||||
hashed, err := HashPassword(newPassword)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
|
|||
|
||||
if user.Issuer == issuerLocal {
|
||||
// Hash the password
|
||||
user.Password, err = hashPassword(user.Password)
|
||||
user.Password, err = HashPassword(user.Password)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -98,7 +98,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
|
|||
}
|
||||
|
||||
// HashPassword hashes a password
|
||||
func hashPassword(password string) (string, error) {
|
||||
func HashPassword(password string) (string, error) {
|
||||
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 11)
|
||||
return string(bytes), err
|
||||
}
|
||||
|
|
|
@ -57,7 +57,7 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
|||
}
|
||||
|
||||
// Hash the password
|
||||
user.Password, err = hashPassword(reset.NewPassword)
|
||||
user.Password, err = HashPassword(reset.NewPassword)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue