Fix add/update salted password.

2025-05-23 02:35:49 +08:00 · 2021-05-16 21:04:26 +08:00 · 2021-05-16 21:04:26 +08:00 · 4b9ce5f401
commit 4b9ce5f401
parent 18806f07a8
5 changed files with 30 additions and 4 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@ -85,6 +85,7 @@ p, *, *, GET, /api/get-default-application, *, *
 p, *, *, GET, /api/get-default-providers, *, *
 p, *, *, POST, /api/upload-avatar, *, *
 p, *, *, POST, /api/unlink, *, *
+p, *, *, POST, /api/set-password, *, *
 `

 		sa := stringadapter.NewAdapter(ruleText)
--- a/controllers/user.go
+++ b/controllers/user.go
@ -153,8 +153,9 @@ func (c *ApiController) SetPassword() {
 		return
 	}

-	if oldPassword != targetUser.Password {
-		c.ResponseError("Old password wrong.")
+	msg := object.CheckPassword(targetUser, oldPassword)
+	if msg != "" {
+		c.ResponseError(msg)
 		return
 	}

--- a/object/check.go
+++ b/object/check.go
@ -57,7 +57,7 @@ func CheckUserSignup(organizationName string, username string, password string,
 	}
 }

-func checkPassword(user *User, password string) string {
+func CheckPassword(user *User, password string) string {
 	organization := getOrganization("admin", user.Owner)

 	if organization.PasswordType == "plain" {
@ -87,7 +87,7 @@ func CheckUserLogin(organization string, username string, password string) (*Use
 		return nil, "the user is forbidden to sign in, please contact the administrator"
 	}

-	msg := checkPassword(user, password)
+	msg := CheckPassword(user, password)
 	if msg != "" {
 		return nil, msg
 	}
--- a/object/organization.go
+++ b/object/organization.go
@ -105,3 +105,7 @@ func GetOrganizationByName(name string) *Organization {
 	}
 	return &ret
 }
+
+func getOrganizationByUser(user *User) *Organization {
+	return getOrganization("admin", user.Owner)
+}
--- a/object/user.go
+++ b/object/user.go
@ -117,6 +117,8 @@ func AddUser(user *User) bool {
 	user.Id = util.GenerateId()
 	user.UpdateUserHash()
 	user.PreHash = user.Hash
+	organization := getOrganizationByUser(user)
+	user.UpdateUserPassword(organization)

 	affected, err := adapter.Engine.Insert(user)
 	if err != nil {
@ -127,9 +129,15 @@ func AddUser(user *User) bool {
 }

 func AddUsers(users []*User) bool {
+	if len(users) == 0 {
+		return false
+	}
+
+	organization := getOrganizationByUser(users[0])
 	for _, user := range users {
 		user.UpdateUserHash()
 		user.PreHash = user.Hash
+		user.UpdateUserPassword(organization)
 	}

 	affected, err := adapter.Engine.Insert(users)
@ -215,6 +223,12 @@ func GetUserByFields(organization string, field string) *User {
 }

 func SetUserField(user *User, field string, value string) bool {
+	if field == "password" {
+		organization := getOrganizationByUser(user)
+		user.UpdateUserPassword(organization)
+		value = user.Password
+	}
+
 	affected, err := adapter.Engine.Table(user).ID(core.PK{user.Owner, user.Name}).Update(map[string]interface{}{field: value})
 	if err != nil {
 		panic(err)
@ -258,6 +272,12 @@ func (user *User) UpdateUserHash() {
 	user.Hash = hash
 }

+func (user *User) UpdateUserPassword(organization *Organization) {
+	if organization.PasswordType == "salt" {
+		user.Password = getSaltedPassword(user.Password, organization.PasswordSalt)
+	}
+}
+
 func (user *User) GetId() string {
 	return fmt.Sprintf("%s/%s", user.Owner, user.Name)
 }