mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-28 21:25:55 +01:00
Merge pull request #5 from wknet123/fix_password_controller
fixed codes about changing password processes.
This commit is contained in:
commit
ce5fcc1e1e
@ -43,15 +43,19 @@ func (cpc *ChangePasswordController) Get() {
|
|||||||
func (cpc *CommonController) UpdatePassword() {
|
func (cpc *CommonController) UpdatePassword() {
|
||||||
|
|
||||||
sessionUserId := cpc.GetSession("userId")
|
sessionUserId := cpc.GetSession("userId")
|
||||||
sessionUsername := cpc.GetSession("username")
|
|
||||||
|
|
||||||
if sessionUserId == nil || sessionUsername == nil {
|
if sessionUserId == nil {
|
||||||
beego.Warning("User does not login.")
|
beego.Warning("User does not login.")
|
||||||
cpc.CustomAbort(401, "please_login_first")
|
cpc.CustomAbort(401, "please_login_first")
|
||||||
}
|
}
|
||||||
|
|
||||||
oldPassword := cpc.GetString("old_password")
|
oldPassword := cpc.GetString("old_password")
|
||||||
queryUser := models.User{UserId: sessionUserId.(int), Username: sessionUsername.(string), Password: oldPassword}
|
if oldPassword == "" {
|
||||||
|
beego.Error("Old password is blank")
|
||||||
|
cpc.CustomAbort(400, "Old password is blank")
|
||||||
|
}
|
||||||
|
|
||||||
|
queryUser := models.User{UserId: sessionUserId.(int), Password: oldPassword}
|
||||||
user, err := dao.CheckUserPassword(queryUser)
|
user, err := dao.CheckUserPassword(queryUser)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in CheckUserPassword:", err)
|
beego.Error("Error occurred in CheckUserPassword:", err)
|
||||||
@ -65,10 +69,14 @@ func (cpc *CommonController) UpdatePassword() {
|
|||||||
|
|
||||||
password := cpc.GetString("password")
|
password := cpc.GetString("password")
|
||||||
if password != "" {
|
if password != "" {
|
||||||
updateUser := models.User{UserId: sessionUserId.(int), Username: sessionUsername.(string), Password: password, Salt: user.Salt}
|
updateUser := models.User{UserId: sessionUserId.(int), Password: password, Salt: user.Salt}
|
||||||
dao.ChangeUserPassword(updateUser)
|
err = dao.ChangeUserPassword(updateUser, oldPassword)
|
||||||
|
if err != nil {
|
||||||
|
beego.Error("Error occurred in ChangeUserPassword:", err)
|
||||||
|
cpc.CustomAbort(500, "Internal error.")
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
cpc.CustomAbort(404, "please_input_new_password")
|
cpc.CustomAbort(400, "please_input_new_password")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -90,7 +98,11 @@ func (fpc *CommonController) SendEmail() {
|
|||||||
|
|
||||||
email := fpc.GetString("email")
|
email := fpc.GetString("email")
|
||||||
|
|
||||||
if ok, _ := regexp.MatchString(`^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$`, email); ok {
|
pass, _ := regexp.MatchString(`^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$`, email)
|
||||||
|
|
||||||
|
if !pass {
|
||||||
|
fpc.CustomAbort(400, "email_content_illegal")
|
||||||
|
} else {
|
||||||
|
|
||||||
queryUser := models.User{Email: email}
|
queryUser := models.User{Email: email}
|
||||||
exist, err := dao.UserExists(queryUser, "email")
|
exist, err := dao.UserExists(queryUser, "email")
|
||||||
@ -152,8 +164,6 @@ func (fpc *CommonController) SendEmail() {
|
|||||||
user := models.User{ResetUuid: uuid, Email: email}
|
user := models.User{ResetUuid: uuid, Email: email}
|
||||||
dao.UpdateUserResetUuid(user)
|
dao.UpdateUserResetUuid(user)
|
||||||
|
|
||||||
} else {
|
|
||||||
fpc.CustomAbort(409, "email_content_illegal")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -164,8 +174,13 @@ type ResetPasswordController struct {
|
|||||||
|
|
||||||
func (rpc *ResetPasswordController) Get() {
|
func (rpc *ResetPasswordController) Get() {
|
||||||
|
|
||||||
q := rpc.GetString("q")
|
resetUuid := rpc.GetString("reset_uuid")
|
||||||
queryUser := models.User{ResetUuid: q}
|
if resetUuid == "" {
|
||||||
|
beego.Error("Reset uuid is blank.")
|
||||||
|
rpc.Redirect("/", 302)
|
||||||
|
}
|
||||||
|
|
||||||
|
queryUser := models.User{ResetUuid: resetUuid}
|
||||||
user, err := dao.GetUser(queryUser)
|
user, err := dao.GetUser(queryUser)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
beego.Error("Error occurred in GetUser:", err)
|
beego.Error("Error occurred in GetUser:", err)
|
||||||
@ -183,6 +198,9 @@ func (rpc *ResetPasswordController) Get() {
|
|||||||
func (rpc *CommonController) ResetPassword() {
|
func (rpc *CommonController) ResetPassword() {
|
||||||
|
|
||||||
resetUuid := rpc.GetString("reset_uuid")
|
resetUuid := rpc.GetString("reset_uuid")
|
||||||
|
if resetUuid == "" {
|
||||||
|
rpc.CustomAbort(400, "Reset uuid is blank.")
|
||||||
|
}
|
||||||
|
|
||||||
queryUser := models.User{ResetUuid: resetUuid}
|
queryUser := models.User{ResetUuid: resetUuid}
|
||||||
user, err := dao.GetUser(queryUser)
|
user, err := dao.GetUser(queryUser)
|
||||||
@ -190,13 +208,21 @@ func (rpc *CommonController) ResetPassword() {
|
|||||||
beego.Error("Error occurred in GetUser:", err)
|
beego.Error("Error occurred in GetUser:", err)
|
||||||
rpc.CustomAbort(500, "Internal error.")
|
rpc.CustomAbort(500, "Internal error.")
|
||||||
}
|
}
|
||||||
|
if user == nil {
|
||||||
|
beego.Error("User does not exist")
|
||||||
|
rpc.CustomAbort(400, "User does not exist")
|
||||||
|
}
|
||||||
|
|
||||||
password := rpc.GetString("password")
|
password := rpc.GetString("password")
|
||||||
|
|
||||||
if password != "" {
|
if password != "" {
|
||||||
user.Password = password
|
user.Password = password
|
||||||
dao.ResetUserPassword(*user)
|
err = dao.ResetUserPassword(*user)
|
||||||
|
if err != nil {
|
||||||
|
beego.Error("Error occurred in ResetUserPassword:", err)
|
||||||
|
rpc.CustomAbort(500, "Internal error.")
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
rpc.CustomAbort(404, "password_is_required")
|
rpc.CustomAbort(400, "password_is_required")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
38
dao/user.go
38
dao/user.go
@ -15,6 +15,9 @@
|
|||||||
package dao
|
package dao
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"database/sql"
|
||||||
|
"errors"
|
||||||
|
|
||||||
"github.com/vmware/harbor/models"
|
"github.com/vmware/harbor/models"
|
||||||
"github.com/vmware/harbor/utils"
|
"github.com/vmware/harbor/utils"
|
||||||
|
|
||||||
@ -133,15 +136,44 @@ func ToggleUserAdminRole(u models.User) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func ChangeUserPassword(u models.User) error {
|
func ChangeUserPassword(u models.User, oldPassword ...string) error {
|
||||||
o := orm.NewOrm()
|
o := orm.NewOrm()
|
||||||
_, err := o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserId).Exec()
|
var err error
|
||||||
|
var r sql.Result
|
||||||
|
if len(oldPassword) == 0 {
|
||||||
|
//In some cases, it may no need to check old password, just as Linux change password policies.
|
||||||
|
_, err = o.Raw(`update user set password=?, salt=? where user_id=?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserId).Exec()
|
||||||
|
} else if len(oldPassword) == 1 {
|
||||||
|
r, err = o.Raw(`update user set password=?, salt=? where user_id=? and password = ?`, utils.Encrypt(u.Password, u.Salt), u.Salt, u.UserId, utils.Encrypt(oldPassword[0], u.Salt)).Exec()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
count, err := r.RowsAffected()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if count == 0 {
|
||||||
|
return errors.New("No record be changed, change password failed.")
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return errors.New("Wrong numbers of params.")
|
||||||
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func ResetUserPassword(u models.User) error {
|
func ResetUserPassword(u models.User) error {
|
||||||
o := orm.NewOrm()
|
o := orm.NewOrm()
|
||||||
_, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUuid).Exec()
|
r, err := o.Raw(`update user set password=?, reset_uuid=? where reset_uuid=?`, utils.Encrypt(u.Password, u.Salt), "", u.ResetUuid).Exec()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
count, err := r.RowsAffected()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if count == 0 {
|
||||||
|
return errors.New("No record be changed, reset password failed.")
|
||||||
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
main.go
2
main.go
@ -38,7 +38,7 @@ func updateInitPassword(userId int, password string) error {
|
|||||||
queryUser := models.User{UserId: userId}
|
queryUser := models.User{UserId: userId}
|
||||||
user, err := dao.GetUser(queryUser)
|
user, err := dao.GetUser(queryUser)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println("Failed to get user in initial password, userId:", userId)
|
log.Println("Failed to get user, userId:", userId)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if user == nil {
|
if user == nil {
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
package test
|
package test
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
// "fmt"
|
// "fmt"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
@ -112,6 +113,8 @@ func TestMain(m *testing.M) {
|
|||||||
log.Fatalf("environment variable DB_PWD is not set")
|
log.Fatalf("environment variable DB_PWD is not set")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fmt.Printf("DB_HOST: %s, DB_USR: %s, DB_PORT: %s, DB_PWD: %s\n", dbHost, dbUser, dbPort, dbPassword)
|
||||||
|
|
||||||
os.Setenv("MYSQL_PORT_3306_TCP_ADDR", dbHost)
|
os.Setenv("MYSQL_PORT_3306_TCP_ADDR", dbHost)
|
||||||
os.Setenv("MYSQL_PORT_3306_TCP_PORT", dbPort)
|
os.Setenv("MYSQL_PORT_3306_TCP_PORT", dbPort)
|
||||||
os.Setenv("MYSQL_USR", dbUser)
|
os.Setenv("MYSQL_USR", dbUser)
|
||||||
@ -300,6 +303,34 @@ func TestChangeUserPassword(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestChangeUserPasswordWithOldPassword(t *testing.T) {
|
||||||
|
err := dao.ChangeUserPassword(models.User{UserId: currentUser.UserId, Password: "NewerHarborTester12345", Salt: currentUser.Salt}, "NewHarborTester12345")
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Error occurred in ChangeUserPassword: %v", err)
|
||||||
|
}
|
||||||
|
loginedUser, err := dao.LoginByDb(models.AuthModel{Principal: currentUser.Username, Password: "NewerHarborTester12345"})
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Error occurred in LoginByDb: %v", err)
|
||||||
|
}
|
||||||
|
if loginedUser.Username != USERNAME {
|
||||||
|
t.Errorf("The username returned by Login does not match, expected: %s, acutal: %s", USERNAME, loginedUser.Username)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestChangeUserPasswordWithIncorrectOldPassword(t *testing.T) {
|
||||||
|
err := dao.ChangeUserPassword(models.User{UserId: currentUser.UserId, Password: "NNewerHarborTester12345", Salt: currentUser.Salt}, "WrongNewerHarborTester12345")
|
||||||
|
if err == nil {
|
||||||
|
t.Errorf("Error does not occurred due to old password is incorrect.")
|
||||||
|
}
|
||||||
|
loginedUser, err := dao.LoginByDb(models.AuthModel{Principal: currentUser.Username, Password: "NNewerHarborTester12345"})
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Error occurred in LoginByDb: %v", err)
|
||||||
|
}
|
||||||
|
if loginedUser != nil {
|
||||||
|
t.Errorf("The login user is not nil, acutal: %+v", loginedUser)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestQueryRelevantProjectsWhenNoProjectAdded(t *testing.T) {
|
func TestQueryRelevantProjectsWhenNoProjectAdded(t *testing.T) {
|
||||||
projects, err := dao.QueryRelevantProjects(currentUser.UserId)
|
projects, err := dao.QueryRelevantProjects(currentUser.UserId)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -16,6 +16,6 @@
|
|||||||
<html>
|
<html>
|
||||||
<body>
|
<body>
|
||||||
<p>{{.Hint}}:</p>
|
<p>{{.Hint}}:</p>
|
||||||
<a href="{{.Url}}/resetPassword?q={{.Uuid}}">{{.Url}}/resetPassword?q={{.Uuid}}</a>
|
<a href="{{.Url}}/resetPassword?reset_uuid={{.Uuid}}">{{.Url}}/resetPassword?reset_uuid={{.Uuid}}</a>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
Loading…
Reference in New Issue
Block a user