ChrisHines commented on a change in pull request #3996: Rewrote /user/current to Go URL: https://github.com/apache/trafficcontrol/pull/3996#discussion_r341712506
########## File path: traffic_ops/traffic_ops_golang/user/current.go ########## @@ -80,3 +190,197 @@ WHERE u.id=$1 u.LocalUser = util.BoolPtr(localPassword.Valid) return u, nil } + +func ReplaceCurrent(w http.ResponseWriter, r *http.Request) { + inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil) + tx := inf.Tx.Tx + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, tx, errCode, userErr, sysErr) + return + } + defer inf.Close() + + var userRequest tc.CurrentUserUpdateRequest + if err := json.NewDecoder(r.Body).Decode(&userRequest); err != nil { + errCode = http.StatusBadRequest + userErr = fmt.Errorf("Couldn't parse request: %v", err) + api.HandleErr(w, r, tx, errCode, userErr, nil) + return + } + + user, exists, err := dbhelpers.GetUserByID(inf.User.ID, tx) + if err != nil { + sysErr = fmt.Errorf("Getting user by ID %d: %v", inf.User.ID, err) + errCode = http.StatusInternalServerError + api.HandleErr(w, r, tx, errCode, nil, sysErr) + return + } else if !exists { + sysErr = fmt.Errorf("Current user (#%d) doesn't exist... ??", inf.User.ID) + errCode = http.StatusInternalServerError + api.HandleErr(w, r, tx, errCode, nil, sysErr) + return + } + + if err := userRequest.User.ValidateAndUnmarshal(&user); err != nil { + errCode = http.StatusBadRequest + userErr = fmt.Errorf("Couldn't parse request: %v", err) + api.HandleErr(w, r, tx, errCode, userErr, nil) + return + } + + changePasswd := false + + // obfuscate passwords (ValidateAndUnmarshal checks for equality with ConfirmLocalPassword) + // TODO: check for valid password via bad password list like Perl did? User creation doesn't... + if user.LocalPassword != nil && *user.LocalPassword != "" { + hashPass, err := auth.DerivePassword(*user.LocalPassword) + if err != nil { + sysErr = fmt.Errorf("Hashing new password: %v", err) + errCode = http.StatusInternalServerError + api.HandleErr(w, r, tx, errCode, nil, sysErr) + return + } + changePasswd = true Review comment: Reading this raises a question in my mind: Is it true that a `nil` or empty `*user.LocalPassword` means "no password change" requested? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services