[GitHub] [trafficcontrol] ChrisHines commented on a change in pull request #3996: Rewrote /user/current to Go

Fri, 01 Nov 2019 12:13:31 -0700 

ChrisHines commented on a change in pull request #3996: Rewrote /user/current 
to Go
URL: https://github.com/apache/trafficcontrol/pull/3996#discussion_r341712506
 
 

 ##########
 File path: traffic_ops/traffic_ops_golang/user/current.go
 ##########
 @@ -80,3 +190,197 @@ WHERE u.id=$1
        u.LocalUser = util.BoolPtr(localPassword.Valid)
        return u, nil
 }
+
+func ReplaceCurrent(w http.ResponseWriter, r *http.Request) {
+       inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
+       tx := inf.Tx.Tx
+       if userErr != nil || sysErr != nil {
+               api.HandleErr(w, r, tx, errCode, userErr, sysErr)
+               return
+       }
+       defer inf.Close()
+
+       var userRequest tc.CurrentUserUpdateRequest
+       if err := json.NewDecoder(r.Body).Decode(&userRequest); err != nil {
+               errCode = http.StatusBadRequest
+               userErr = fmt.Errorf("Couldn't parse request: %v", err)
+               api.HandleErr(w, r, tx, errCode, userErr, nil)
+               return
+       }
+
+       user, exists, err := dbhelpers.GetUserByID(inf.User.ID, tx)
+       if err != nil {
+               sysErr = fmt.Errorf("Getting user by ID %d: %v", inf.User.ID, 
err)
+               errCode = http.StatusInternalServerError
+               api.HandleErr(w, r, tx, errCode, nil, sysErr)
+               return
+       } else if !exists {
+               sysErr = fmt.Errorf("Current user (#%d) doesn't exist... ??", 
inf.User.ID)
+               errCode = http.StatusInternalServerError
+               api.HandleErr(w, r, tx, errCode, nil, sysErr)
+               return
+       }
+
+       if err := userRequest.User.ValidateAndUnmarshal(&user); err != nil {
+               errCode = http.StatusBadRequest
+               userErr = fmt.Errorf("Couldn't parse request: %v", err)
+               api.HandleErr(w, r, tx, errCode, userErr, nil)
+               return
+       }
+
+       changePasswd := false
+
+       // obfuscate passwords (ValidateAndUnmarshal checks for equality with 
ConfirmLocalPassword)
+       // TODO: check for valid password via bad password list like Perl did? 
User creation doesn't...
+       if user.LocalPassword != nil && *user.LocalPassword != "" {
+               hashPass, err := auth.DerivePassword(*user.LocalPassword)
+               if err != nil {
+                       sysErr = fmt.Errorf("Hashing new password: %v", err)
+                       errCode = http.StatusInternalServerError
+                       api.HandleErr(w, r, tx, errCode, nil, sysErr)
+                       return
+               }
+               changePasswd = true
 
 Review comment:
   Reading this raises a question in my mind: Is it true that a `nil` or empty 
`*user.LocalPassword` means "no password change" requested?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to