[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #3996: Rewrote /user/current to Go

Mon, 16 Dec 2019 14:00:41 -0800 

ocket8888 commented on a change in pull request #3996: Rewrote /user/current to 
Go
URL: https://github.com/apache/trafficcontrol/pull/3996#discussion_r358488081
 
 

 ##########
 File path: traffic_ops/traffic_ops_golang/user/current.go
 ##########
 @@ -80,3 +144,184 @@ WHERE u.id=$1
        u.LocalUser = util.BoolPtr(localPassword.Valid)
        return u, nil
 }
+
+func ReplaceCurrent(w http.ResponseWriter, r *http.Request) {
+       inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil)
+       tx := inf.Tx.Tx
+       if userErr != nil || sysErr != nil {
+               api.HandleErr(w, r, tx, errCode, userErr, sysErr)
+               return
+       }
+       defer inf.Close()
+
+       var userRequest tc.CurrentUserUpdateRequest
+       if err := json.NewDecoder(r.Body).Decode(&userRequest); err != nil {
+               errCode = http.StatusBadRequest
+               userErr = fmt.Errorf("Couldn't parse request: %v", err)
+               api.HandleErr(w, r, tx, errCode, userErr, nil)
+               return
+       }
+
+       user, exists, err := dbhelpers.GetUserByID(inf.User.ID, tx)
+       if err != nil {
+               sysErr = fmt.Errorf("Getting user by ID %d: %v", inf.User.ID, 
err)
+               errCode = http.StatusInternalServerError
+               api.HandleErr(w, r, tx, errCode, nil, sysErr)
+               return
+       }
+       if !exists {
+               sysErr = fmt.Errorf("Current user (#%d) doesn't exist... ??", 
inf.User.ID)
+               errCode = http.StatusInternalServerError
+               api.HandleErr(w, r, tx, errCode, nil, sysErr)
+               return
+       }
+
+       if err := userRequest.User.UnmarshalAndValidate(&user); err != nil {
+               errCode = http.StatusBadRequest
+               userErr = fmt.Errorf("Couldn't parse request: %v", err)
+               api.HandleErr(w, r, tx, errCode, userErr, nil)
+               return
+       }
+
+       changePasswd := false
+
+       // obfuscate passwords (UnmarshalAndValidate checks for equality with 
ConfirmLocalPassword)
+       // TODO: check for valid password via bad password list like Perl did? 
User creation doesn't...
 
 Review comment:
   `user` doesn't use `GenericCreate`, the only validation I can see being done 
before the user is `INSERT`ed is checking that the password is non-nil. I also 
can't find a `tc.User.Validate` function, so if there is more validation being 
done my question is: where? I'd like to see it so I know how to write that 
enforcement.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to