Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2699445

Browse files
BrunoQuaresmaBrunoQuaresma
committed
Remove confirmation and fix lint issues
1 parent 212020a commit 2699445

File tree

2 files changed

+8
-38
lines changed

2 files changed

+8
-38
lines changed

coderd/users.go

Lines changed: 8 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -360,50 +360,33 @@ func (api *api) putUserSuspend(rw http.ResponseWriter, r *http.Request) {
360360
httpapi.Write(rw, http.StatusOK, convertUser(suspendedUser, organizations))
361361
}
362362

363-
func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
363+
func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) error {
364364
user := httpmw.UserParam(r)
365365

366366
var params codersdk.UpdateUserPasswordRequest
367367
if !httpapi.Read(rw, r, &params) {
368-
return
369-
}
370-
371-
// Check if the password is correct
372-
equal, err := userpassword.Compare(string(user.HashedPassword), params.Password)
373-
if err != nil {
374-
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
375-
Message: fmt.Sprintf("compare: %s", err.Error()),
376-
})
377-
}
378-
if !equal {
379-
// This message is the same as above to remove ease in detecting whether
380-
// users are registered or not. Attackers still could with a timing attack.
381-
httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
382-
Message: "invalid email or password",
383-
})
384-
return
368+
return nil
385369
}
386370

387371
// Check if the new password and the confirmation match
388372
if params.NewPassword != params.ConfirmNewPassword {
389-
errors := []httpapi.Error{
373+
requestErrors := []httpapi.Error{
390374
{
391375
Field: "confirm_new_password",
392376
Detail: "The value does not match the new password",
393377
},
394378
}
395379
httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
396380
Message: fmt.Sprintf("The new password and the new password confirmation don't match"),
397-
Errors: errors,
381+
Errors: requestErrors,
398382
})
399-
return
383+
return nil
400384
}
401385

402386
// Hash password and update it in the database
403387
hashedPassword, hashError := userpassword.Hash(params.NewPassword)
404388
if hashError != nil {
405-
xerrors.Errorf("hash password: %w", hashError)
406-
return
389+
return xerrors.Errorf("hash password: %w", hashError)
407390
}
408391
databaseError := api.Database.UpdateUserHashedPassword(r.Context(), database.UpdateUserHashedPasswordParams{
409392
ID: user.ID,
@@ -413,10 +396,11 @@ func (api *api) putUserPassword(rw http.ResponseWriter, r *http.Request) {
413396
httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
414397
Message: fmt.Sprintf("put user password: %s", databaseError.Error()),
415398
})
416-
return
399+
return nil
417400
}
418401

419402
httpapi.Write(rw, http.StatusNoContent, nil)
403+
return nil
420404
}
421405

422406
func (api *api) userRoles(rw http.ResponseWriter, r *http.Request) {

coderd/users_test.go

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -290,20 +290,6 @@ func TestUpdateUserProfile(t *testing.T) {
290290
func TestUpdateUserPassword(t *testing.T) {
291291
t.Parallel()
292292

293-
t.Run("WrongPassword", func(t *testing.T) {
294-
t.Parallel()
295-
client := coderdtest.New(t, nil)
296-
coderdtest.CreateFirstUser(t, client)
297-
err := client.UpdateUserPassword(context.Background(), codersdk.Me, codersdk.UpdateUserPasswordRequest{
298-
Password: "wrongpassword",
299-
NewPassword: "newpassword",
300-
ConfirmNewPassword: "newpassword",
301-
})
302-
var apiErr *codersdk.Error
303-
require.ErrorAs(t, err, &apiErr)
304-
require.Equal(t, http.StatusUnauthorized, apiErr.StatusCode())
305-
})
306-
307293
t.Run("DifferentPasswordConfirmation", func(t *testing.T) {
308294
t.Parallel()
309295
client := coderdtest.New(t, nil)

0 commit comments

Comments
 (0)