Moved the changepassword function to the bottom so that it's under authentication, made it actually change the password, make it && instead of || so it doesn't cause the glitch stated in the last commit

This commit is contained in:
Tracker-Friendly 2024-06-25 16:54:26 +01:00
parent bbd2ea7daa
commit cda77cd3b9
1 changed files with 23 additions and 22 deletions

45
main.go
View File

@ -419,7 +419,7 @@ func main() {
enableAPIVersion2 := false enableAPIVersion2 := false
enableAPIVersion1 := false enableAPIVersion1 := false
version1PasswordChange := data["passwordchange"].(string) version1PasswordChange := data["newpass"].(string)
versionCheck := c.GetHeader("X-Burgernotes-Version") versionCheck := c.GetHeader("X-Burgernotes-Version")
if versionCheck != "" { if versionCheck != "" {
versionCheckInt, err := strconv.Atoi(versionCheck) versionCheckInt, err := strconv.Atoi(versionCheck)
@ -452,27 +452,6 @@ func main() {
return return
} }
if enableAPIVersion1 || version1PasswordChange != "no" {
salt, err := genSalt(16)
if err != nil {
log.Println("[ERROR] Unknown in /api/login genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-SALT"})
return
}
hashedPassword, err := hash(version1PasswordChange, salt)
if err != nil {
log.Println("[ERROR] Unknown in /api/login hash() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-HASH"})
return
}
_, err = conn.Exec("UPDATE users SET password = ? WHERE id = ?", hashedPassword, userid)
if err != nil {
log.Println("[ERROR] Unknown in /api/login Exec() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-DBUPDATE"})
return
}
}
if enableAPIVersion2 || enableAPIVersion1 { if enableAPIVersion2 || enableAPIVersion1 {
_, _, hashedPasswd, err := getUser(userid) _, _, hashedPasswd, err := getUser(userid)
if err != nil { if err != nil {
@ -523,6 +502,28 @@ func main() {
return return
} }
} }
if enableAPIVersion1 && version1PasswordChange != "null" {
salt, err := genSalt(16)
if err != nil {
log.Println("[ERROR] Unknown in /api/login genSalt() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-SALT"})
return
}
hashedPassword, err := hash(version1PasswordChange, salt)
if err != nil {
log.Println("[ERROR] Unknown in /api/login hash() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-HASH"})
return
}
_, err = conn.Exec("UPDATE users SET password = ? WHERE id = ?", hashedPassword, userid)
if err != nil {
log.Println("[ERROR] Unknown in /api/login Exec() at", strconv.FormatInt(time.Now().Unix(), 10)+":", err)
c.JSON(500, gin.H{"error": "Something went wrong on our end. Please report this bug at https://centrifuge.hectabit.org/hectabit/burgernotes and refer to the documentation for more info. Your error code is: UNKNOWN-API-LOGIN-DBUPDATE"})
return
}
}
token, err := genSalt(512) token, err := genSalt(512)
if err != nil { if err != nil {