Add link share password authentication (#831)
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/831 Co-authored-by: konrad <konrad@kola-entertainments.de> Co-committed-by: konrad <konrad@kola-entertainments.de>
This commit is contained in:
parent
6a927c0703
commit
b3c604fd2f
20 changed files with 471 additions and 40 deletions
|
@ -150,3 +150,10 @@ This document describes the different errors Vikunja can return.
|
||||||
|-----------|------------------|-------------|
|
|-----------|------------------|-------------|
|
||||||
| 12001 | 412 | The subscription entity type is invalid. |
|
| 12001 | 412 | The subscription entity type is invalid. |
|
||||||
| 12002 | 412 | The user is already subscribed to the entity itself or a parent entity. |
|
| 12002 | 412 | The user is already subscribed to the entity itself or a parent entity. |
|
||||||
|
|
||||||
|
## Link Shares
|
||||||
|
|
||||||
|
| ErrorCode | HTTP Status Code | Description |
|
||||||
|
|-----------|------------------|-------------|
|
||||||
|
| 13001 | 412 | This link share requires a password for authentication, but none was provided. |
|
||||||
|
| 13002 | 403 | The provided link share password was invalid. |
|
||||||
|
|
|
@ -22,3 +22,12 @@
|
||||||
shared_by_id: 1
|
shared_by_id: 1
|
||||||
created: 2018-12-01 15:13:12
|
created: 2018-12-01 15:13:12
|
||||||
updated: 2018-12-02 15:13:12
|
updated: 2018-12-02 15:13:12
|
||||||
|
- id: 4
|
||||||
|
hash: testWithPassword
|
||||||
|
list_id: 1
|
||||||
|
right: 0
|
||||||
|
password: '$2a$14$dcadBoMBL9jQoOcZK8Fju.cy0Ptx2oZECkKLnaa8ekRoTFe1w7To.' # 1234
|
||||||
|
sharing_type: 2
|
||||||
|
shared_by_id: 1
|
||||||
|
created: 2018-12-01 15:13:12
|
||||||
|
updated: 2018-12-02 15:13:12
|
||||||
|
|
|
@ -114,8 +114,8 @@ func bootstrapTestRequest(t *testing.T, method string, payload string, queryPara
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func newTestRequest(t *testing.T, method string, handler func(ctx echo.Context) error, payload string) (rec *httptest.ResponseRecorder, err error) {
|
func newTestRequest(t *testing.T, method string, handler func(ctx echo.Context) error, payload string, queryParams url.Values, urlParams map[string]string) (rec *httptest.ResponseRecorder, err error) {
|
||||||
c, rec := bootstrapTestRequest(t, method, payload, nil)
|
rec, c := testRequestSetup(t, method, payload, queryParams, urlParams)
|
||||||
err = handler(c)
|
err = handler(c)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
60
pkg/integrations/link_sharing_auth_test.go
Normal file
60
pkg/integrations/link_sharing_auth_test.go
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
// Vikunja is a to-do list application to facilitate your life.
|
||||||
|
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public Licensee for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public Licensee
|
||||||
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package integrations
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.vikunja.io/api/pkg/models"
|
||||||
|
apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestLinkSharingAuth(t *testing.T) {
|
||||||
|
t.Run("Without Password", func(t *testing.T) {
|
||||||
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.AuthenticateLinkShare, ``, nil, map[string]string{"share": "test"})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, http.StatusOK, rec.Code)
|
||||||
|
assert.Contains(t, rec.Body.String(), `"token":"`)
|
||||||
|
assert.Contains(t, rec.Body.String(), `"list_id":1`)
|
||||||
|
})
|
||||||
|
t.Run("Without Password, Password Provided", func(t *testing.T) {
|
||||||
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.AuthenticateLinkShare, `{"password":"somethingsomething"}`, nil, map[string]string{"share": "test"})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, http.StatusOK, rec.Code)
|
||||||
|
assert.Contains(t, rec.Body.String(), `"token":"`)
|
||||||
|
assert.Contains(t, rec.Body.String(), `"list_id":1`)
|
||||||
|
})
|
||||||
|
t.Run("With Password, No Password Provided", func(t *testing.T) {
|
||||||
|
_, err := newTestRequest(t, http.MethodPost, apiv1.AuthenticateLinkShare, ``, nil, map[string]string{"share": "testWithPassword"})
|
||||||
|
assert.Error(t, err)
|
||||||
|
assertHandlerErrorCode(t, err, models.ErrCodeLinkSharePasswordRequired)
|
||||||
|
})
|
||||||
|
t.Run("With Password, Password Provided", func(t *testing.T) {
|
||||||
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.AuthenticateLinkShare, `{"password":"1234"}`, nil, map[string]string{"share": "testWithPassword"})
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Equal(t, http.StatusOK, rec.Code)
|
||||||
|
assert.Contains(t, rec.Body.String(), `"token":"`)
|
||||||
|
assert.Contains(t, rec.Body.String(), `"list_id":1`)
|
||||||
|
})
|
||||||
|
t.Run("With Wrong Password", func(t *testing.T) {
|
||||||
|
_, err := newTestRequest(t, http.MethodPost, apiv1.AuthenticateLinkShare, `{"password":"someWrongPassword"}`, nil, map[string]string{"share": "testWithPassword"})
|
||||||
|
assert.Error(t, err)
|
||||||
|
assertHandlerErrorCode(t, err, models.ErrCodeLinkSharePasswordInvalid)
|
||||||
|
})
|
||||||
|
}
|
|
@ -30,12 +30,12 @@ func TestLogin(t *testing.T) {
|
||||||
rec, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
||||||
"username": "user1",
|
"username": "user1",
|
||||||
"password": "1234"
|
"password": "1234"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Contains(t, rec.Body.String(), "token")
|
assert.Contains(t, rec.Body.String(), "token")
|
||||||
})
|
})
|
||||||
t.Run("Empty payload", func(t *testing.T) {
|
t.Run("Empty payload", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
|
@ -43,7 +43,7 @@ func TestLogin(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
||||||
"username": "userWichDoesNotExist",
|
"username": "userWichDoesNotExist",
|
||||||
"password": "1234"
|
"password": "1234"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeWrongUsernameOrPassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeWrongUsernameOrPassword)
|
||||||
})
|
})
|
||||||
|
@ -51,7 +51,7 @@ func TestLogin(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
||||||
"username": "user1",
|
"username": "user1",
|
||||||
"password": "wrong"
|
"password": "wrong"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeWrongUsernameOrPassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeWrongUsernameOrPassword)
|
||||||
})
|
})
|
||||||
|
@ -59,7 +59,7 @@ func TestLogin(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
_, err := newTestRequest(t, http.MethodPost, apiv1.Login, `{
|
||||||
"username": "user5",
|
"username": "user5",
|
||||||
"password": "1234"
|
"password": "1234"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeEmailNotConfirmed)
|
assertHandlerErrorCode(t, err, user.ErrCodeEmailNotConfirmed)
|
||||||
})
|
})
|
||||||
|
|
|
@ -31,12 +31,12 @@ func TestRegister(t *testing.T) {
|
||||||
"username": "newUser",
|
"username": "newUser",
|
||||||
"password": "1234",
|
"password": "1234",
|
||||||
"email": "email@example.com"
|
"email": "email@example.com"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Contains(t, rec.Body.String(), `"username":"newUser"`)
|
assert.Contains(t, rec.Body.String(), `"username":"newUser"`)
|
||||||
})
|
})
|
||||||
t.Run("Empty payload", func(t *testing.T) {
|
t.Run("Empty payload", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.RegisterUser, `{}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
|
@ -45,7 +45,7 @@ func TestRegister(t *testing.T) {
|
||||||
"username": "",
|
"username": "",
|
||||||
"password": "1234",
|
"password": "1234",
|
||||||
"email": "email@example.com"
|
"email": "email@example.com"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
|
@ -54,7 +54,7 @@ func TestRegister(t *testing.T) {
|
||||||
"username": "newUser",
|
"username": "newUser",
|
||||||
"password": "",
|
"password": "",
|
||||||
"email": "email@example.com"
|
"email": "email@example.com"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
|
@ -63,7 +63,7 @@ func TestRegister(t *testing.T) {
|
||||||
"username": "newUser",
|
"username": "newUser",
|
||||||
"password": "1234",
|
"password": "1234",
|
||||||
"email": ""
|
"email": ""
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
|
@ -72,7 +72,7 @@ func TestRegister(t *testing.T) {
|
||||||
"username": "user1",
|
"username": "user1",
|
||||||
"password": "1234",
|
"password": "1234",
|
||||||
"email": "email@example.com"
|
"email": "email@example.com"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrorCodeUsernameExists)
|
assertHandlerErrorCode(t, err, user.ErrorCodeUsernameExists)
|
||||||
})
|
})
|
||||||
|
@ -81,7 +81,7 @@ func TestRegister(t *testing.T) {
|
||||||
"username": "newUser",
|
"username": "newUser",
|
||||||
"password": "1234",
|
"password": "1234",
|
||||||
"email": "user1@example.com"
|
"email": "user1@example.com"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrorCodeUserEmailExists)
|
assertHandlerErrorCode(t, err, user.ErrorCodeUserEmailExists)
|
||||||
})
|
})
|
||||||
|
|
|
@ -28,23 +28,23 @@ import (
|
||||||
|
|
||||||
func TestUserConfirmEmail(t *testing.T) {
|
func TestUserConfirmEmail(t *testing.T) {
|
||||||
t.Run("Normal test", func(t *testing.T) {
|
t.Run("Normal test", func(t *testing.T) {
|
||||||
rec, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{"token": "tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael"}`)
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{"token": "tiepiQueed8ahc7zeeFe1eveiy4Ein8osooxegiephauph2Ael"}`, nil, nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Contains(t, rec.Body.String(), `The email was confirmed successfully.`)
|
assert.Contains(t, rec.Body.String(), `The email was confirmed successfully.`)
|
||||||
})
|
})
|
||||||
t.Run("Empty payload", func(t *testing.T) {
|
t.Run("Empty payload", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assert.Equal(t, http.StatusPreconditionFailed, err.(*echo.HTTPError).Code)
|
assert.Equal(t, http.StatusPreconditionFailed, err.(*echo.HTTPError).Code)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeInvalidEmailConfirmToken)
|
assertHandlerErrorCode(t, err, user.ErrCodeInvalidEmailConfirmToken)
|
||||||
})
|
})
|
||||||
t.Run("Empty token", func(t *testing.T) {
|
t.Run("Empty token", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{"token": ""}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{"token": ""}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeInvalidEmailConfirmToken)
|
assertHandlerErrorCode(t, err, user.ErrCodeInvalidEmailConfirmToken)
|
||||||
})
|
})
|
||||||
t.Run("Invalid token", func(t *testing.T) {
|
t.Run("Invalid token", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{"token": "invalidToken"}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserConfirmEmail, `{"token": "invalidToken"}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeInvalidEmailConfirmToken)
|
assertHandlerErrorCode(t, err, user.ErrCodeInvalidEmailConfirmToken)
|
||||||
})
|
})
|
||||||
|
|
|
@ -28,22 +28,22 @@ import (
|
||||||
|
|
||||||
func TestUserRequestResetPasswordToken(t *testing.T) {
|
func TestUserRequestResetPasswordToken(t *testing.T) {
|
||||||
t.Run("Normal requesting a password reset token", func(t *testing.T) {
|
t.Run("Normal requesting a password reset token", func(t *testing.T) {
|
||||||
rec, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{"email": "user1@example.com"}`)
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{"email": "user1@example.com"}`, nil, nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Contains(t, rec.Body.String(), `Token was sent.`)
|
assert.Contains(t, rec.Body.String(), `Token was sent.`)
|
||||||
})
|
})
|
||||||
t.Run("Empty payload", func(t *testing.T) {
|
t.Run("Empty payload", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
t.Run("Invalid email address", func(t *testing.T) {
|
t.Run("Invalid email address", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{"email": "user1example.com"}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{"email": "user1example.com"}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assert.Equal(t, http.StatusBadRequest, err.(*echo.HTTPError).Code)
|
assert.Equal(t, http.StatusBadRequest, err.(*echo.HTTPError).Code)
|
||||||
})
|
})
|
||||||
t.Run("No user with that email address", func(t *testing.T) {
|
t.Run("No user with that email address", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{"email": "user1000@example.com"}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserRequestResetPasswordToken, `{"email": "user1000@example.com"}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeUserDoesNotExist)
|
assertHandlerErrorCode(t, err, user.ErrCodeUserDoesNotExist)
|
||||||
})
|
})
|
||||||
|
|
|
@ -31,12 +31,12 @@ func TestUserPasswordReset(t *testing.T) {
|
||||||
rec, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{
|
rec, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{
|
||||||
"new_password": "1234",
|
"new_password": "1234",
|
||||||
"token": "passwordresettesttoken"
|
"token": "passwordresettesttoken"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Contains(t, rec.Body.String(), `The password was updated successfully.`)
|
assert.Contains(t, rec.Body.String(), `The password was updated successfully.`)
|
||||||
})
|
})
|
||||||
t.Run("Empty payload", func(t *testing.T) {
|
t.Run("Empty payload", func(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{}`)
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assert.Equal(t, http.StatusBadRequest, err.(*echo.HTTPError).Code)
|
assert.Equal(t, http.StatusBadRequest, err.(*echo.HTTPError).Code)
|
||||||
})
|
})
|
||||||
|
@ -44,7 +44,7 @@ func TestUserPasswordReset(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{
|
||||||
"new_password": "",
|
"new_password": "",
|
||||||
"token": "passwordresettesttoken"
|
"token": "passwordresettesttoken"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
assertHandlerErrorCode(t, err, user.ErrCodeNoUsernamePassword)
|
||||||
})
|
})
|
||||||
|
@ -52,7 +52,7 @@ func TestUserPasswordReset(t *testing.T) {
|
||||||
_, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{
|
_, err := newTestRequest(t, http.MethodPost, apiv1.UserResetPassword, `{
|
||||||
"new_password": "1234",
|
"new_password": "1234",
|
||||||
"token": "invalidtoken"
|
"token": "invalidtoken"
|
||||||
}`)
|
}`, nil, nil)
|
||||||
assert.Error(t, err)
|
assert.Error(t, err)
|
||||||
assertHandlerErrorCode(t, err, user.ErrCodeInvalidPasswordResetToken)
|
assertHandlerErrorCode(t, err, user.ErrCodeInvalidPasswordResetToken)
|
||||||
})
|
})
|
||||||
|
|
50
pkg/migration/20210411113105.go
Normal file
50
pkg/migration/20210411113105.go
Normal file
|
@ -0,0 +1,50 @@
|
||||||
|
// Vikunja is a to-do list application to facilitate your life.
|
||||||
|
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public Licensee for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public Licensee
|
||||||
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package migration
|
||||||
|
|
||||||
|
import (
|
||||||
|
"src.techknowlogick.com/xormigrate"
|
||||||
|
"xorm.io/xorm"
|
||||||
|
)
|
||||||
|
|
||||||
|
type linkShares20210411113105 struct {
|
||||||
|
Password string `xorm:"text null"`
|
||||||
|
SharingType int `xorm:"bigint INDEX not null default 0"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (linkShares20210411113105) TableName() string {
|
||||||
|
return "link_shares"
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
migrations = append(migrations, &xormigrate.Migration{
|
||||||
|
ID: "20210411113105",
|
||||||
|
Description: "Add password field to link shares",
|
||||||
|
Migrate: func(tx *xorm.Engine) error {
|
||||||
|
|
||||||
|
// Make all existing share links type 1 (no password)
|
||||||
|
if _, err := tx.Update(&linkShares20210411113105{SharingType: 1}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return tx.Sync2(linkShares20210411113105{})
|
||||||
|
},
|
||||||
|
Rollback: func(tx *xorm.Engine) error {
|
||||||
|
return nil
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
|
@ -1512,3 +1512,61 @@ func (err ErrSubscriptionAlreadyExists) HTTPError() web.HTTPError {
|
||||||
Message: "You're already subscribed.",
|
Message: "You're already subscribed.",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// =================
|
||||||
|
// Link Share errors
|
||||||
|
// =================
|
||||||
|
|
||||||
|
// ErrLinkSharePasswordRequired represents an error where a link share authentication requires a password and none was provided
|
||||||
|
type ErrLinkSharePasswordRequired struct {
|
||||||
|
ShareID int64
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsErrLinkSharePasswordRequired checks if an error is ErrLinkSharePasswordRequired.
|
||||||
|
func IsErrLinkSharePasswordRequired(err error) bool {
|
||||||
|
_, ok := err.(*ErrLinkSharePasswordRequired)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
func (err *ErrLinkSharePasswordRequired) Error() string {
|
||||||
|
return fmt.Sprintf("Link Share requires a password for authentication [ShareID: %d]", err.ShareID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrCodeLinkSharePasswordRequired holds the unique world-error code of this error
|
||||||
|
const ErrCodeLinkSharePasswordRequired = 13001
|
||||||
|
|
||||||
|
// HTTPError holds the http error description
|
||||||
|
func (err ErrLinkSharePasswordRequired) HTTPError() web.HTTPError {
|
||||||
|
return web.HTTPError{
|
||||||
|
HTTPCode: http.StatusPreconditionFailed,
|
||||||
|
Code: ErrCodeLinkSharePasswordRequired,
|
||||||
|
Message: "This link share requires a password for authentication, but none was provided.",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrLinkSharePasswordInvalid represents an error where a subscription entity type is unknown
|
||||||
|
type ErrLinkSharePasswordInvalid struct {
|
||||||
|
ShareID int64
|
||||||
|
}
|
||||||
|
|
||||||
|
// IsErrLinkSharePasswordInvalid checks if an error is ErrLinkSharePasswordInvalid.
|
||||||
|
func IsErrLinkSharePasswordInvalid(err error) bool {
|
||||||
|
_, ok := err.(*ErrLinkSharePasswordInvalid)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
func (err *ErrLinkSharePasswordInvalid) Error() string {
|
||||||
|
return fmt.Sprintf("Provided Link Share password did not match the saved one [ShareID: %d]", err.ShareID)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ErrCodeLinkSharePasswordInvalid holds the unique world-error code of this error
|
||||||
|
const ErrCodeLinkSharePasswordInvalid = 13002
|
||||||
|
|
||||||
|
// HTTPError holds the http error description
|
||||||
|
func (err ErrLinkSharePasswordInvalid) HTTPError() web.HTTPError {
|
||||||
|
return web.HTTPError{
|
||||||
|
HTTPCode: http.StatusForbidden,
|
||||||
|
Code: ErrCodeLinkSharePasswordInvalid,
|
||||||
|
Message: "The provided link share password is invalid.",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -17,8 +17,11 @@
|
||||||
package models
|
package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"golang.org/x/crypto/bcrypt"
|
||||||
|
|
||||||
"code.vikunja.io/api/pkg/user"
|
"code.vikunja.io/api/pkg/user"
|
||||||
"code.vikunja.io/api/pkg/utils"
|
"code.vikunja.io/api/pkg/utils"
|
||||||
"code.vikunja.io/web"
|
"code.vikunja.io/web"
|
||||||
|
@ -49,9 +52,12 @@ type LinkSharing struct {
|
||||||
// The right this list is shared with. 0 = Read only, 1 = Read & Write, 2 = Admin. See the docs for more details.
|
// The right this list is shared with. 0 = Read only, 1 = Read & Write, 2 = Admin. See the docs for more details.
|
||||||
Right Right `xorm:"bigint INDEX not null default 0" json:"right" valid:"length(0|2)" maximum:"2" default:"0"`
|
Right Right `xorm:"bigint INDEX not null default 0" json:"right" valid:"length(0|2)" maximum:"2" default:"0"`
|
||||||
|
|
||||||
// The kind of this link. 0 = undefined, 1 = without password, 2 = with password (currently not implemented).
|
// The kind of this link. 0 = undefined, 1 = without password, 2 = with password.
|
||||||
SharingType SharingType `xorm:"bigint INDEX not null default 0" json:"sharing_type" valid:"length(0|2)" maximum:"2" default:"0"`
|
SharingType SharingType `xorm:"bigint INDEX not null default 0" json:"sharing_type" valid:"length(0|2)" maximum:"2" default:"0"`
|
||||||
|
|
||||||
|
// The password of this link share. You can only set it, not retrieve it after the link share has been created.
|
||||||
|
Password string `xorm:"text null" json:"password"`
|
||||||
|
|
||||||
// The user who shared this list
|
// The user who shared this list
|
||||||
SharedBy *user.User `xorm:"-" json:"shared_by"`
|
SharedBy *user.User `xorm:"-" json:"shared_by"`
|
||||||
SharedByID int64 `xorm:"bigint INDEX not null" json:"-"`
|
SharedByID int64 `xorm:"bigint INDEX not null" json:"-"`
|
||||||
|
@ -129,7 +135,19 @@ func (share *LinkSharing) Create(s *xorm.Session, a web.Auth) (err error) {
|
||||||
|
|
||||||
share.SharedByID = a.GetID()
|
share.SharedByID = a.GetID()
|
||||||
share.Hash = utils.MakeRandomString(40)
|
share.Hash = utils.MakeRandomString(40)
|
||||||
|
|
||||||
|
if share.Password != "" {
|
||||||
|
share.SharingType = SharingTypeWithPassword
|
||||||
|
share.Password, err = user.HashPassword(share.Password)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
share.SharingType = SharingTypeWithoutPassword
|
||||||
|
}
|
||||||
|
|
||||||
_, err = s.Insert(share)
|
_, err = s.Insert(share)
|
||||||
|
share.Password = ""
|
||||||
share.SharedBy, _ = user.GetFromAuth(a)
|
share.SharedBy, _ = user.GetFromAuth(a)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -156,6 +174,7 @@ func (share *LinkSharing) ReadOne(s *xorm.Session, a web.Auth) (err error) {
|
||||||
if !exists {
|
if !exists {
|
||||||
return ErrListShareDoesNotExist{ID: share.ID, Hash: share.Hash}
|
return ErrListShareDoesNotExist{ID: share.ID, Hash: share.Hash}
|
||||||
}
|
}
|
||||||
|
share.Password = ""
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -212,6 +231,7 @@ func (share *LinkSharing) ReadAll(s *xorm.Session, a web.Auth, search string, pa
|
||||||
|
|
||||||
for _, s := range shares {
|
for _, s := range shares {
|
||||||
s.SharedBy = users[s.SharedByID]
|
s.SharedBy = users[s.SharedByID]
|
||||||
|
s.Password = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// Total count
|
// Total count
|
||||||
|
@ -287,3 +307,20 @@ func GetLinkSharesByIDs(s *xorm.Session, ids []int64) (shares map[int64]*LinkSha
|
||||||
err = s.In("id", ids).Find(&shares)
|
err = s.In("id", ids).Find(&shares)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// VerifyLinkSharePassword checks if a password of a link share matches a provided one.
|
||||||
|
func VerifyLinkSharePassword(share *LinkSharing, password string) (err error) {
|
||||||
|
if password == "" {
|
||||||
|
return &ErrLinkSharePasswordRequired{ShareID: share.ID}
|
||||||
|
}
|
||||||
|
|
||||||
|
err = bcrypt.CompareHashAndPassword([]byte(share.Password), []byte(password))
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, bcrypt.ErrMismatchedHashAndPassword) {
|
||||||
|
return &ErrLinkSharePasswordInvalid{ShareID: share.ID}
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
140
pkg/models/link_sharing_test.go
Normal file
140
pkg/models/link_sharing_test.go
Normal file
|
@ -0,0 +1,140 @@
|
||||||
|
// Vikunja is a to-do list application to facilitate your life.
|
||||||
|
// Copyright 2018-2021 Vikunja and contributors. All rights reserved.
|
||||||
|
//
|
||||||
|
// This program is free software: you can redistribute it and/or modify
|
||||||
|
// it under the terms of the GNU Affero General Public Licensee as published by
|
||||||
|
// the Free Software Foundation, either version 3 of the License, or
|
||||||
|
// (at your option) any later version.
|
||||||
|
//
|
||||||
|
// This program is distributed in the hope that it will be useful,
|
||||||
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
// GNU Affero General Public Licensee for more details.
|
||||||
|
//
|
||||||
|
// You should have received a copy of the GNU Affero General Public Licensee
|
||||||
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
package models
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"code.vikunja.io/api/pkg/db"
|
||||||
|
"code.vikunja.io/api/pkg/user"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestLinkSharing_Create(t *testing.T) {
|
||||||
|
doer := &user.User{ID: 1}
|
||||||
|
|
||||||
|
t.Run("normal", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
share := &LinkSharing{
|
||||||
|
ListID: 1,
|
||||||
|
Right: RightRead,
|
||||||
|
}
|
||||||
|
err := share.Create(s, doer)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotEmpty(t, share.Hash)
|
||||||
|
assert.NotEmpty(t, share.ID)
|
||||||
|
assert.Equal(t, SharingTypeWithoutPassword, share.SharingType)
|
||||||
|
db.AssertExists(t, "link_shares", map[string]interface{}{
|
||||||
|
"id": share.ID,
|
||||||
|
}, false)
|
||||||
|
})
|
||||||
|
t.Run("invalid right", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
share := &LinkSharing{
|
||||||
|
ListID: 1,
|
||||||
|
Right: Right(123),
|
||||||
|
}
|
||||||
|
err := share.Create(s, doer)
|
||||||
|
|
||||||
|
assert.Error(t, err)
|
||||||
|
assert.True(t, IsErrInvalidRight(err))
|
||||||
|
})
|
||||||
|
t.Run("password should be hashed", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
share := &LinkSharing{
|
||||||
|
ListID: 1,
|
||||||
|
Right: RightRead,
|
||||||
|
Password: "somePassword",
|
||||||
|
}
|
||||||
|
err := share.Create(s, doer)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotEmpty(t, share.Hash)
|
||||||
|
assert.NotEmpty(t, share.ID)
|
||||||
|
assert.Empty(t, share.Password)
|
||||||
|
db.AssertExists(t, "link_shares", map[string]interface{}{
|
||||||
|
"id": share.ID,
|
||||||
|
"sharing_type": SharingTypeWithPassword,
|
||||||
|
}, false)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLinkSharing_ReadAll(t *testing.T) {
|
||||||
|
doer := &user.User{ID: 1}
|
||||||
|
|
||||||
|
t.Run("all no password", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
share := &LinkSharing{
|
||||||
|
ListID: 1,
|
||||||
|
}
|
||||||
|
all, _, _, err := share.ReadAll(s, doer, "", 1, -1)
|
||||||
|
shares := all.([]*LinkSharing)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.Len(t, shares, 2)
|
||||||
|
for _, sharing := range shares {
|
||||||
|
assert.Empty(t, sharing.Password)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestLinkSharing_ReadOne(t *testing.T) {
|
||||||
|
doer := &user.User{ID: 1}
|
||||||
|
|
||||||
|
t.Run("normal", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
share := &LinkSharing{
|
||||||
|
ID: 1,
|
||||||
|
}
|
||||||
|
err := share.ReadOne(s, doer)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotEmpty(t, share.Hash)
|
||||||
|
assert.Equal(t, SharingTypeWithoutPassword, share.SharingType)
|
||||||
|
})
|
||||||
|
t.Run("with password", func(t *testing.T) {
|
||||||
|
db.LoadAndAssertFixtures(t)
|
||||||
|
s := db.NewSession()
|
||||||
|
defer s.Close()
|
||||||
|
|
||||||
|
share := &LinkSharing{
|
||||||
|
ID: 4,
|
||||||
|
}
|
||||||
|
err := share.ReadOne(s, doer)
|
||||||
|
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.NotEmpty(t, share.Hash)
|
||||||
|
assert.Equal(t, SharingTypeWithPassword, share.SharingType)
|
||||||
|
assert.Empty(t, share.Password)
|
||||||
|
})
|
||||||
|
}
|
|
@ -34,39 +34,53 @@ type LinkShareToken struct {
|
||||||
ListID int64 `json:"list_id"`
|
ListID int64 `json:"list_id"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LinkShareAuth represents everything required to authenticate a link share
|
||||||
|
type LinkShareAuth struct {
|
||||||
|
Hash string `param:"share" json:"-"`
|
||||||
|
Password string `json:"password"`
|
||||||
|
}
|
||||||
|
|
||||||
// AuthenticateLinkShare gives a jwt auth token for valid share hashes
|
// AuthenticateLinkShare gives a jwt auth token for valid share hashes
|
||||||
// @Summary Get an auth token for a share
|
// @Summary Get an auth token for a share
|
||||||
// @Description Get a jwt auth token for a shared list from a share hash.
|
// @Description Get a jwt auth token for a shared list from a share hash.
|
||||||
// @tags sharing
|
// @tags sharing
|
||||||
// @Accept json
|
// @Accept json
|
||||||
// @Produce json
|
// @Produce json
|
||||||
|
// @Param password body v1.LinkShareAuth true "The password for link shares which require one."
|
||||||
// @Param share path string true "The share hash"
|
// @Param share path string true "The share hash"
|
||||||
// @Success 200 {object} auth.Token "The valid jwt auth token."
|
// @Success 200 {object} auth.Token "The valid jwt auth token."
|
||||||
// @Failure 400 {object} web.HTTPError "Invalid link share object provided."
|
// @Failure 400 {object} web.HTTPError "Invalid link share object provided."
|
||||||
// @Failure 500 {object} models.Message "Internal error"
|
// @Failure 500 {object} models.Message "Internal error"
|
||||||
// @Router /shares/{share}/auth [post]
|
// @Router /shares/{share}/auth [post]
|
||||||
func AuthenticateLinkShare(c echo.Context) error {
|
func AuthenticateLinkShare(c echo.Context) error {
|
||||||
hash := c.Param("share")
|
sh := &LinkShareAuth{}
|
||||||
|
err := c.Bind(sh)
|
||||||
|
if err != nil {
|
||||||
|
return handler.HandleHTTPError(err, c)
|
||||||
|
}
|
||||||
|
|
||||||
s := db.NewSession()
|
s := db.NewSession()
|
||||||
defer s.Close()
|
defer s.Close()
|
||||||
|
|
||||||
share, err := models.GetLinkShareByHash(s, hash)
|
share, err := models.GetLinkShareByHash(s, sh.Hash)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = s.Rollback()
|
|
||||||
return handler.HandleHTTPError(err, c)
|
return handler.HandleHTTPError(err, c)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := s.Commit(); err != nil {
|
if share.SharingType == models.SharingTypeWithPassword {
|
||||||
_ = s.Rollback()
|
err := models.VerifyLinkSharePassword(share, sh.Password)
|
||||||
|
if err != nil {
|
||||||
return handler.HandleHTTPError(err, c)
|
return handler.HandleHTTPError(err, c)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
t, err := auth.NewLinkShareJWTAuthtoken(share)
|
t, err := auth.NewLinkShareJWTAuthtoken(share)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return handler.HandleHTTPError(err, c)
|
return handler.HandleHTTPError(err, c)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
share.Password = ""
|
||||||
|
|
||||||
return c.JSON(http.StatusOK, LinkShareToken{
|
return c.JSON(http.StatusOK, LinkShareToken{
|
||||||
Token: auth.Token{Token: t},
|
Token: auth.Token{Token: t},
|
||||||
LinkSharing: share,
|
LinkSharing: share,
|
||||||
|
|
|
@ -4141,6 +4141,15 @@ var doc = `{
|
||||||
],
|
],
|
||||||
"summary": "Get an auth token for a share",
|
"summary": "Get an auth token for a share",
|
||||||
"parameters": [
|
"parameters": [
|
||||||
|
{
|
||||||
|
"description": "The password for link shares which require one.",
|
||||||
|
"name": "password",
|
||||||
|
"in": "body",
|
||||||
|
"required": true,
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/v1.LinkShareAuth"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "The share hash",
|
"description": "The share hash",
|
||||||
|
@ -7493,6 +7502,10 @@ var doc = `{
|
||||||
"description": "The name of this link share. All actions someone takes while being authenticated with that link will appear with that name.",
|
"description": "The name of this link share. All actions someone takes while being authenticated with that link will appear with that name.",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
"password": {
|
||||||
|
"description": "The password of this link share. You can only set it, not retrieve it after the link share has been created.",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
"right": {
|
"right": {
|
||||||
"description": "The right this list is shared with. 0 = Read only, 1 = Read \u0026 Write, 2 = Admin. See the docs for more details.",
|
"description": "The right this list is shared with. 0 = Read only, 1 = Read \u0026 Write, 2 = Admin. See the docs for more details.",
|
||||||
"type": "integer",
|
"type": "integer",
|
||||||
|
@ -7504,7 +7517,7 @@ var doc = `{
|
||||||
"$ref": "#/definitions/user.User"
|
"$ref": "#/definitions/user.User"
|
||||||
},
|
},
|
||||||
"sharing_type": {
|
"sharing_type": {
|
||||||
"description": "The kind of this link. 0 = undefined, 1 = without password, 2 = with password (currently not implemented).",
|
"description": "The kind of this link. 0 = undefined, 1 = without password, 2 = with password.",
|
||||||
"type": "integer",
|
"type": "integer",
|
||||||
"default": 0,
|
"default": 0,
|
||||||
"maximum": 2
|
"maximum": 2
|
||||||
|
@ -8511,6 +8524,14 @@ var doc = `{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"v1.LinkShareAuth": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"password": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"v1.UserAvatarProvider": {
|
"v1.UserAvatarProvider": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|
|
@ -4124,6 +4124,15 @@
|
||||||
],
|
],
|
||||||
"summary": "Get an auth token for a share",
|
"summary": "Get an auth token for a share",
|
||||||
"parameters": [
|
"parameters": [
|
||||||
|
{
|
||||||
|
"description": "The password for link shares which require one.",
|
||||||
|
"name": "password",
|
||||||
|
"in": "body",
|
||||||
|
"required": true,
|
||||||
|
"schema": {
|
||||||
|
"$ref": "#/definitions/v1.LinkShareAuth"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"description": "The share hash",
|
"description": "The share hash",
|
||||||
|
@ -7476,6 +7485,10 @@
|
||||||
"description": "The name of this link share. All actions someone takes while being authenticated with that link will appear with that name.",
|
"description": "The name of this link share. All actions someone takes while being authenticated with that link will appear with that name.",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
"password": {
|
||||||
|
"description": "The password of this link share. You can only set it, not retrieve it after the link share has been created.",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
"right": {
|
"right": {
|
||||||
"description": "The right this list is shared with. 0 = Read only, 1 = Read \u0026 Write, 2 = Admin. See the docs for more details.",
|
"description": "The right this list is shared with. 0 = Read only, 1 = Read \u0026 Write, 2 = Admin. See the docs for more details.",
|
||||||
"type": "integer",
|
"type": "integer",
|
||||||
|
@ -7487,7 +7500,7 @@
|
||||||
"$ref": "#/definitions/user.User"
|
"$ref": "#/definitions/user.User"
|
||||||
},
|
},
|
||||||
"sharing_type": {
|
"sharing_type": {
|
||||||
"description": "The kind of this link. 0 = undefined, 1 = without password, 2 = with password (currently not implemented).",
|
"description": "The kind of this link. 0 = undefined, 1 = without password, 2 = with password.",
|
||||||
"type": "integer",
|
"type": "integer",
|
||||||
"default": 0,
|
"default": 0,
|
||||||
"maximum": 2
|
"maximum": 2
|
||||||
|
@ -8494,6 +8507,14 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"v1.LinkShareAuth": {
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"password": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"v1.UserAvatarProvider": {
|
"v1.UserAvatarProvider": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|
|
@ -313,6 +313,9 @@ definitions:
|
||||||
name:
|
name:
|
||||||
description: The name of this link share. All actions someone takes while being authenticated with that link will appear with that name.
|
description: The name of this link share. All actions someone takes while being authenticated with that link will appear with that name.
|
||||||
type: string
|
type: string
|
||||||
|
password:
|
||||||
|
description: The password of this link share. You can only set it, not retrieve it after the link share has been created.
|
||||||
|
type: string
|
||||||
right:
|
right:
|
||||||
default: 0
|
default: 0
|
||||||
description: The right this list is shared with. 0 = Read only, 1 = Read & Write, 2 = Admin. See the docs for more details.
|
description: The right this list is shared with. 0 = Read only, 1 = Read & Write, 2 = Admin. See the docs for more details.
|
||||||
|
@ -323,7 +326,7 @@ definitions:
|
||||||
description: The user who shared this list
|
description: The user who shared this list
|
||||||
sharing_type:
|
sharing_type:
|
||||||
default: 0
|
default: 0
|
||||||
description: The kind of this link. 0 = undefined, 1 = without password, 2 = with password (currently not implemented).
|
description: The kind of this link. 0 = undefined, 1 = without password, 2 = with password.
|
||||||
maximum: 2
|
maximum: 2
|
||||||
type: integer
|
type: integer
|
||||||
updated:
|
updated:
|
||||||
|
@ -1064,6 +1067,11 @@ definitions:
|
||||||
minLength: 1
|
minLength: 1
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
|
v1.LinkShareAuth:
|
||||||
|
properties:
|
||||||
|
password:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
v1.UserAvatarProvider:
|
v1.UserAvatarProvider:
|
||||||
properties:
|
properties:
|
||||||
avatar_provider:
|
avatar_provider:
|
||||||
|
@ -3850,6 +3858,12 @@ paths:
|
||||||
- application/json
|
- application/json
|
||||||
description: Get a jwt auth token for a shared list from a share hash.
|
description: Get a jwt auth token for a shared list from a share hash.
|
||||||
parameters:
|
parameters:
|
||||||
|
- description: The password for link shares which require one.
|
||||||
|
in: body
|
||||||
|
name: password
|
||||||
|
required: true
|
||||||
|
schema:
|
||||||
|
$ref: '#/definitions/v1.LinkShareAuth'
|
||||||
- description: The share hash
|
- description: The share hash
|
||||||
in: path
|
in: path
|
||||||
name: share
|
name: share
|
||||||
|
|
|
@ -400,7 +400,7 @@ func UpdateUserPassword(s *xorm.Session, user *User, newPassword string) (err er
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hash the new password and set it
|
// Hash the new password and set it
|
||||||
hashed, err := hashPassword(newPassword)
|
hashed, err := HashPassword(newPassword)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,7 +48,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
|
||||||
|
|
||||||
if user.Issuer == issuerLocal {
|
if user.Issuer == issuerLocal {
|
||||||
// Hash the password
|
// Hash the password
|
||||||
user.Password, err = hashPassword(user.Password)
|
user.Password, err = HashPassword(user.Password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -98,7 +98,7 @@ func CreateUser(s *xorm.Session, user *User) (newUser *User, err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// HashPassword hashes a password
|
// HashPassword hashes a password
|
||||||
func hashPassword(password string) (string, error) {
|
func HashPassword(password string) (string, error) {
|
||||||
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 11)
|
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 11)
|
||||||
return string(bytes), err
|
return string(bytes), err
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,7 +57,7 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (err error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hash the password
|
// Hash the password
|
||||||
user.Password, err = hashPassword(reset.NewPassword)
|
user.Password, err = HashPassword(reset.NewPassword)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue