GitHub-Proxy/signoz
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/SigNoz/signoz synced 2025-08-20 05:19:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: send 403 on wrong password entry during change password operation (#4733)

Browse Source
This commit is contained in:
Vibhu Pandey 2024-03-26 06:20:35 +05:30 committed by GitHub
parent f24135f5b0
commit 994814864c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/query-service/app/http_handler.go
View File

@ -2363,10 +2363,9 @@ func (aH *APIHandler) changePassword(w http.ResponseWriter, r *http.Request) {
return
}
if err := auth.ChangePassword(context.Background(), req); err != nil {
if aH.HandleError(w, err, http.StatusInternalServerError) {
return
}
if apiErr := auth.ChangePassword(context.Background(), req); apiErr != nil {
RespondError(w, apiErr, nil)
return
}
aH.WriteJSON(w, r, map[string]string{"data": "password changed successfully"})

11
pkg/query-service/auth/auth.go
View File

@ -234,24 +234,23 @@ func ResetPassword(ctx context.Context, req *model.ResetPasswordRequest) error {
return nil
}
func ChangePassword(ctx context.Context, req *model.ChangePasswordRequest) error {
func ChangePassword(ctx context.Context, req *model.ChangePasswordRequest) *model.ApiError {
user, apiErr := dao.DB().GetUser(ctx, req.UserId)
if apiErr != nil {
return errors.Wrap(apiErr.Err, "failed to query user from the DB")
return apiErr
}
if user == nil || !passwordMatch(user.Password, req.OldPassword) {
return ErrorInvalidCreds
return model.ForbiddenError(ErrorInvalidCreds)
}
hash, err := PasswordHash(req.NewPassword)
if err != nil {
return errors.Wrap(err, "Failed to generate password hash")
return model.InternalError(errors.New("Failed to generate password hash"))
}
if apiErr := dao.DB().UpdateUserPassword(ctx, hash, user.Id); apiErr != nil {
return apiErr.Err
return apiErr
}
return nil

7
pkg/query-service/model/response.go
View File

@ -112,6 +112,13 @@ func UnavailableError(err error) *ApiError {
}
}
func ForbiddenError(err error) *ApiError {
return &ApiError{
Typ: ErrorForbidden,
Err: err,
}
}
func WrapApiError(err *ApiError, msg string) *ApiError {
return &ApiError{
Typ: err.Type(),