ami/tl-vikunja
1
0
Fork 0
Code Activity

feat: don't require a password for data export from users authenticated with third-party auth

Browse Source
This commit is contained in:
kolaente
2021-10-31 12:37:08 +01:00
parent cc612d505f
commit 9eca971c93
2 changed files with 23 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
pkg/routes/api/v1/user_export.go
View File

@ -30,16 +30,6 @@ import (
)
func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err error) {
var pass UserPasswordConfirmation
if err := c.Bind(&pass); err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(pass)
if err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err)
}
s = db.NewSession()
defer s.Close()
@ -54,6 +44,21 @@ func checkExportRequest(c echo.Context) (s *xorm.Session, u *user.User, err erro
return nil, nil, handler.HandleHTTPError(err, c)
}
// Users authenticated with a third-party are unable to provide their password.
if u.Issuer != user.IssuerLocal {
return
}
var pass UserPasswordConfirmation
if err := c.Bind(&pass); err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
}
err = c.Validate(pass)
if err != nil {
return nil, nil, echo.NewHTTPError(http.StatusBadRequest, err)
}
err = user.CheckUserPassword(u, pass.Password)
if err != nil {
_ = s.Rollback()