fix: missed update user's password

2023-08-07 18:51:54 +08:00 · 2023-08-07 18:51:54 +08:00 · a797494aa3
parent 353dd7f796
commit a797494aa3
3 changed files with 9 additions and 3 deletions
--- a/internal/model/user.go
+++ b/internal/model/user.go
@ -22,7 +22,7 @@ type User struct {
 	Username string `json:"username" gorm:"unique" binding:"required"` // username
 	PwdHash  string `json:"-"`                                         // password hash
 	Salt     string // unique salt
-	Password string `json:"-"`         // Deprecated password
+	Password string `json:"password"`  // password
 	BasePath string `json:"base_path"` // base path
 	Role     int    `json:"role"`      // user's role
 	Disabled bool   `json:"disabled"`
--- a/server/handles/auth.go
+++ b/server/handles/auth.go
@ -115,7 +115,7 @@ func UpdateCurrent(c *gin.Context) {
 	user := c.MustGet("user").(*model.User)
 	user.Username = req.Username
 	if req.Password != "" {
-		user.Password = req.Password
+		user.SetPassword(req.Password)
 	}
 	user.SsoID = req.SsoID
 	if err := op.UpdateUser(user); err != nil {
--- a/server/handles/user.go
+++ b/server/handles/user.go
@ -39,6 +39,8 @@ func CreateUser(c *gin.Context) {
 		common.ErrorStrResp(c, "admin or guest user can not be created", 400, true)
 		return
 	}
+	req.SetPassword(req.Password)
+	req.Password = ""
 	if err := op.CreateUser(&req); err != nil {
 		common.ErrorResp(c, err, 500, true)
 	} else {
@ -62,7 +64,11 @@ func UpdateUser(c *gin.Context) {
 		return
 	}
 	if req.Password == "" {
-		req.Password = user.Password
+		req.PwdHash = user.PwdHash
+		req.Salt = user.Salt
+	} else {
+		req.SetPassword(req.Password)
+		req.Password = ""
 	}
 	if req.OtpSecret == "" {
 		req.OtpSecret = user.OtpSecret