fix: missed update user's password

internal/model/user.go

@@ -22,7 +22,7 @@ type User struct {
 	Username string `json:"username" gorm:"unique" binding:"required"` // username
 	PwdHash  string `json:"-"`                                         // password hash
 	Salt     string // unique salt
-	Password string `json:"-"`         // Deprecated password
+	Password string `json:"password"`  // password
 	BasePath string `json:"base_path"` // base path
 	Role     int    `json:"role"`      // user's role
 	Disabled bool   `json:"disabled"`

server/handles/auth.go

@@ -115,7 +115,7 @@ func UpdateCurrent(c *gin.Context) {
 	user := c.MustGet("user").(*model.User)
 	user.Username = req.Username
 	if req.Password != "" {
-		user.Password = req.Password
+		user.SetPassword(req.Password)
 	}
 	user.SsoID = req.SsoID
 	if err := op.UpdateUser(user); err != nil {

server/handles/user.go

@@ -39,6 +39,8 @@ func CreateUser(c *gin.Context) {
 		common.ErrorStrResp(c, "admin or guest user can not be created", 400, true)
 		return
 	}
+	req.SetPassword(req.Password)
+	req.Password = ""
 	if err := op.CreateUser(&req); err != nil {
 		common.ErrorResp(c, err, 500, true)
 	} else {
@@ -62,7 +64,11 @@ func UpdateUser(c *gin.Context) {
 		return
 	}
 	if req.Password == "" {
-		req.Password = user.Password
+		req.PwdHash = user.PwdHash
+		req.Salt = user.Salt
+	} else {
+		req.SetPassword(req.Password)
+		req.Password = ""
 	}
 	if req.OtpSecret == "" {
 		req.OtpSecret = user.OtpSecret