fix(api): check if admin user already exists when calling the /users/admin/init endpoint (#494)

2017-01-12 18:17:28 +13:00 · 2017-01-12 18:17:28 +13:00 · 27e584fc14
parent 2bdc9322de
commit 27e584fc14
2 changed files with 22 additions and 11 deletions
--- a/api/errors.go
+++ b/api/errors.go
@ -7,7 +7,8 @@ const (
 // User errors.
 const (
-	ErrUserNotFound = Error("User not found")
+	ErrUserNotFound            = Error("User not found")
 	ErrAdminAlreadyInitialized = Error("Admin user already initialized")
 )
 // Endpoint errors.
--- a/api/http/user_handler.go
+++ b/api/http/user_handler.go
@ -227,18 +227,28 @@ func (handler *UserHandler) handlePostAdminInit(w http.ResponseWriter, r *http.R
 		return
 	}
-	user := &portainer.User{
+	user, err := handler.UserService.User("admin")
-		Username: "admin",
+	if err == portainer.ErrUserNotFound {
-	}
+		user := &portainer.User{
-	user.Password, err = handler.CryptoService.Hash(req.Password)
+			Username: "admin",
-	if err != nil {
+		}
-		Error(w, portainer.ErrCryptoHashFailure, http.StatusBadRequest, handler.Logger)
+		user.Password, err = handler.CryptoService.Hash(req.Password)
 		if err != nil {
 			Error(w, portainer.ErrCryptoHashFailure, http.StatusBadRequest, handler.Logger)
 			return
 		}
 		err = handler.UserService.UpdateUser(user)
 		if err != nil {
 			Error(w, err, http.StatusInternalServerError, handler.Logger)
 			return
 		}
 	} else if err != nil {
 		Error(w, err, http.StatusInternalServerError, handler.Logger)
 		return
 	}
-
+	if user != nil {
-	err = handler.UserService.UpdateUser(user)
+		Error(w, portainer.ErrAdminAlreadyInitialized, http.StatusForbidden, handler.Logger)
 	if err != nil {
 		Error(w, err, http.StatusInternalServerError, handler.Logger)
 		return
 	}
 }