mirror of
https://github.com/harness/drone.git
synced 2025-05-05 06:10:55 +08:00
4668e94027
This change adds the initial stepping stones for harness integration: - Authentication: JWT/PAT/SAT support - Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet) - Remote Clients for Token, User, ServiceAccount, ACL - User Integration: Syncs harness users during authentication if unknown - SA integration: syncs harness service accounts during authentication if unknown - Initial harness API: THIS WILL BE CHANGED IN THE FUTURE! - single harness subpackage (all marked with harness build flag) - harness & standalone wire + make build commands
101 lines
2.4 KiB
Go
101 lines
2.4 KiB
Go
// Copyright 2021 Harness Inc. All rights reserved.
|
|
// Use of this source code is governed by the Polyform Free Trial License
|
|
// that can be found in the LICENSE.md file for this repository.
|
|
|
|
package users
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/gotidy/ptr"
|
|
"github.com/harness/gitness/internal/api/render"
|
|
"github.com/harness/gitness/internal/api/request"
|
|
"github.com/harness/gitness/internal/store"
|
|
"github.com/harness/gitness/types"
|
|
"github.com/harness/gitness/types/check"
|
|
"github.com/rs/zerolog/hlog"
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// GenerateFromPassword returns the bcrypt hash of the
|
|
// password at the given cost.
|
|
var hashPassword = bcrypt.GenerateFromPassword
|
|
|
|
// HandleUpdate returns a http.HandlerFunc that processes an http.Request
|
|
// to update a user account.
|
|
func HandleUpdate(userStore store.UserStore) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
log := hlog.FromRequest(r)
|
|
user, _ := request.UserFrom(ctx)
|
|
|
|
in := new(types.UserInput)
|
|
if err := json.NewDecoder(r.Body).Decode(in); err != nil {
|
|
render.BadRequestf(w, "Invalid request body: %s.", err)
|
|
return
|
|
}
|
|
|
|
if in.Password != nil {
|
|
var hash []byte
|
|
hash, err := hashPassword([]byte(ptr.ToString(in.Password)), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
log.Err(err).
|
|
Str("user_uid", user.UID).
|
|
Msg("Failed to hash password")
|
|
|
|
render.InternalError(w)
|
|
return
|
|
}
|
|
user.Password = string(hash)
|
|
}
|
|
|
|
if in.Name != nil {
|
|
user.Name = ptr.ToString(in.Name)
|
|
}
|
|
|
|
if in.Admin != nil {
|
|
user.Admin = ptr.ToBool(in.Admin)
|
|
}
|
|
|
|
// TODO: why are we overwriting the password twice?
|
|
if in.Password != nil {
|
|
var hash []byte
|
|
hash, err := bcrypt.GenerateFromPassword([]byte(ptr.ToString(in.Password)), bcrypt.DefaultCost)
|
|
if err != nil {
|
|
log.Err(err).
|
|
Str("user_uid", user.UID).
|
|
Msg("Failed to hash password")
|
|
|
|
render.InternalError(w)
|
|
return
|
|
}
|
|
user.Password = string(hash)
|
|
}
|
|
if err := check.User(user); err != nil {
|
|
log.Debug().Err(err).
|
|
Str("user_uid", user.UID).
|
|
Msg("invalid user input")
|
|
|
|
render.UserfiedErrorOrInternal(w, err)
|
|
return
|
|
}
|
|
|
|
user.Updated = time.Now().UnixMilli()
|
|
|
|
err := userStore.Update(ctx, user)
|
|
if err != nil {
|
|
log.Err(err).
|
|
Str("user_uid", user.UID).
|
|
Msg("Failed to update the usser")
|
|
|
|
render.UserfiedErrorOrInternal(w, err)
|
|
return
|
|
}
|
|
|
|
render.JSON(w, http.StatusOK, user)
|
|
}
|
|
}
|