[Bug] Creating a username does not work properly for non-admin

Question

[Bug] Creating a username does not work properly for non-admin

pslosarz opened this issue a year ago · 0 comments

When creating a new user without admin role, information about the password is lost, making it impossible to login.

scanario:
Create a new user by api without admin role.

/api/user/save
{
    "type": "internal",
    "admin": false,
    "name": "Jon Doe",
    "loginName": "test",
    "password": "xxx",
    "passwordConfirm": "xxx",
    "email": "xxx@gmail.com",
    "roles": [
        "rolaxxx"
    ]
}

try logging in with your new credentials

api/user/sign-in
{"name":"test","password":"xxx"}

the response will be:

security: invalid principal or credential(1001)

[FIX] This is a fix for this case. The principle is the same as for creating a new admin account.
api/user.go:73

return func(c web.Context) error {
		args := &struct {
			Password string `json:"password"`
			*dao.User
		}{}
		err := c.Bind(args, true)
		if err == nil {
			ctx, cancel := misc.Context(defaultTimeout)
			defer cancel()

			user := args.User
			if user.ID == "" {
				user.Password = args.Password
				_, err = b.Create(ctx, user, c.User())
			} else {
				err = b.Update(ctx, user, c.User())
			}
		}
		return ajax(c, err)
}