[Bug] Creating a username does not work properly for non-admin
pslosarz opened this issue · 0 comments
pslosarz commented
When creating a new user without admin role, information about the password is lost, making it impossible to login.
scanario:
Create a new user by api without admin role.
/api/user/save
{
"type": "internal",
"admin": false,
"name": "Jon Doe",
"loginName": "test",
"password": "xxx",
"passwordConfirm": "xxx",
"email": "xxx@gmail.com",
"roles": [
"rolaxxx"
]
}
try logging in with your new credentials
api/user/sign-in
{"name":"test","password":"xxx"}
the response will be:
security: invalid principal or credential(1001)
[FIX] This is a fix for this case. The principle is the same as for creating a new admin account.
api/user.go:73
return func(c web.Context) error {
args := &struct {
Password string `json:"password"`
*dao.User
}{}
err := c.Bind(args, true)
if err == nil {
ctx, cancel := misc.Context(defaultTimeout)
defer cancel()
user := args.User
if user.ID == "" {
user.Password = args.Password
_, err = b.Create(ctx, user, c.User())
} else {
err = b.Update(ctx, user, c.User())
}
}
return ajax(c, err)
}