Fixed bug when trying to auth with empty username and empty password
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
30dad5851a
commit
16c57cc424
|
@ -81,8 +81,8 @@ func (d Db) AccountDel(accountID string) error {
|
|||
}
|
||||
|
||||
// AccountGet fetches an account from the database
|
||||
func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, error) {
|
||||
d.Log.Debug("Trying to get account", "accountID", accountID, "len(APIKey)", len(APIKey))
|
||||
func (d Db) AccountGet(accountID string, APIKey string, name string) (Account, error) {
|
||||
d.Log.Debug("Trying to get account", "accountID", accountID, "len(APIKey)", len(APIKey), "name", name)
|
||||
|
||||
var account Account
|
||||
var searchParam string
|
||||
|
@ -93,9 +93,13 @@ func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, e
|
|||
} else if APIKey != "" {
|
||||
accountSQL = accountSQL + "\"apiKey\" = $1"
|
||||
searchParam = APIKey
|
||||
} else if Name != "" {
|
||||
} else if name != "" {
|
||||
accountSQL = accountSQL + "name = $1"
|
||||
searchParam = Name
|
||||
searchParam = name
|
||||
} else {
|
||||
d.Log.Debug("No get criteria entered, returning empty response without calling the database")
|
||||
|
||||
return Account{}, errors.New("no rows in result set")
|
||||
}
|
||||
|
||||
accountErr := d.DbPool.QueryRow(context.Background(), accountSQL, searchParam).Scan(&account.ID, &account.Created, &account.Name, &account.Password)
|
||||
|
|
|
@ -140,6 +140,21 @@ test('test-cases/01basic.js: Auth by wrong username', async t => {
|
|||
}
|
||||
});
|
||||
|
||||
test('test-cases/01basic.js: Auth by empty username and empty password', async t => {
|
||||
try {
|
||||
await got.post(`${process.env.AUTH_URL}/auth/password`, {
|
||||
json: {
|
||||
name: '',
|
||||
password: '',
|
||||
},
|
||||
responseType: 'json',
|
||||
});
|
||||
t.fail('Trying to login with wrong username should fail with a 403');
|
||||
} catch(err) {
|
||||
t.equal(err.message, 'Response code 403 (Forbidden)', 'Trying to login with wrong username should fail with a 403');
|
||||
}
|
||||
});
|
||||
|
||||
test('test-cases/01basic.js: PUT /account/{id}/fields', async t => {
|
||||
const res = await got.put(`${process.env.AUTH_URL}/account/${user.id}/fields`, {
|
||||
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
||||
|
|
Loading…
Reference in New Issue
Block a user