Fixed bug when trying to auth with empty username and empty password
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Lilleman auf Larv 2022-04-26 13:42:59 +02:00
parent 30dad5851a
commit 16c57cc424
2 changed files with 23 additions and 4 deletions

View File

@ -81,8 +81,8 @@ func (d Db) AccountDel(accountID string) error {
}
// AccountGet fetches an account from the database
func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, error) {
d.Log.Debug("Trying to get account", "accountID", accountID, "len(APIKey)", len(APIKey))
func (d Db) AccountGet(accountID string, APIKey string, name string) (Account, error) {
d.Log.Debug("Trying to get account", "accountID", accountID, "len(APIKey)", len(APIKey), "name", name)
var account Account
var searchParam string
@ -93,9 +93,13 @@ func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, e
} else if APIKey != "" {
accountSQL = accountSQL + "\"apiKey\" = $1"
searchParam = APIKey
} else if Name != "" {
} else if name != "" {
accountSQL = accountSQL + "name = $1"
searchParam = Name
searchParam = name
} else {
d.Log.Debug("No get criteria entered, returning empty response without calling the database")
return Account{}, errors.New("no rows in result set")
}
accountErr := d.DbPool.QueryRow(context.Background(), accountSQL, searchParam).Scan(&account.ID, &account.Created, &account.Name, &account.Password)

View File

@ -140,6 +140,21 @@ test('test-cases/01basic.js: Auth by wrong username', async t => {
}
});
test('test-cases/01basic.js: Auth by empty username and empty password', async t => {
try {
await got.post(`${process.env.AUTH_URL}/auth/password`, {
json: {
name: '',
password: '',
},
responseType: 'json',
});
t.fail('Trying to login with wrong username should fail with a 403');
} catch(err) {
t.equal(err.message, 'Response code 403 (Forbidden)', 'Trying to login with wrong username should fail with a 403');
}
});
test('test-cases/01basic.js: PUT /account/{id}/fields', async t => {
const res = await got.put(`${process.env.AUTH_URL}/account/${user.id}/fields`, {
headers: { 'Authorization': `bearer ${adminJWTString}`},