Fixed bug when trying to auth with empty username and empty password
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
30dad5851a
commit
16c57cc424
|
@ -81,8 +81,8 @@ func (d Db) AccountDel(accountID string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// AccountGet fetches an account from the database
|
// AccountGet fetches an account from the database
|
||||||
func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, error) {
|
func (d Db) AccountGet(accountID string, APIKey string, name string) (Account, error) {
|
||||||
d.Log.Debug("Trying to get account", "accountID", accountID, "len(APIKey)", len(APIKey))
|
d.Log.Debug("Trying to get account", "accountID", accountID, "len(APIKey)", len(APIKey), "name", name)
|
||||||
|
|
||||||
var account Account
|
var account Account
|
||||||
var searchParam string
|
var searchParam string
|
||||||
|
@ -93,9 +93,13 @@ func (d Db) AccountGet(accountID string, APIKey string, Name string) (Account, e
|
||||||
} else if APIKey != "" {
|
} else if APIKey != "" {
|
||||||
accountSQL = accountSQL + "\"apiKey\" = $1"
|
accountSQL = accountSQL + "\"apiKey\" = $1"
|
||||||
searchParam = APIKey
|
searchParam = APIKey
|
||||||
} else if Name != "" {
|
} else if name != "" {
|
||||||
accountSQL = accountSQL + "name = $1"
|
accountSQL = accountSQL + "name = $1"
|
||||||
searchParam = Name
|
searchParam = name
|
||||||
|
} else {
|
||||||
|
d.Log.Debug("No get criteria entered, returning empty response without calling the database")
|
||||||
|
|
||||||
|
return Account{}, errors.New("no rows in result set")
|
||||||
}
|
}
|
||||||
|
|
||||||
accountErr := d.DbPool.QueryRow(context.Background(), accountSQL, searchParam).Scan(&account.ID, &account.Created, &account.Name, &account.Password)
|
accountErr := d.DbPool.QueryRow(context.Background(), accountSQL, searchParam).Scan(&account.ID, &account.Created, &account.Name, &account.Password)
|
||||||
|
|
|
@ -140,6 +140,21 @@ test('test-cases/01basic.js: Auth by wrong username', async t => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
test('test-cases/01basic.js: Auth by empty username and empty password', async t => {
|
||||||
|
try {
|
||||||
|
await got.post(`${process.env.AUTH_URL}/auth/password`, {
|
||||||
|
json: {
|
||||||
|
name: '',
|
||||||
|
password: '',
|
||||||
|
},
|
||||||
|
responseType: 'json',
|
||||||
|
});
|
||||||
|
t.fail('Trying to login with wrong username should fail with a 403');
|
||||||
|
} catch(err) {
|
||||||
|
t.equal(err.message, 'Response code 403 (Forbidden)', 'Trying to login with wrong username should fail with a 403');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
test('test-cases/01basic.js: PUT /account/{id}/fields', async t => {
|
test('test-cases/01basic.js: PUT /account/{id}/fields', async t => {
|
||||||
const res = await got.put(`${process.env.AUTH_URL}/account/${user.id}/fields`, {
|
const res = await got.put(`${process.env.AUTH_URL}/account/${user.id}/fields`, {
|
||||||
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
headers: { 'Authorization': `bearer ${adminJWTString}`},
|
||||||
|
|
Loading…
Reference in New Issue
Block a user