nathan/smt
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases 2 Wiki Activity

fix logging of password on Login
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Nathan Coad
2023-04-04 12:20:48 +10:00
parent 61f2813802
commit 45ceae73c4
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@@ -77,9 +77,18 @@ Data
"Password": ""
}
```
This API call will return a JWT token that must be present for any other API calls to succeed. The validity duration of this token is based on the configured TOKEN_HOUR_LIFESPAN value. JWT token is returned as value of `access_token`.
#### List Roles
GET `/api/admin/roles`
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined roles.
#### List Users
GET `/api/admin/users`
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
### Secrets Operations
#### Store
@@ -129,4 +138,9 @@ Data
}
```
Users with ReadOnly role will receive Forbidden error when calling this API endpoint. The values specified in deviceName and deviceCategory must match exactly one existing secret record for the RoleId of the currently logged in user. Wildcards are supported for deviceName and deviceCategory.
Users with ReadOnly role will receive Forbidden error when calling this API endpoint. The values specified in deviceName and deviceCategory must match exactly one existing secret record for the RoleId of the currently logged in user. Wildcards are supported for deviceName and deviceCategory.
#### List
GET `/api/secret/list`
Not yet implemented. Will generate a list of device names and categories but not username or secret data.

4
controllers/auth.go
View File

@@ -96,13 +96,15 @@ func Login(c *gin.Context) {
u.UserName = input.Username
u.Password = input.Password
log.Printf("Login checking username '%s' and password '%s'\n", u.UserName, u.Password)
log.Printf("Login checking username '%s' and password length '%d'\n", u.UserName, len(u.Password))
token, err := models.LoginCheck(u.UserName, u.Password)
if err != nil {
c.JSON(http.StatusBadRequest, gin.H{"error": "username or password is incorrect."})
return
} else {
log.Printf("Login verified, returning token '%s'\n", token)
}
c.JSON(http.StatusOK, gin.H{"access_token": token})