improve input checking when retrieving secret
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -49,6 +49,14 @@ func RetrieveSecret(c *gin.Context) {
|
||||
s.SecretId = input.SecretId
|
||||
}
|
||||
|
||||
if input.DeviceName == "" && input.DeviceCategory == "" && input.UserName == "" && input.SecretId == 0 {
|
||||
errString := "no values provided to select secret"
|
||||
log.Printf("RetrieveSecret %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
retrieveSpecifiedSecret(&s, c)
|
||||
}
|
||||
|
||||
@@ -56,7 +64,9 @@ func RetrieveSecretByDevicename(c *gin.Context) {
|
||||
DeviceName := c.Param("devicename")
|
||||
|
||||
if DeviceName == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "no devicename value specified"})
|
||||
errString := "no devicename value specified"
|
||||
log.Printf("RetrieveSecretByDevicename %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
@@ -71,7 +81,9 @@ func RetrieveSecretByDevicecategory(c *gin.Context) {
|
||||
DeviceCategory := c.Param("devicecategory")
|
||||
|
||||
if DeviceCategory == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "no devicecategory value specified"})
|
||||
errString := "no devicecategory value specified"
|
||||
log.Printf("RetrieveSecretByDevicecategory %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
@@ -85,7 +97,9 @@ func RetrieveSecretByUsername(c *gin.Context) {
|
||||
userName := c.Param("username")
|
||||
|
||||
if userName == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "no username value specified"})
|
||||
errString := "no username value specified"
|
||||
log.Printf("RetrieveSecretByUsername %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
@@ -101,7 +115,9 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
|
||||
// Get userId that we stored in the context earlier
|
||||
if val, ok := c.Get("user-id"); !ok {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user"})
|
||||
errString := "error determining user"
|
||||
log.Printf("retrieveSpecifiedSecret %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
} else {
|
||||
UserId = val.(int)
|
||||
@@ -111,7 +127,9 @@ func retrieveSpecifiedSecret(s *models.Secret, c *gin.Context) {
|
||||
safeList, err := models.UserGetSafesAllowed(int(UserId))
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "error determining user safes"})
|
||||
errString := "error determining user safes"
|
||||
log.Printf("retrieveSpecifiedSecret %s\n", errString)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": errString})
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user