add delete user endpoint
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
12
README.md
12
README.md
@@ -111,6 +111,18 @@ GET `/api/admin/users`
|
||||
|
||||
This operation can only be performed by a user with a role that is admin enabled. Lists currently defined users.
|
||||
|
||||
#### Remove Users
|
||||
POST `/api/admin/user/delete`
|
||||
|
||||
Data
|
||||
```
|
||||
{
|
||||
"userName": ""
|
||||
}
|
||||
```
|
||||
|
||||
This operation can only be performed by a user with a role that is admin enabled. Removes user account corresponding to specified userName.
|
||||
|
||||
### Secrets Operations
|
||||
|
||||
#### Store
|
||||
|
||||
@@ -15,16 +15,54 @@ import (
|
||||
)
|
||||
|
||||
type RegisterInput struct {
|
||||
Username string `json:"username" binding:"required"`
|
||||
UserName string `json:"userName" binding:"required"`
|
||||
Password string `json:"password" binding:"required"`
|
||||
RoleId int `json:"roleid"`
|
||||
}
|
||||
|
||||
type LoginInput struct {
|
||||
Username string `json:"username" binding:"required"`
|
||||
UserName string `json:"userName" binding:"required"`
|
||||
Password string `json:"password" binding:"required"`
|
||||
}
|
||||
|
||||
type DeleteInput struct {
|
||||
UserName string `json:"userName" binding:"required"`
|
||||
}
|
||||
|
||||
func DeleteUser(c *gin.Context) {
|
||||
var input DeleteInput
|
||||
|
||||
if err := c.ShouldBindJSON(&input); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
u := models.User{}
|
||||
u.UserName = input.UserName
|
||||
|
||||
//remove spaces in username
|
||||
u.UserName = html.EscapeString(strings.TrimSpace(u.UserName))
|
||||
|
||||
// Confirm user account exists
|
||||
testUser, _ := models.GetUserByName(u.UserName)
|
||||
log.Printf("DeleteUser confirming user '%s' account exists\n", u.UserName)
|
||||
if (models.User{} == testUser) {
|
||||
err := errors.New("attempt to delete non-existing username '" + u.UserName + "'")
|
||||
log.Printf("Delete User error : '%s'\n", err)
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
} else {
|
||||
err := u.DeleteUser()
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"Error deleting user": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, gin.H{"message": "user deletion success"})
|
||||
}
|
||||
}
|
||||
|
||||
func Register(c *gin.Context) {
|
||||
var input RegisterInput
|
||||
|
||||
@@ -35,7 +73,7 @@ func Register(c *gin.Context) {
|
||||
|
||||
u := models.User{}
|
||||
//u.RoleId = 1
|
||||
u.UserName = input.Username
|
||||
u.UserName = input.UserName
|
||||
u.Password = input.Password
|
||||
|
||||
// Default to regular user role if not specified
|
||||
@@ -93,7 +131,7 @@ func Login(c *gin.Context) {
|
||||
|
||||
u := models.User{}
|
||||
|
||||
u.UserName = input.Username
|
||||
u.UserName = input.UserName
|
||||
u.Password = input.Password
|
||||
|
||||
log.Printf("Login checking username '%s' and password length '%d'\n", u.UserName, len(u.Password))
|
||||
|
||||
1
main.go
1
main.go
@@ -250,6 +250,7 @@ func main() {
|
||||
adminOnly.POST("/register", controllers.Register)
|
||||
adminOnly.GET("/roles", controllers.GetRoles)
|
||||
adminOnly.GET("/users", controllers.GetUsers)
|
||||
adminOnly.GET("/user/delete", controllers.DeleteUser)
|
||||
|
||||
// Get secrets
|
||||
protected := router.Group("/api/secret")
|
||||
|
||||
@@ -49,6 +49,31 @@ func (u *User) SaveUser() (*User, error) {
|
||||
return u, nil
|
||||
}
|
||||
|
||||
func (u *User) DeleteUser() error {
|
||||
|
||||
// Validate username exists
|
||||
_, err := GetUserByName(u.UserName)
|
||||
if err != nil {
|
||||
log.Printf("DeleteUser error finding user account to remove : '%s'\n", err)
|
||||
return err
|
||||
} else {
|
||||
log.Printf("DeleteUser confirmed user exists, continuing with deletion of user '%s'\n", u.UserName)
|
||||
result, err := db.NamedExec((`DELETE FROM users WHERE UserName = :UserName`), u)
|
||||
|
||||
if err != nil {
|
||||
log.Printf("DeleteUser error executing sql delete : '%s'\n", err)
|
||||
return err
|
||||
} else {
|
||||
affected, _ := result.RowsAffected()
|
||||
id, _ := result.LastInsertId()
|
||||
log.Printf("DeleteUser returned result id '%d' affecting %d row(s).\n", id, affected)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func VerifyPassword(password, hashedPassword string) error {
|
||||
log.Printf("VerifyPassword comparing input against hashed value '%s'\n", hashedPassword)
|
||||
return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
|
||||
|
||||
Reference in New Issue
Block a user