if the admin token is null then it will fail an admin login. Also added the remove scopes logic and it worked for me

This commit is contained in:
James Tombleson 2024-04-04 15:30:22 -07:00
parent 8a43c166a8
commit 9bc36bae7f

View File

@ -90,6 +90,12 @@ func (h *Handler) AuthLogin(c echo.Context) error {
}
func (h *Handler) validateAdminToken(c echo.Context, password string) error {
// if the admin token is blank, then the admin wanted this disabled.
// this will fail right away and not progress.
if h.Config.AdminToken == "" {
return h.InternalServerErrorResponse(c, ErrUserNotFound)
}
if h.Config.AdminToken != password {
return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
}
@ -102,7 +108,7 @@ func (h *Handler) validateAdminToken(c echo.Context, password string) error {
return c.JSON(http.StatusOK, token)
}
func (h *Handler) AddScope(c echo.Context) error {
func (h *Handler) AddScopes(c echo.Context) error {
token, err := h.getJwtToken(c)
if err != nil {
return h.ReturnUnauthorizedResponse(c, err.Error())
@ -113,7 +119,7 @@ func (h *Handler) AddScope(c echo.Context) error {
return h.ReturnUnauthorizedResponse(c, err.Error())
}
request := domain.AddScopeRequest{}
request := domain.UpdateScopesRequest{}
err = (&echo.DefaultBinder{}).BindBody(c, &request)
if err != nil {
return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
@ -132,10 +138,33 @@ func (h *Handler) AddScope(c echo.Context) error {
})
}
func (h *Handler) RemoveScope(c echo.Context) error {
return c.JSON(http.StatusOK, domain.ErrorResponse{
func (h *Handler) RemoveScopes(c echo.Context) error {
token, err := h.getJwtToken(c)
if err != nil {
return h.ReturnUnauthorizedResponse(c, err.Error())
}
err = token.IsValid(domain.ScopeAll)
if err != nil {
return h.ReturnUnauthorizedResponse(c, err.Error())
}
request := domain.UpdateScopesRequest{}
err = (&echo.DefaultBinder{}).BindBody(c, &request)
if err != nil {
return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
Success: false,
Message: "Not Implemented",
Message: err.Error(),
})
}
err = h.UserService.RemoveScopes(request.Username, request.Scopes)
if err != nil {
return h.InternalServerErrorResponse(c, err.Error())
}
return c.JSON(http.StatusOK, domain.ErrorResponse{
Success: true,
})
}