if the admin token is null then it will fail an admin login. Also added the remove scopes logic and it worked for me
This commit is contained in:
parent
8a43c166a8
commit
9bc36bae7f
@ -90,6 +90,12 @@ func (h *Handler) AuthLogin(c echo.Context) error {
|
||||
}
|
||||
|
||||
func (h *Handler) validateAdminToken(c echo.Context, password string) error {
|
||||
// if the admin token is blank, then the admin wanted this disabled.
|
||||
// this will fail right away and not progress.
|
||||
if h.Config.AdminToken == "" {
|
||||
return h.InternalServerErrorResponse(c, ErrUserNotFound)
|
||||
}
|
||||
|
||||
if h.Config.AdminToken != password {
|
||||
return h.ReturnUnauthorizedResponse(c, ErrUserNotFound)
|
||||
}
|
||||
@ -102,7 +108,7 @@ func (h *Handler) validateAdminToken(c echo.Context, password string) error {
|
||||
return c.JSON(http.StatusOK, token)
|
||||
}
|
||||
|
||||
func (h *Handler) AddScope(c echo.Context) error {
|
||||
func (h *Handler) AddScopes(c echo.Context) error {
|
||||
token, err := h.getJwtToken(c)
|
||||
if err != nil {
|
||||
return h.ReturnUnauthorizedResponse(c, err.Error())
|
||||
@ -113,7 +119,7 @@ func (h *Handler) AddScope(c echo.Context) error {
|
||||
return h.ReturnUnauthorizedResponse(c, err.Error())
|
||||
}
|
||||
|
||||
request := domain.AddScopeRequest{}
|
||||
request := domain.UpdateScopesRequest{}
|
||||
err = (&echo.DefaultBinder{}).BindBody(c, &request)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
|
||||
@ -132,10 +138,33 @@ func (h *Handler) AddScope(c echo.Context) error {
|
||||
})
|
||||
}
|
||||
|
||||
func (h *Handler) RemoveScope(c echo.Context) error {
|
||||
return c.JSON(http.StatusOK, domain.ErrorResponse{
|
||||
func (h *Handler) RemoveScopes(c echo.Context) error {
|
||||
token, err := h.getJwtToken(c)
|
||||
if err != nil {
|
||||
return h.ReturnUnauthorizedResponse(c, err.Error())
|
||||
}
|
||||
|
||||
err = token.IsValid(domain.ScopeAll)
|
||||
if err != nil {
|
||||
return h.ReturnUnauthorizedResponse(c, err.Error())
|
||||
}
|
||||
|
||||
request := domain.UpdateScopesRequest{}
|
||||
err = (&echo.DefaultBinder{}).BindBody(c, &request)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusBadRequest, domain.ErrorResponse{
|
||||
Success: false,
|
||||
Message: "Not Implemented",
|
||||
Message: err.Error(),
|
||||
})
|
||||
}
|
||||
|
||||
err = h.UserService.RemoveScopes(request.Username, request.Scopes)
|
||||
if err != nil {
|
||||
return h.InternalServerErrorResponse(c, err.Error())
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, domain.ErrorResponse{
|
||||
Success: true,
|
||||
})
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user