Move password hashing in handler
diff --git a/core/kg/api/rest/handler.go b/core/kg/api/rest/handler.go
index dbc5882..88d0670 100644
--- a/core/kg/api/rest/handler.go
+++ b/core/kg/api/rest/handler.go
@@ -23,9 +23,7 @@
return err
}
- if statusCode != http.StatusOK {
- w.WriteHeader(statusCode)
- }
+ w.WriteHeader(statusCode)
encoder := json.NewEncoder(w)
encoder.SetEscapeHTML(true)
@@ -35,9 +33,5 @@
return err
}
- if f, ok := w.(http.Flusher); ok {
- f.Flush()
- }
-
return nil
}
diff --git a/core/kg/api/rest/user_service.go b/core/kg/api/rest/user_service.go
index ee7abc2..c976de7 100644
--- a/core/kg/api/rest/user_service.go
+++ b/core/kg/api/rest/user_service.go
@@ -5,6 +5,7 @@
"net/http"
"strconv"
+ "github.com/giolekva/pcloud/core/kg/app"
"github.com/giolekva/pcloud/core/kg/model"
"github.com/gorilla/mux"
"github.com/pkg/errors"
@@ -22,6 +23,10 @@
if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
return errors.Wrap(err, "can't decode request body")
}
+ if err := user.IsValidInput(); err != nil {
+ return errors.Wrap(err, "invalid user input")
+ }
+ user.Password = app.HashPassword(user.Password)
user.SanitizeInput()
updatedUser, err := router.App.CreateUser(user)
if err != nil {
diff --git a/core/kg/app/user.go b/core/kg/app/user.go
index 063c084..c21b86e 100644
--- a/core/kg/app/user.go
+++ b/core/kg/app/user.go
@@ -4,6 +4,7 @@
"github.com/giolekva/pcloud/core/kg/log"
"github.com/giolekva/pcloud/core/kg/model"
"github.com/pkg/errors"
+ "golang.org/x/crypto/bcrypt"
)
// GetUser returns user
@@ -21,7 +22,6 @@
return nil, errors.New("not a first user")
}
- user.HashPassword()
updatedUser, err := a.store.User().Save(user)
if err != nil {
return nil, errors.Wrap(err, "can't save user to the DB")
@@ -45,3 +45,17 @@
}
return count > 0
}
+
+// HashPassword hashes user's password
+func HashPassword(password string) string {
+ if password == "" {
+ return ""
+ }
+
+ hash, err := bcrypt.GenerateFromPassword([]byte(password), 10)
+ if err != nil {
+ panic(err)
+ }
+
+ return string(hash)
+}
diff --git a/core/kg/model/user.go b/core/kg/model/user.go
index 5bcb8a0..e68bb63 100644
--- a/core/kg/model/user.go
+++ b/core/kg/model/user.go
@@ -5,7 +5,6 @@
"unicode"
"github.com/pkg/errors"
- "golang.org/x/crypto/bcrypt"
)
const (
@@ -47,6 +46,15 @@
return nil
}
+// IsValidInput validates the user input and returns an error
+func (u *User) IsValidInput() error {
+ if !isValidUsername(u.Username) {
+ return invalidUserError("username", u.ID)
+ }
+
+ return nil
+}
+
// Clone clones the object
func (u *User) Clone() *User {
user := *u
@@ -67,20 +75,6 @@
u.Password = ""
}
-// HashPassword hashes user's password
-func (u *User) HashPassword() {
- if u.Password == "" {
- return
- }
-
- hash, err := bcrypt.GenerateFromPassword([]byte(u.Password), 10)
- if err != nil {
- panic(err)
- }
-
- u.Password = string(hash)
-}
-
func isValidID(value string) bool {
if len(value) != 26 {
return false