Fix regression in integration page and simplify SQL query

This commit is contained in:
Frédéric Guillot 2023-07-10 20:59:49 -07:00
parent 309e6d1084
commit 7988241e11
4 changed files with 72 additions and 174 deletions

View file

@ -9,6 +9,8 @@ import (
"encoding/base64"
"encoding/hex"
"fmt"
"golang.org/x/crypto/bcrypt"
)
// HashFromBytes returns a SHA-256 checksum of the input.
@ -41,3 +43,8 @@ func GenerateRandomString(size int) string {
func GenerateRandomStringHex(size int) string {
return hex.EncodeToString(GenerateRandomBytes(size))
}
func HashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(bytes), err
}

View file

@ -223,13 +223,7 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) {
// UpdateIntegration saves user integration settings.
func (s *Storage) UpdateIntegration(integration *model.Integration) error {
var err error
if integration.GoogleReaderPassword != "" {
integration.GoogleReaderPassword, err = hashPassword(integration.GoogleReaderPassword)
if err != nil {
return err
}
query := `
query := `
UPDATE
integrations
SET
@ -276,167 +270,62 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error {
matrix_bot_password=$41,
matrix_bot_url=$42,
matrix_bot_chat_id=$43,
notion_enabled=$45,
notion_token=$46,
notion_page_id=$47
notion_enabled=$44,
notion_token=$45,
notion_page_id=$46
WHERE
user_id=$44
user_id=$47
`
_, err = s.db.Exec(
query,
integration.PinboardEnabled,
integration.PinboardToken,
integration.PinboardTags,
integration.PinboardMarkAsUnread,
integration.InstapaperEnabled,
integration.InstapaperUsername,
integration.InstapaperPassword,
integration.FeverEnabled,
integration.FeverUsername,
integration.FeverToken,
integration.WallabagEnabled,
integration.WallabagOnlyURL,
integration.WallabagURL,
integration.WallabagClientID,
integration.WallabagClientSecret,
integration.WallabagUsername,
integration.WallabagPassword,
integration.NunuxKeeperEnabled,
integration.NunuxKeeperURL,
integration.NunuxKeeperAPIKey,
integration.PocketEnabled,
integration.PocketAccessToken,
integration.PocketConsumerKey,
integration.GoogleReaderEnabled,
integration.GoogleReaderUsername,
integration.GoogleReaderPassword,
integration.TelegramBotEnabled,
integration.TelegramBotToken,
integration.TelegramBotChatID,
integration.EspialEnabled,
integration.EspialURL,
integration.EspialAPIKey,
integration.EspialTags,
integration.LinkdingEnabled,
integration.LinkdingURL,
integration.LinkdingAPIKey,
integration.LinkdingTags,
integration.LinkdingMarkAsUnread,
integration.MatrixBotEnabled,
integration.MatrixBotUser,
integration.MatrixBotPassword,
integration.MatrixBotURL,
integration.MatrixBotChatID,
integration.NotionEnabled,
integration.NotionToken,
integration.NotionPageID,
integration.UserID,
)
} else {
query := `
UPDATE
integrations
SET
pinboard_enabled=$1,
pinboard_token=$2,
pinboard_tags=$3,
pinboard_mark_as_unread=$4,
instapaper_enabled=$5,
instapaper_username=$6,
instapaper_password=$7,
fever_enabled=$8,
fever_username=$9,
fever_token=$10,
wallabag_enabled=$11,
wallabag_only_url=$12,
wallabag_url=$13,
wallabag_client_id=$14,
wallabag_client_secret=$15,
wallabag_username=$16,
wallabag_password=$17,
nunux_keeper_enabled=$18,
nunux_keeper_url=$19,
nunux_keeper_api_key=$20,
pocket_enabled=$21,
pocket_access_token=$22,
pocket_consumer_key=$23,
googlereader_enabled=$24,
googlereader_username=$25,
googlereader_password=$26,
telegram_bot_enabled=$27,
telegram_bot_token=$28,
telegram_bot_chat_id=$29,
espial_enabled=$30,
espial_url=$31,
espial_api_key=$32,
espial_tags=$33,
linkding_enabled=$34,
linkding_url=$35,
linkding_api_key=$36,
linkding_tags=$37,
linkding_mark_as_unread=$38,
matrix_bot_enabled=$39,
matrix_bot_user=$40,
matrix_bot_password=$41,
matrix_bot_url=$42,
matrix_bot_chat_id=$43,
notion_enabled=$45,
notion_token=$46,
notion_page_id=$47
WHERE
user_id=$44
`
_, err = s.db.Exec(
query,
integration.PinboardEnabled,
integration.PinboardToken,
integration.PinboardTags,
integration.PinboardMarkAsUnread,
integration.InstapaperEnabled,
integration.InstapaperUsername,
integration.InstapaperPassword,
integration.FeverEnabled,
integration.FeverUsername,
integration.FeverToken,
integration.WallabagEnabled,
integration.WallabagOnlyURL,
integration.WallabagURL,
integration.WallabagClientID,
integration.WallabagClientSecret,
integration.WallabagUsername,
integration.WallabagPassword,
integration.NunuxKeeperEnabled,
integration.NunuxKeeperURL,
integration.NunuxKeeperAPIKey,
integration.PocketEnabled,
integration.PocketAccessToken,
integration.PocketConsumerKey,
integration.GoogleReaderEnabled,
integration.GoogleReaderUsername,
integration.GoogleReaderPassword,
integration.TelegramBotEnabled,
integration.TelegramBotToken,
integration.TelegramBotChatID,
integration.EspialEnabled,
integration.EspialURL,
integration.EspialAPIKey,
integration.EspialTags,
integration.LinkdingEnabled,
integration.LinkdingURL,
integration.LinkdingAPIKey,
integration.LinkdingTags,
integration.LinkdingMarkAsUnread,
integration.MatrixBotEnabled,
integration.MatrixBotUser,
integration.MatrixBotPassword,
integration.MatrixBotURL,
integration.MatrixBotChatID,
integration.UserID,
integration.NotionEnabled,
integration.NotionToken,
integration.NotionPageID,
)
}
_, err := s.db.Exec(
query,
integration.PinboardEnabled,
integration.PinboardToken,
integration.PinboardTags,
integration.PinboardMarkAsUnread,
integration.InstapaperEnabled,
integration.InstapaperUsername,
integration.InstapaperPassword,
integration.FeverEnabled,
integration.FeverUsername,
integration.FeverToken,
integration.WallabagEnabled,
integration.WallabagOnlyURL,
integration.WallabagURL,
integration.WallabagClientID,
integration.WallabagClientSecret,
integration.WallabagUsername,
integration.WallabagPassword,
integration.NunuxKeeperEnabled,
integration.NunuxKeeperURL,
integration.NunuxKeeperAPIKey,
integration.PocketEnabled,
integration.PocketAccessToken,
integration.PocketConsumerKey,
integration.GoogleReaderEnabled,
integration.GoogleReaderUsername,
integration.GoogleReaderPassword,
integration.TelegramBotEnabled,
integration.TelegramBotToken,
integration.TelegramBotChatID,
integration.EspialEnabled,
integration.EspialURL,
integration.EspialAPIKey,
integration.EspialTags,
integration.LinkdingEnabled,
integration.LinkdingURL,
integration.LinkdingAPIKey,
integration.LinkdingTags,
integration.LinkdingMarkAsUnread,
integration.MatrixBotEnabled,
integration.MatrixBotUser,
integration.MatrixBotPassword,
integration.MatrixBotURL,
integration.MatrixBotChatID,
integration.NotionEnabled,
integration.NotionToken,
integration.NotionPageID,
integration.UserID,
)
if err != nil {
return fmt.Errorf(`store: unable to update integration row: %v`, err)

View file

@ -9,6 +9,7 @@ import (
"runtime"
"strings"
"miniflux.app/crypto"
"miniflux.app/logger"
"miniflux.app/model"
@ -57,7 +58,7 @@ func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*m
var hashedPassword string
if userCreationRequest.Password != "" {
var err error
hashedPassword, err = hashPassword(userCreationRequest.Password)
hashedPassword, err = crypto.HashPassword(userCreationRequest.Password)
if err != nil {
return nil, err
}
@ -157,7 +158,7 @@ func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*m
// UpdateUser updates a user.
func (s *Storage) UpdateUser(user *model.User) error {
if user.Password != "" {
hashedPassword, err := hashPassword(user.Password)
hashedPassword, err := crypto.HashPassword(user.Password)
if err != nil {
return err
}
@ -649,8 +650,3 @@ func (s *Storage) HasPassword(userID int64) (bool, error) {
}
return false, nil
}
func hashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
return string(bytes), err
}

View file

@ -8,6 +8,7 @@ import (
"fmt"
"net/http"
"miniflux.app/crypto"
"miniflux.app/http/request"
"miniflux.app/http/response/html"
"miniflux.app/http/route"
@ -56,11 +57,16 @@ func (h *handler) updateIntegration(w http.ResponseWriter, r *http.Request) {
if integration.GoogleReaderEnabled {
if integrationForm.GoogleReaderPassword != "" {
integration.GoogleReaderPassword = integrationForm.GoogleReaderPassword
integration.GoogleReaderPassword, err = crypto.HashPassword(integrationForm.GoogleReaderPassword)
if err != nil {
html.ServerError(w, r, err)
return
}
}
} else {
integration.GoogleReaderPassword = ""
}
err = h.store.UpdateIntegration(integration)
if err != nil {
html.ServerError(w, r, err)