Fixed user/edit

2022-01-31 20:51:04 +01:00 · 2022-01-31 20:51:04 +01:00 · 2918bc46b5
commit 2918bc46b5
parent bba0b6d5d2
1 changed files with 15 additions and 10 deletions
--- a/server/src/main/java/com/vpr/server/controller/UserController.java
+++ b/server/src/main/java/com/vpr/server/controller/UserController.java
@ -158,13 +158,16 @@ public class UserController {
            @RequestParam String name,
            @RequestParam String forename,
            @RequestParam String login,
-            @RequestParam String password,
+            @RequestParam(required = false) String password,
            @RequestParam Boolean isAdmin
    ) {
        User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
        if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
            return new ResponseEntity<>("Du hast keine Rechte um den User zu editieren", HttpStatus.UNAUTHORIZED);
        }
+        if(isAdmin && !authUser.isAdmin()){
+            return new ResponseEntity<>("Du hast keine Rechte um dich zum Admin zu machen", HttpStatus.UNAUTHORIZED);
+        }
        User user = userRepository.findById(userId);
        if (user == null) {
            return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
@ -175,20 +178,22 @@ public class UserController {
            return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST);
        }

-        byte[] salt = Hasher.GenerateSalt();
-        byte[] hash;
-        try {
-            hash = Hasher.HashPassword(password, salt);
-        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-            e.printStackTrace();
-            return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
+        if(password != null){
+            byte[] salt = Hasher.GenerateSalt();
+            byte[] hash;
+            try {
+                hash = Hasher.HashPassword(password, salt);
+                user.setPassword(hash);
+                user.setSalt(salt);
+            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+                e.printStackTrace();
+                return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
+            }
        }

        user.setName(name);
        user.setForename(forename);
        user.setLogin(login);
-        user.setPassword(hash);
-        user.setSalt(salt);
        user.setToken("");
        user.setAdmin(isAdmin);