MAM/VPR-Backend
3
2
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed user/edit

Browse Source
This commit is contained in:
Marc Beyer 2022-01-31 20:51:04 +01:00
parent bba0b6d5d2
commit 2918bc46b5
1 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
server/src/main/java/com/vpr/server/controller/UserController.java
View File

@ -158,13 +158,16 @@ public class UserController {
@RequestParam String name, @RequestParam String name,
@RequestParam String forename, @RequestParam String forename,
@RequestParam String login, @RequestParam String login,
@RequestParam String password, @RequestParam(required = false) String password,
@RequestParam Boolean isAdmin @RequestParam Boolean isAdmin
) { ) {
User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository); User authUser = authController.getAuthUserFromHeader(authorizationHeader, userRepository);
if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) { if (authUser == null || (!authUser.isAdmin() && authUser.getId() != userId)) {
return new ResponseEntity<>("Du hast keine Rechte um den User zu editieren", HttpStatus.UNAUTHORIZED); return new ResponseEntity<>("Du hast keine Rechte um den User zu editieren", HttpStatus.UNAUTHORIZED);
} }
if(isAdmin && !authUser.isAdmin()){
return new ResponseEntity<>("Du hast keine Rechte um dich zum Admin zu machen", HttpStatus.UNAUTHORIZED);
}
User user = userRepository.findById(userId); User user = userRepository.findById(userId);
if (user == null) { if (user == null) {
return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST); return new ResponseEntity<>("User nicht in der Datenbank vorhanden", HttpStatus.BAD_REQUEST);
@ -175,20 +178,22 @@ public class UserController {
return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST); return new ResponseEntity<>("Login exestiert bereits", HttpStatus.BAD_REQUEST);
} }
byte[] salt = Hasher.GenerateSalt(); if(password != null){
byte[] hash; byte[] salt = Hasher.GenerateSalt();
try { byte[] hash;
hash = Hasher.HashPassword(password, salt); try {
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { hash = Hasher.HashPassword(password, salt);
e.printStackTrace(); user.setPassword(hash);
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR); user.setSalt(salt);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
return new ResponseEntity<>("Fehler beim hashen", HttpStatus.INTERNAL_SERVER_ERROR);
}
} }
user.setName(name); user.setName(name);
user.setForename(forename); user.setForename(forename);
user.setLogin(login); user.setLogin(login);
user.setPassword(hash);
user.setSalt(salt);
user.setToken(""); user.setToken("");
user.setAdmin(isAdmin); user.setAdmin(isAdmin);