summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Dessaux2024-11-15 23:59:14 +0100
committerJulien Dessaux2024-11-15 23:59:14 +0100
commit7c96e1b780243bfbe3ecc5b6874fe3497e2419d5 (patch)
tree3c4c84d9d6f414c97163d7101c2157dc904a4dd0
parentchore(tfstated): use a struct{} as context.Context key (diff)
downloadtfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.gz
tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.bz2
tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.zip
fix(tfstated): return 403 Forbidden on non existent account
Diffstat (limited to '')
-rw-r--r--pkg/basic_auth/middleware.go4
-rw-r--r--pkg/database/accounts.go4
2 files changed, 8 insertions, 0 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
index 94cac56..1b51c8a 100644
--- a/pkg/basic_auth/middleware.go
+++ b/pkg/basic_auth/middleware.go
@@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
http.Error(w, "Internal Server Error", http.StatusInternalServerError)
return
}
+ if account == nil {
+ http.Error(w, "Forbidden", http.StatusForbidden)
+ return
+ }
if password != account.Password {
http.Error(w, "Forbidden", http.StatusForbidden)
return
diff --git a/pkg/database/accounts.go b/pkg/database/accounts.go
index 7902371..3919709 100644
--- a/pkg/database/accounts.go
+++ b/pkg/database/accounts.go
@@ -2,6 +2,7 @@ package database
import (
"database/sql"
+ "errors"
"fmt"
"log/slog"
"time"
@@ -32,6 +33,9 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) {
&account.Settings,
)
if err != nil {
+ if errors.Is(err, sql.ErrNoRows) {
+ return nil, nil
+ }
return nil, err
}
password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword)