diff options
| author | Julien Dessaux | 2024-11-15 23:59:14 +0100 |
|---|---|---|
| committer | Julien Dessaux | 2024-11-15 23:59:14 +0100 |
| commit | 7c96e1b780243bfbe3ecc5b6874fe3497e2419d5 (patch) | |
| tree | 3c4c84d9d6f414c97163d7101c2157dc904a4dd0 /pkg | |
| parent | chore(tfstated): use a struct{} as context.Context key (diff) | |
| download | tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.gz tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.tar.bz2 tfstated-7c96e1b780243bfbe3ecc5b6874fe3497e2419d5.zip | |
fix(tfstated): return 403 Forbidden on non existent account
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/basic_auth/middleware.go | 4 | ||||
| -rw-r--r-- | pkg/database/accounts.go | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go index 94cac56..1b51c8a 100644 --- a/pkg/basic_auth/middleware.go +++ b/pkg/basic_auth/middleware.go @@ -23,6 +23,10 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler { http.Error(w, "Internal Server Error", http.StatusInternalServerError) return } + if account == nil { + http.Error(w, "Forbidden", http.StatusForbidden) + return + } if password != account.Password { http.Error(w, "Forbidden", http.StatusForbidden) return diff --git a/pkg/database/accounts.go b/pkg/database/accounts.go index 7902371..3919709 100644 --- a/pkg/database/accounts.go +++ b/pkg/database/accounts.go @@ -2,6 +2,7 @@ package database import ( "database/sql" + "errors" "fmt" "log/slog" "time" @@ -32,6 +33,9 @@ func (db *DB) LoadAccountByUsername(username string) (*model.Account, error) { &account.Settings, ) if err != nil { + if errors.Is(err, sql.ErrNoRows) { + return nil, nil + } return nil, err } password, err := db.dataEncryptionKey.DecryptAES256(encryptedPassword) |