fixed blocking important issues
This commit is contained in:
@@ -15,17 +15,22 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
errInvalidUserID = errors.New("invalid id")
|
||||
errAdminUserNotFound = errors.New("admin not found")
|
||||
errCannotResetPassword = errors.New("cannot reset password for this user")
|
||||
errResetPasswordFailed = errors.New("failed to reset password")
|
||||
errResetPasswordRateHit = errors.New("too many password reset requests")
|
||||
errInvalidUserID = errors.New("invalid id")
|
||||
errAdminUserNotFound = errors.New("admin not found")
|
||||
errCannotResetPassword = errors.New("cannot reset password for this user")
|
||||
errResetPasswordFailed = errors.New("failed to reset password")
|
||||
errResetPasswordRateHit = errors.New("too many password reset requests")
|
||||
errResetPasswordForbidden = errors.New("you are not allowed to reset this password")
|
||||
)
|
||||
|
||||
const adminPasswordResetRateLimit = 10
|
||||
|
||||
// AdminResetPassword generates a new password for the target admin user.
|
||||
func (s *userService) AdminResetPassword(ctx context.Context, actorID, targetID string) (*AdminResetPasswordResponse, error) {
|
||||
func (s *userService) AdminResetPassword(ctx context.Context, actorID, actorRole, targetID string) (*AdminResetPasswordResponse, error) {
|
||||
if UserRole(actorRole) != UserRoleAdmin {
|
||||
return nil, errResetPasswordForbidden
|
||||
}
|
||||
|
||||
if _, err := bson.ObjectIDFromHex(targetID); err != nil {
|
||||
return nil, errInvalidUserID
|
||||
}
|
||||
@@ -36,7 +41,7 @@ func (s *userService) AdminResetPassword(ctx context.Context, actorID, targetID
|
||||
|
||||
user, err := s.repository.GetByID(ctx, targetID)
|
||||
if err != nil {
|
||||
if err.Error() == "user not found" {
|
||||
if errors.Is(err, ErrUserNotFound) {
|
||||
return nil, errAdminUserNotFound
|
||||
}
|
||||
s.logger.Error("Failed to load user for password reset", map[string]interface{}{
|
||||
@@ -68,9 +73,10 @@ func (s *userService) AdminResetPassword(ctx context.Context, actorID, targetID
|
||||
return nil, errResetPasswordFailed
|
||||
}
|
||||
|
||||
user.Password = string(hashedPassword)
|
||||
user.UpdatedBy = &actorID
|
||||
if err := s.repository.Update(ctx, user); err != nil {
|
||||
if err := s.repository.UpdatePasswordReset(ctx, targetID, string(hashedPassword), actorID); err != nil {
|
||||
if errors.Is(err, ErrUserNotFound) {
|
||||
return nil, errAdminUserNotFound
|
||||
}
|
||||
s.logger.Error("Failed to persist reset password", map[string]interface{}{
|
||||
"error": err.Error(),
|
||||
"target_id": targetID,
|
||||
@@ -83,7 +89,6 @@ func (s *userService) AdminResetPassword(ctx context.Context, actorID, targetID
|
||||
"error": err.Error(),
|
||||
"target_id": targetID,
|
||||
})
|
||||
return nil, errResetPasswordFailed
|
||||
}
|
||||
|
||||
s.auditLogger.Log(ctx, audit.Entry{
|
||||
|
||||
Reference in New Issue
Block a user