Closed pslosarz closed 1 year ago
When creating a new user without admin role, information about the password is lost, making it impossible to login.
scanario: Create a new user by api without admin role.
/api/user/save { "type": "internal", "admin": false, "name": "Jon Doe", "loginName": "test", "password": "xxx", "passwordConfirm": "xxx", "email": "xxx@gmail.com", "roles": [ "rolaxxx" ] }
try logging in with your new credentials
api/user/sign-in {"name":"test","password":"xxx"}
the response will be:
security: invalid principal or credential(1001)
[FIX] This is a fix for this case. The principle is the same as for creating a new admin account. api/user.go:73
return func(c web.Context) error { args := &struct { Password string `json:"password"` *dao.User }{} err := c.Bind(args, true) if err == nil { ctx, cancel := misc.Context(defaultTimeout) defer cancel() user := args.User if user.ID == "" { user.Password = args.Password _, err = b.Create(ctx, user, c.User()) } else { err = b.Update(ctx, user, c.User()) } } return ajax(c, err) }
When creating a new user without admin role, information about the password is lost, making it impossible to login.
scanario: Create a new user by api without admin role.
try logging in with your new credentials
the response will be:
[FIX] This is a fix for this case. The principle is the same as for creating a new admin account. api/user.go:73