From 7988241e11da79dd0f2d88edabfbdee298663b32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= Date: Mon, 10 Jul 2023 20:59:49 -0700 Subject: [PATCH] Fix regression in integration page and simplify SQL query --- crypto/crypto.go | 7 ++ storage/integration.go | 221 ++++++++++----------------------------- storage/user.go | 10 +- ui/integration_update.go | 8 +- 4 files changed, 72 insertions(+), 174 deletions(-) diff --git a/crypto/crypto.go b/crypto/crypto.go index 5e0b688f..684c2197 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -9,6 +9,8 @@ import ( "encoding/base64" "encoding/hex" "fmt" + + "golang.org/x/crypto/bcrypt" ) // HashFromBytes returns a SHA-256 checksum of the input. @@ -41,3 +43,8 @@ func GenerateRandomString(size int) string { func GenerateRandomStringHex(size int) string { return hex.EncodeToString(GenerateRandomBytes(size)) } + +func HashPassword(password string) (string, error) { + bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) + return string(bytes), err +} diff --git a/storage/integration.go b/storage/integration.go index f65aff6e..f6378c8f 100644 --- a/storage/integration.go +++ b/storage/integration.go @@ -223,13 +223,7 @@ func (s *Storage) Integration(userID int64) (*model.Integration, error) { // UpdateIntegration saves user integration settings. func (s *Storage) UpdateIntegration(integration *model.Integration) error { - var err error - if integration.GoogleReaderPassword != "" { - integration.GoogleReaderPassword, err = hashPassword(integration.GoogleReaderPassword) - if err != nil { - return err - } - query := ` + query := ` UPDATE integrations SET @@ -276,167 +270,62 @@ func (s *Storage) UpdateIntegration(integration *model.Integration) error { matrix_bot_password=$41, matrix_bot_url=$42, matrix_bot_chat_id=$43, - notion_enabled=$45, - notion_token=$46, - notion_page_id=$47 + notion_enabled=$44, + notion_token=$45, + notion_page_id=$46 WHERE - user_id=$44 + user_id=$47 ` - _, err = s.db.Exec( - query, - integration.PinboardEnabled, - integration.PinboardToken, - integration.PinboardTags, - integration.PinboardMarkAsUnread, - integration.InstapaperEnabled, - integration.InstapaperUsername, - integration.InstapaperPassword, - integration.FeverEnabled, - integration.FeverUsername, - integration.FeverToken, - integration.WallabagEnabled, - integration.WallabagOnlyURL, - integration.WallabagURL, - integration.WallabagClientID, - integration.WallabagClientSecret, - integration.WallabagUsername, - integration.WallabagPassword, - integration.NunuxKeeperEnabled, - integration.NunuxKeeperURL, - integration.NunuxKeeperAPIKey, - integration.PocketEnabled, - integration.PocketAccessToken, - integration.PocketConsumerKey, - integration.GoogleReaderEnabled, - integration.GoogleReaderUsername, - integration.GoogleReaderPassword, - integration.TelegramBotEnabled, - integration.TelegramBotToken, - integration.TelegramBotChatID, - integration.EspialEnabled, - integration.EspialURL, - integration.EspialAPIKey, - integration.EspialTags, - integration.LinkdingEnabled, - integration.LinkdingURL, - integration.LinkdingAPIKey, - integration.LinkdingTags, - integration.LinkdingMarkAsUnread, - integration.MatrixBotEnabled, - integration.MatrixBotUser, - integration.MatrixBotPassword, - integration.MatrixBotURL, - integration.MatrixBotChatID, - integration.NotionEnabled, - integration.NotionToken, - integration.NotionPageID, - integration.UserID, - ) - } else { - query := ` - UPDATE - integrations - SET - pinboard_enabled=$1, - pinboard_token=$2, - pinboard_tags=$3, - pinboard_mark_as_unread=$4, - instapaper_enabled=$5, - instapaper_username=$6, - instapaper_password=$7, - fever_enabled=$8, - fever_username=$9, - fever_token=$10, - wallabag_enabled=$11, - wallabag_only_url=$12, - wallabag_url=$13, - wallabag_client_id=$14, - wallabag_client_secret=$15, - wallabag_username=$16, - wallabag_password=$17, - nunux_keeper_enabled=$18, - nunux_keeper_url=$19, - nunux_keeper_api_key=$20, - pocket_enabled=$21, - pocket_access_token=$22, - pocket_consumer_key=$23, - googlereader_enabled=$24, - googlereader_username=$25, - googlereader_password=$26, - telegram_bot_enabled=$27, - telegram_bot_token=$28, - telegram_bot_chat_id=$29, - espial_enabled=$30, - espial_url=$31, - espial_api_key=$32, - espial_tags=$33, - linkding_enabled=$34, - linkding_url=$35, - linkding_api_key=$36, - linkding_tags=$37, - linkding_mark_as_unread=$38, - matrix_bot_enabled=$39, - matrix_bot_user=$40, - matrix_bot_password=$41, - matrix_bot_url=$42, - matrix_bot_chat_id=$43, - notion_enabled=$45, - notion_token=$46, - notion_page_id=$47 - WHERE - user_id=$44 - ` - _, err = s.db.Exec( - query, - integration.PinboardEnabled, - integration.PinboardToken, - integration.PinboardTags, - integration.PinboardMarkAsUnread, - integration.InstapaperEnabled, - integration.InstapaperUsername, - integration.InstapaperPassword, - integration.FeverEnabled, - integration.FeverUsername, - integration.FeverToken, - integration.WallabagEnabled, - integration.WallabagOnlyURL, - integration.WallabagURL, - integration.WallabagClientID, - integration.WallabagClientSecret, - integration.WallabagUsername, - integration.WallabagPassword, - integration.NunuxKeeperEnabled, - integration.NunuxKeeperURL, - integration.NunuxKeeperAPIKey, - integration.PocketEnabled, - integration.PocketAccessToken, - integration.PocketConsumerKey, - integration.GoogleReaderEnabled, - integration.GoogleReaderUsername, - integration.GoogleReaderPassword, - integration.TelegramBotEnabled, - integration.TelegramBotToken, - integration.TelegramBotChatID, - integration.EspialEnabled, - integration.EspialURL, - integration.EspialAPIKey, - integration.EspialTags, - integration.LinkdingEnabled, - integration.LinkdingURL, - integration.LinkdingAPIKey, - integration.LinkdingTags, - integration.LinkdingMarkAsUnread, - integration.MatrixBotEnabled, - integration.MatrixBotUser, - integration.MatrixBotPassword, - integration.MatrixBotURL, - integration.MatrixBotChatID, - integration.UserID, - integration.NotionEnabled, - integration.NotionToken, - integration.NotionPageID, - ) - } + _, err := s.db.Exec( + query, + integration.PinboardEnabled, + integration.PinboardToken, + integration.PinboardTags, + integration.PinboardMarkAsUnread, + integration.InstapaperEnabled, + integration.InstapaperUsername, + integration.InstapaperPassword, + integration.FeverEnabled, + integration.FeverUsername, + integration.FeverToken, + integration.WallabagEnabled, + integration.WallabagOnlyURL, + integration.WallabagURL, + integration.WallabagClientID, + integration.WallabagClientSecret, + integration.WallabagUsername, + integration.WallabagPassword, + integration.NunuxKeeperEnabled, + integration.NunuxKeeperURL, + integration.NunuxKeeperAPIKey, + integration.PocketEnabled, + integration.PocketAccessToken, + integration.PocketConsumerKey, + integration.GoogleReaderEnabled, + integration.GoogleReaderUsername, + integration.GoogleReaderPassword, + integration.TelegramBotEnabled, + integration.TelegramBotToken, + integration.TelegramBotChatID, + integration.EspialEnabled, + integration.EspialURL, + integration.EspialAPIKey, + integration.EspialTags, + integration.LinkdingEnabled, + integration.LinkdingURL, + integration.LinkdingAPIKey, + integration.LinkdingTags, + integration.LinkdingMarkAsUnread, + integration.MatrixBotEnabled, + integration.MatrixBotUser, + integration.MatrixBotPassword, + integration.MatrixBotURL, + integration.MatrixBotChatID, + integration.NotionEnabled, + integration.NotionToken, + integration.NotionPageID, + integration.UserID, + ) if err != nil { return fmt.Errorf(`store: unable to update integration row: %v`, err) diff --git a/storage/user.go b/storage/user.go index 5e20cee4..1f074cc9 100644 --- a/storage/user.go +++ b/storage/user.go @@ -9,6 +9,7 @@ import ( "runtime" "strings" + "miniflux.app/crypto" "miniflux.app/logger" "miniflux.app/model" @@ -57,7 +58,7 @@ func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*m var hashedPassword string if userCreationRequest.Password != "" { var err error - hashedPassword, err = hashPassword(userCreationRequest.Password) + hashedPassword, err = crypto.HashPassword(userCreationRequest.Password) if err != nil { return nil, err } @@ -157,7 +158,7 @@ func (s *Storage) CreateUser(userCreationRequest *model.UserCreationRequest) (*m // UpdateUser updates a user. func (s *Storage) UpdateUser(user *model.User) error { if user.Password != "" { - hashedPassword, err := hashPassword(user.Password) + hashedPassword, err := crypto.HashPassword(user.Password) if err != nil { return err } @@ -649,8 +650,3 @@ func (s *Storage) HasPassword(userID int64) (bool, error) { } return false, nil } - -func hashPassword(password string) (string, error) { - bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) - return string(bytes), err -} diff --git a/ui/integration_update.go b/ui/integration_update.go index 30f1824f..007239f4 100644 --- a/ui/integration_update.go +++ b/ui/integration_update.go @@ -8,6 +8,7 @@ import ( "fmt" "net/http" + "miniflux.app/crypto" "miniflux.app/http/request" "miniflux.app/http/response/html" "miniflux.app/http/route" @@ -56,11 +57,16 @@ func (h *handler) updateIntegration(w http.ResponseWriter, r *http.Request) { if integration.GoogleReaderEnabled { if integrationForm.GoogleReaderPassword != "" { - integration.GoogleReaderPassword = integrationForm.GoogleReaderPassword + integration.GoogleReaderPassword, err = crypto.HashPassword(integrationForm.GoogleReaderPassword) + if err != nil { + html.ServerError(w, r, err) + return + } } } else { integration.GoogleReaderPassword = "" } + err = h.store.UpdateIntegration(integration) if err != nil { html.ServerError(w, r, err)