fix(httpapi): fail CSV import on encryption error instead of storing empty passwords
This commit is contained in:
+10
-2
@@ -29,8 +29,16 @@ func (s *Server) handleImportCSV(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
for _, row := range rows {
|
||||
srcEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass))
|
||||
dstEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass))
|
||||
srcEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass))
|
||||
if err != nil {
|
||||
http.Error(w, "encrypt", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
dstEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass))
|
||||
if err != nil {
|
||||
http.Error(w, "encrypt", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
if _, err := s.store.CreateAccount(r.Context(), store.Account{
|
||||
TaskID: taskID, SrcLogin: row.SrcLogin, SrcPassEnc: srcEnc,
|
||||
DstLogin: row.DstLogin, DstPassEnc: dstEnc,
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
package httpapi
|
||||
|
||||
import (
|
||||
"mime/multipart"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/vasyansk/imap-copier/internal/config"
|
||||
)
|
||||
|
||||
func TestImportCSVFailsOnBadEncKey(t *testing.T) {
|
||||
// EncKey wrong size => crypto.Encrypt errors => handler must NOT return success
|
||||
s := &Server{cfg: config.Config{EncKey: make([]byte, 16)}}
|
||||
body := &strings.Builder{}
|
||||
mw := multipart.NewWriter(body)
|
||||
fw, _ := mw.CreateFormFile("file", "a.csv")
|
||||
fw.Write([]byte("a@x,p1,a@y,p2\n"))
|
||||
mw.Close()
|
||||
req := httptest.NewRequest("POST", "/api/tasks/1/import", strings.NewReader(body.String()))
|
||||
req.Header.Set("Content-Type", mw.FormDataContentType())
|
||||
req.SetPathValue("id", "1")
|
||||
rw := httptest.NewRecorder()
|
||||
s.handleImportCSV(rw, req)
|
||||
if rw.Code == 200 || rw.Code == 201 {
|
||||
t.Fatalf("import must fail on bad EncKey, got %d", rw.Code)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user