fix(httpapi): fail CSV import on encryption error instead of storing empty passwords
This commit is contained in:
+10
-2
@@ -29,8 +29,16 @@ func (s *Server) handleImportCSV(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
for _, row := range rows {
|
for _, row := range rows {
|
||||||
srcEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass))
|
srcEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.SrcPass))
|
||||||
dstEnc, _ := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass))
|
if err != nil {
|
||||||
|
http.Error(w, "encrypt", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
dstEnc, err := crypto.Encrypt(s.cfg.EncKey, []byte(row.DstPass))
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, "encrypt", http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
if _, err := s.store.CreateAccount(r.Context(), store.Account{
|
if _, err := s.store.CreateAccount(r.Context(), store.Account{
|
||||||
TaskID: taskID, SrcLogin: row.SrcLogin, SrcPassEnc: srcEnc,
|
TaskID: taskID, SrcLogin: row.SrcLogin, SrcPassEnc: srcEnc,
|
||||||
DstLogin: row.DstLogin, DstPassEnc: dstEnc,
|
DstLogin: row.DstLogin, DstPassEnc: dstEnc,
|
||||||
|
|||||||
@@ -0,0 +1,28 @@
|
|||||||
|
package httpapi
|
||||||
|
|
||||||
|
import (
|
||||||
|
"mime/multipart"
|
||||||
|
"net/http/httptest"
|
||||||
|
"strings"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/vasyansk/imap-copier/internal/config"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestImportCSVFailsOnBadEncKey(t *testing.T) {
|
||||||
|
// EncKey wrong size => crypto.Encrypt errors => handler must NOT return success
|
||||||
|
s := &Server{cfg: config.Config{EncKey: make([]byte, 16)}}
|
||||||
|
body := &strings.Builder{}
|
||||||
|
mw := multipart.NewWriter(body)
|
||||||
|
fw, _ := mw.CreateFormFile("file", "a.csv")
|
||||||
|
fw.Write([]byte("a@x,p1,a@y,p2\n"))
|
||||||
|
mw.Close()
|
||||||
|
req := httptest.NewRequest("POST", "/api/tasks/1/import", strings.NewReader(body.String()))
|
||||||
|
req.Header.Set("Content-Type", mw.FormDataContentType())
|
||||||
|
req.SetPathValue("id", "1")
|
||||||
|
rw := httptest.NewRecorder()
|
||||||
|
s.handleImportCSV(rw, req)
|
||||||
|
if rw.Code == 200 || rw.Code == 201 {
|
||||||
|
t.Fatalf("import must fail on bad EncKey, got %d", rw.Code)
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user