fix: harden login for MLPS requirements
This commit is contained in:
@@ -25,10 +25,19 @@ func NewAuthHandler(a *bootstrap.App) *AuthHandler {
|
||||
a.JWT,
|
||||
a.Sessions,
|
||||
a.LoginGuard,
|
||||
),
|
||||
).WithPasswordCipher(a.PasswordCipher),
|
||||
}
|
||||
}
|
||||
|
||||
func (h *AuthHandler) PasswordPublicKey(c *gin.Context) {
|
||||
key := h.svc.PasswordPublicKey()
|
||||
if key == nil {
|
||||
response.Error(c, response.ErrNotFound(40420, "password_cipher_disabled", "password cipher is disabled"))
|
||||
return
|
||||
}
|
||||
response.Success(c, key)
|
||||
}
|
||||
|
||||
func (h *AuthHandler) Login(c *gin.Context) {
|
||||
var req app.LoginRequest
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
|
||||
@@ -13,6 +13,7 @@ func RegisterRoutes(app *bootstrap.App) {
|
||||
|
||||
authAPI := app.Engine.Group("/api/auth")
|
||||
authHandler := NewAuthHandler(app)
|
||||
authAPI.GET("/password-key", authHandler.PasswordPublicKey)
|
||||
authAPI.POST("/login", authHandler.Login)
|
||||
authAPI.POST("/refresh", authHandler.Refresh)
|
||||
|
||||
|
||||
@@ -59,6 +59,7 @@ func TestPublicRoutes_NoAuth(t *testing.T) {
|
||||
method string
|
||||
path string
|
||||
}{
|
||||
{http.MethodGet, "/api/auth/password-key"},
|
||||
{http.MethodPost, "/api/auth/login"},
|
||||
{http.MethodPost, "/api/auth/refresh"},
|
||||
{http.MethodGet, "/api/health/live"},
|
||||
|
||||
Reference in New Issue
Block a user