auth: keep init password available until password change

This commit is contained in:
line-6000
2026-06-28 18:14:17 +08:00
parent 73aef80499
commit 15de0e6940
5 changed files with 144 additions and 77 deletions
+49 -5
View File
@@ -42,7 +42,7 @@ func TestUpsertSettingRowRestoresSoftDeletedSetting(t *testing.T) {
}
}
func TestConsumeInitialAdminPasswordHardDeletesPlaintext(t *testing.T) {
func TestGetInitialAdminPasswordKeepsPlaintext(t *testing.T) {
cleanup := testutil.SetupTestDatabases(t)
defer cleanup()
@@ -51,14 +51,58 @@ func TestConsumeInitialAdminPasswordHardDeletesPlaintext(t *testing.T) {
t.Fatalf("seed initial password state: %v", err)
}
got, err := ConsumeInitialAdminPassword()
got, err := GetInitialAdminPassword()
if err != nil {
t.Fatalf("consume initial password: %v", err)
t.Fatalf("get initial password: %v", err)
}
if got != password {
t.Fatalf("password = %q, want %q", got, password)
}
var count int64
if err := dao.Mdb.Unscoped().
Model(&mdb.Setting{}).
Where("`key` = ?", mdb.SettingKeyInitAdminPasswordPlain).
Count(&count).Error; err != nil {
t.Fatalf("count plaintext setting: %v", err)
}
if count != 1 {
t.Fatalf("plaintext setting rows after read = %d, want 1", count)
}
if GetSettingBool(mdb.SettingKeyInitAdminPasswordFetched, false) {
t.Fatal("expected fetched flag to stay false before password change")
}
}
func TestUpdateAdminUserPasswordHardDeletesInitialPasswordPlaintext(t *testing.T) {
cleanup := testutil.SetupTestDatabases(t)
defer cleanup()
const (
oldPassword = "init-pass-plain"
newPassword = "new-password-123"
)
if err := initAdminPasswordState(oldPassword); err != nil {
t.Fatalf("seed initial password state: %v", err)
}
hash, err := HashPassword(oldPassword)
if err != nil {
t.Fatalf("hash password: %v", err)
}
user := &mdb.AdminUser{
Username: defaultAdminUsername,
PasswordHash: hash,
Status: mdb.AdminUserStatusEnable,
}
if err := dao.Mdb.Create(user).Error; err != nil {
t.Fatalf("seed admin user: %v", err)
}
if err := UpdateAdminUserPassword(uint64(user.ID), newPassword); err != nil {
t.Fatalf("update admin password: %v", err)
}
var count int64
if err := dao.Mdb.Unscoped().
Model(&mdb.Setting{}).
@@ -67,10 +111,10 @@ func TestConsumeInitialAdminPasswordHardDeletesPlaintext(t *testing.T) {
t.Fatalf("count plaintext setting: %v", err)
}
if count != 0 {
t.Fatalf("plaintext setting rows after consume = %d, want 0", count)
t.Fatalf("plaintext setting rows after password change = %d, want 0", count)
}
if !GetSettingBool(mdb.SettingKeyInitAdminPasswordFetched, false) {
t.Fatal("expected fetched flag to be true")
t.Fatal("expected fetched flag to be true after password change")
}
}