Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 06:40:54 +03:00
Code Issues Packages Projects Releases Wiki Activity

JWT: add token audience

Browse Source 
a token released for API audience cannot be used for web pages and
vice-versa
This commit is contained in:
Nicola Murino
2021-02-02 09:14:10 +01:00
parent 78bf808322
commit 4f609cfa30
6 changed files with 299 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
httpd/api_admin.go
View File

@@ -173,13 +173,13 @@ func changeAdminPassword(w http.ResponseWriter, r *http.Request) {
func doChangeAdminPassword(r *http.Request, currentPassword, newPassword, confirmNewPassword string) error {
if currentPassword == "" || newPassword == "" || confirmNewPassword == "" {
return dataprovider.NewValidationError("Please provide the current password and the new one two times")
return dataprovider.NewValidationError("please provide the current password and the new one two times")
}
if newPassword != confirmNewPassword {
return dataprovider.NewValidationError("The two password fields do not match")
return dataprovider.NewValidationError("the two password fields do not match")
}
if currentPassword == newPassword {
return dataprovider.NewValidationError("The new password must be different from the current one")
return dataprovider.NewValidationError("the new password must be different from the current one")
}
claims, err := getTokenClaims(r)
if err != nil {
@@ -191,7 +191,7 @@ func doChangeAdminPassword(r *http.Request, currentPassword, newPassword, confir
}
match, err := admin.CheckPassword(currentPassword)
if !match || err != nil {
return dataprovider.NewValidationError("Current password does not match")
return dataprovider.NewValidationError("current password does not match")
}
admin.Password = newPassword