barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-05-07 04:48:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: review comments batch 1

Browse Source
This commit is contained in:
Stavros
2026-05-05 18:43:22 +03:00
parent f3965a7470
commit d47e4d3d79
10 changed files with 131 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/controller/user_controller.go
+17 -12
View File
@@ -226,17 +226,6 @@ func (controller *UserController) logoutHandler(c *gin.Context) {
return
}
context, err := new(model.UserContext).NewFromGin(c)
if err != nil {
tlog.App.Error().Err(err).Msg("Failed to get user context on logout")
c.JSON(500, gin.H{
"status": 500,
"message": "Internal Server Error",
})
return
}
cookie, err := controller.auth.DeleteSession(c, uuid)
if err != nil {
@@ -248,7 +237,14 @@ func (controller *UserController) logoutHandler(c *gin.Context) {
return
}
tlog.AuditLogout(c, context.GetUsername(), context.ProviderName())
context, err := new(model.UserContext).NewFromGin(c)
if err == nil {
tlog.AuditLogout(c, context.GetUsername(), context.ProviderName())
} else {
tlog.App.Warn().Err(err).Msg("Failed to get user context for logout audit, proceeding without username")
tlog.AuditLogout(c, "unknown", "unknown")
}
http.SetCookie(c.Writer, cookie)
@@ -308,6 +304,15 @@ func (controller *UserController) totpHandler(c *gin.Context) {
user := controller.auth.GetLocalUser(context.GetUsername())
if user == nil {
tlog.App.Error().Str("username", context.GetUsername()).Msg("User not found in TOTP handler")
c.JSON(401, gin.H{
"status": 401,
"message": "Unauthorized",
})
return
}
ok := totp.Validate(req.Code, user.TOTPSecret)
if !ok {
internal/controller/user_controller_test.go
+5 -5
View File
@@ -67,7 +67,7 @@ func TestUserController(t *testing.T) {
totpCtx := func(c *gin.Context) {
c.Set("context", &model.UserContext{
Authenticated: true,
Authenticated: false,
Provider: model.ProviderLocal,
Local: &model.LocalContext{
BaseContext: model.BaseContext{
@@ -83,7 +83,7 @@ func TestUserController(t *testing.T) {
totpAttrCtx := func(c *gin.Context) {
c.Set("context", &model.UserContext{
Authenticated: true,
Authenticated: false,
Provider: model.ProviderLocal,
Local: &model.LocalContext{
BaseContext: model.BaseContext{
@@ -141,7 +141,7 @@ func TestUserController(t *testing.T) {
assert.Equal(t, "tinyauth-session", cookie.Name)
assert.True(t, cookie.HttpOnly)
assert.Equal(t, "example.com", cookie.Domain)
assert.Equal(t, 10, cookie.MaxAge)
assert.Equal(t, 9, cookie.MaxAge)
},
},
{
@@ -230,7 +230,7 @@ func TestUserController(t *testing.T) {
assert.Equal(t, "tinyauth-session", cookie.Name)
assert.True(t, cookie.HttpOnly)
assert.Equal(t, "example.com", cookie.Domain)
assert.Equal(t, 3600, cookie.MaxAge) // 1 hour, default for totp pending sessions
assert.Equal(t, 3599, cookie.MaxAge) // 1 hour, default for totp pending sessions
},
},
{
@@ -306,7 +306,7 @@ func TestUserController(t *testing.T) {
assert.Equal(t, "tinyauth-session", totpCookie.Name)
assert.True(t, totpCookie.HttpOnly)
assert.Equal(t, "example.com", totpCookie.Domain)
assert.Equal(t, 10, totpCookie.MaxAge) // should use the regular session expiry time
assert.Equal(t, 9, totpCookie.MaxAge) // should use the regular session expiry time
},
},
{