added user_password tests

2025-03-05 14:54:19 +01:00
parent b2b702c21d
commit 7af66ee9de
5 changed files with 239 additions and 7 deletions
--- a/go-backend/internal/controllers/user_controller.go
+++ b/go-backend/internal/controllers/user_controller.go
@@ -82,13 +82,12 @@ func (uc *UserController) UpdateHandler(c *gin.Context) {
 		return
 	}

-	var user models.User
 	var updateData RegistrationData
 	if err := c.ShouldBindJSON(&updateData); err != nil {
 		utils.HandleValidationError(c, err)
 		return
 	}
-	user = updateData.User
+	user := updateData.User

 	if !utils.HasPrivilige(requestUser, constants.Priviliges.Update) && user.ID != requestUser.ID {
 		utils.RespondWithError(c, errors.ErrNotAuthorized, "Not allowed to update user", http.StatusForbidden, errors.Responses.Fields.User, errors.Responses.Keys.Unauthorized)
@@ -109,6 +108,7 @@ func (uc *UserController) UpdateHandler(c *gin.Context) {
 	user.BankAccountID = existingUser.BankAccountID

 	if requestUser.RoleID <= constants.Priviliges.View {
+		// deleting existing Users Password to prevent it from being recognized as changed in any case. (Incoming Password is empty if not changed)
 		existingUser.Password = ""
 		if err := utils.FilterAllowedStructFields(&user, existingUser, constants.MemberUpdateFields, ""); err != nil {
 			if err.Error() == "Not authorized" {