diff --git a/internal/api/handlers.go b/internal/api/handlers.go index 77f7591..237ca4f 100644 --- a/internal/api/handlers.go +++ b/internal/api/handlers.go @@ -329,7 +329,8 @@ func PostUserAccount(env *Environment) http.HandlerFunc { logErrorAndWriteResponse("Username is required", http.StatusBadRequest, w) return } - if user.Password == "" { + var shouldGeneratePassword = user.Password == "" + if shouldGeneratePassword { generatedPassword, err := generatePassword() if err != nil { logErrorAndWriteResponse("Failed to generate password", http.StatusInternalServerError, w) @@ -339,7 +340,7 @@ func PostUserAccount(env *Environment) http.HandlerFunc { } if !validatePassword(user.Password) { logErrorAndWriteResponse( - "Password does not meet requirements. It must include at least one capital letter, one lowercase letter, and either a number or a symbol.", + "Password must have 8 or more characters, must include at least one capital letter, one lowercase letter, and either a number or a symbol.", http.StatusBadRequest, w, ) @@ -367,7 +368,10 @@ func PostUserAccount(env *Environment) http.HandlerFunc { w.Header().Set("Content-Type", "application/json") w.WriteHeader(http.StatusCreated) - response, err := json.Marshal(map[string]any{"id": id, "password": user.Password}) + response, err := json.Marshal(map[string]any{"id": id}) + if shouldGeneratePassword { + response, err = json.Marshal(map[string]any{"id": id, "password": user.Password}) + } if err != nil { logErrorAndWriteResponse("Error marshaling response", http.StatusInternalServerError, w) } @@ -412,7 +416,7 @@ func ChangeUserAccountPassword(env *Environment) http.HandlerFunc { } if !validatePassword(user.Password) { logErrorAndWriteResponse( - "Password does not meet requirements. It must include at least one capital letter, one lowercase letter, and either a number or a symbol.", + "Password must have 8 or more characters, must include at least one capital letter, one lowercase letter, and either a number or a symbol.", http.StatusBadRequest, w, ) diff --git a/internal/api/handlers_test.go b/internal/api/handlers_test.go index 5ac9414..589fd96 100644 --- a/internal/api/handlers_test.go +++ b/internal/api/handlers_test.go @@ -107,10 +107,10 @@ const ( adminUser = `{"username": "testadmin", "password": "Admin123"}` validUser = `{"username": "testuser", "password": "userPass!"}` invalidUser = `{"username": "", "password": ""}` - noPasswordUser = `{"username": "nopass", "password": ""}` + noPasswordUser = `{"username": "nopass"}` adminUserNewPassword = `{"id": 1, "password": "newPassword1"}` userNewInvalidPassword = `{"id": 1, "password": "password"}` - userMissingPassword = `{"id": 1, "password": ""}` + userMissingPassword = `{"id": 1}` adminUserWrongPass = `{"username": "testadmin", "password": "wrongpass"}` notExistingUser = `{"username": "not_existing", "password": "user"}` ) @@ -392,7 +392,7 @@ func TestGoCertUsersHandlers(t *testing.T) { method: "POST", path: "/api/v1/accounts", data: adminUser, - response: "{\"id\":1,\"password\":\"Admin123\"}", + response: "{\"id\":1}", status: http.StatusCreated, }, { @@ -408,7 +408,7 @@ func TestGoCertUsersHandlers(t *testing.T) { method: "POST", path: "/api/v1/accounts", data: validUser, - response: "{\"id\":2,\"password\":\"userPass!\"}", + response: "{\"id\":2}", status: http.StatusCreated, }, { @@ -472,7 +472,7 @@ func TestGoCertUsersHandlers(t *testing.T) { method: "POST", path: "/api/v1/accounts/1/change_password", data: userNewInvalidPassword, - response: "Password does not meet requirements. It must include at least one capital letter, one lowercase letter, and either a number or a symbol.", + response: "Password must have 8 or more characters, must include at least one capital letter, one lowercase letter, and either a number or a symbol.", status: http.StatusBadRequest, }, { @@ -546,7 +546,7 @@ func TestLogin(t *testing.T) { method: "POST", path: "/api/v1/accounts", data: adminUser, - response: "{\"id\":1,\"password\":\"Admin123\"}", + response: "{\"id\":1}", status: http.StatusCreated, }, {