func UpdateUser() saves not hashed password to DB #5
Description
In user.go
function UpdateUser
saves not hashed password to DB.
So, it should look something like this:
func UpdateUser(w http.ResponseWriter, r *http.Request) {
user := &models.User{}
params := mux.Vars(r)
var id = params["id"]
db.First(&user, id)
json.NewDecoder(r.Body).Decode(user)
pass, err := bcrypt.GenerateFromPassword([]byte(user.Password), bcrypt.DefaultCost)
if err != nil {
fmt.Println(err)
err := ErrorResponse{
Err: "Password Encryption failed",
}
json.NewEncoder(w).Encode(err)
}
user.Password = string(pass)
db.Save(&user)
json.NewEncoder(w).Encode(&user)
}
Sorry for posting like this) Sometime I will have a time to post some PR.