WIP: Add temporary file when changing htpasswd password

onidoru · onidoru · commit b79b82378c21 · 2024-02-02T10:06:27.000+02:00
diff --git a/pkg/api/htpasswd.go b/pkg/api/htpasswd.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 	"sync"
 
@@ -110,10 +111,7 @@ func (hc *HtpasswdClient) ChangePassword(login, supposedOldPassword, newPassword
 		return zerr.ErrPasswordIsEmpty
 	}
 
-	hc.credMap.rw.RLock()
-	oldPassphrase, ok := hc.credMap.m[login]
-	hc.credMap.rw.RUnlock()
-
+	oldPassphrase, ok := hc.credMap.Get(login)
 	if !ok {
 		return zerr.ErrBadUser
 	}
@@ -151,10 +149,31 @@ func (hc *HtpasswdClient) ChangePassword(login, supposedOldPassword, newPassword
 		}
 	}
 
-	// write new content to file
-	output := strings.Join(lines, "\n")
+	// write new content to temporary file
+	// and replace the old file with temporary, so the operation is atomic
+	output := []byte(strings.Join(lines, "\n"))
+
+	tmpfile, err := os.CreateTemp(filepath.Dir(hc.filepath), "htpasswd-*.tmp")
+	if err != nil {
+		return fmt.Errorf("error occurred when creating temp htpasswd file: %w", err)
+	}
+
+	if _, err := tmpfile.Write(output); err != nil {
+		tmpfile.Close()
+		os.Remove(tmpfile.Name())
+		return fmt.Errorf("error occurred when writing to temp htpasswd file: %w", err)
+	}
+
+	if err := tmpfile.Close(); err != nil {
+		os.Remove(tmpfile.Name())
+		return fmt.Errorf("error occurred when closing temp htpasswd file: %w", err)
+	}
+
+	if err := os.Rename(tmpfile.Name(), hc.filepath); err != nil {
+		return fmt.Errorf("error occurred while replacing htpasswd file with new file: %w", err)
+	}
 
-	err = os.WriteFile(hc.filepath, []byte(output), constants.DefaultDirPerms)
+	err = os.WriteFile(hc.filepath, output, constants.DefaultDirPerms)
 	if err != nil {
 		return fmt.Errorf("error occurred while writing to creds-file: %w", err)
 	}
diff --git a/pkg/api/routes.go b/pkg/api/routes.go
@@ -2248,14 +2248,16 @@ func (rh *RouteHandler) ChangePassword(resp http.ResponseWriter, req *http.Reque
 
 	userAc, err := reqCtx.UserAcFromContext(req.Context())
 	if err != nil {
-		resp.WriteHeader(http.StatusNotFound)
+		resp.WriteHeader(http.StatusInternalServerError)
 
 		return
 	}
 
 	username := userAc.GetUsername()
 	if username == "" {
 		resp.WriteHeader(http.StatusNotFound)
+
+		return
 	}
 
 	if err := rh.c.HtpasswdClient.ChangePassword(username, reqBody.OldPassword, reqBody.NewPassword); err != nil {

Original file line number	Diff line number	Diff line change
`@@ -2248,14 +2248,16 @@ func (rh RouteHandler) ChangePassword(resp http.ResponseWriter, req http.Reque`
`2248`	`2248`
`2249`	`2249`	`userAc, err := reqCtx.UserAcFromContext(req.Context())`
`2250`	`2250`	`if err != nil {`
`2251`		`- resp.WriteHeader(http.StatusNotFound)`
	`2251`	`+ resp.WriteHeader(http.StatusInternalServerError)`
`2252`	`2252`
`2253`	`2253`	`return`
`2254`	`2254`	`}`
`2255`	`2255`
`2256`	`2256`	`username := userAc.GetUsername()`
`2257`	`2257`	`if username == "" {`
`2258`	`2258`	`resp.WriteHeader(http.StatusNotFound)`
	`2259`	`+`
	`2260`	`+ return`
`2259`	`2261`	`}`
`2260`	`2262`
`2261`	`2263`	`if err := rh.c.HtpasswdClient.ChangePassword(username, reqBody.OldPassword, reqBody.NewPassword); err != nil {`