BUGFIX: new user creation

2026-02-04 02:25:30 +00:00 · 2026-01-19 17:21:02 +01:00
parent 3017d4164b
commit 490738810b
3 changed files with 23 additions and 26 deletions
--- a/controllers/user_management_access.go
+++ b/controllers/user_management_access.go
@@ -71,7 +71,7 @@ func (p *UserManagementAccessPage) GET(engine *templating.Engine, app core.App)
 		// TODO: check if access token exists, if not generate
 		data := make(map[string]any)
 		data["role"] = role
-		data["access_url"] = "https://musenalm.de" + path_access + "?token=" + access_token.Token()
+		data["access_url"] = e.Request.Host + path_access + "?token=" + access_token.Token()
 		data["relative_url"] = path_access + "?token=" + access_token.Token()
 		data["validUntil"] = access_token.Expires().Time().Local().Format("02.01.2006 15:04")

@@ -117,7 +117,7 @@ func (p *UserManagementAccessPage) POST(engine *templating.Engine, app core.App)

 		data := make(map[string]any)
 		data["role"] = role
-		data["access_url"] = "https://musenalm.de" + path_access + "?token=" + token.Token()
+		data["access_url"] = e.Request.Host + path_access + "?token=" + token.Token()
 		data["relative_url"] = path_access + "?token=" + token.Token()
 		data["validUntil"] = token.Expires().Time().Format("02.01.2006 15:04")
 		data["csrf_token"] = req.Session().Token
--- a/dbmodels/queries.go
+++ b/dbmodels/queries.go
@@ -187,13 +187,13 @@ func Images_KeyPrefix(app core.App, prefix string) ([]*Image, error) {
 }

 func AccessTokens_Token(app core.App, token string) (*AccessToken, error) {
-	t := HashStringSHA256(token)
-	return TableByField[*AccessToken](
+	ret, err := TableByField[AccessToken](
 		app,
 		ACCESS_TOKENS_TABLE,
 		ACCESS_TOKENS_TOKEN_FIELD,
-		t,
+		token,
 	)
+	return &ret, err
 }

 func Users_Email(app core.App, email string) (*User, error) {
--- a/middleware/authenticated.go
+++ b/middleware/authenticated.go
@@ -25,6 +25,24 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
 			return e.Next()
 		}

+		token := e.Request.URL.Query().Get("token")
+		if token != "" {
+			a, err := dbmodels.AccessTokens_Token(app, token)
+			if err != nil {
+				slog.Error("Failed to find access token", "token", token, "error", err)
+			} else {
+				if a.User() != "" {
+					u, err := dbmodels.Users_ID(app, a.User())
+					if err != nil {
+						slog.Error("Failed to find access token user", "user", a.User(), "error", err)
+					} else {
+						e.Set("access_token_user", u.Fixed())
+					}
+				}
+				e.Set("access_token", a.Fixed())
+			}
+		}
+
 		cookie, err := e.Request.Cookie(dbmodels.SESSION_COOKIE_NAME)
 		if err != nil {
 			return e.Next()
@@ -73,27 +91,6 @@ func Authenticated(app core.App) func(*core.RequestEvent) error {
 		e.Set("user", user)
 		e.Set("session", session)

-		token := e.Request.URL.Query().Get("token")
-		if token != "" {
-			a, err := dbmodels.AccessTokens_Token(app, token)
-			if err != nil {
-				slog.Error("Failed to find access token", "token", token, "error", err)
-				return e.Next()
-			}
-
-			if a.User() != "" {
-				u, err := dbmodels.Users_ID(app, a.User())
-				if err != nil {
-					slog.Error("Failed to find access token user", "user", a.User(), "error", err)
-					return e.Next()
-				}
-
-				e.Set("access_token_user", u.Fixed())
-			}
-
-			e.Set("access_token", a.Fixed())
-		}
-
 		return e.Next()
 	}
 }