Mercurial > gemma
diff pkg/controllers/pwreset.go @ 438:ffdb507d5b42
Removed db service user. Use an impersonated metamorph user instead.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Tue, 21 Aug 2018 11:33:19 +0200 |
parents | c1047fd04a3a |
children | fc37e7072022 |
line wrap: on
line diff
--- a/pkg/controllers/pwreset.go Mon Aug 20 18:10:55 2018 +0200 +++ b/pkg/controllers/pwreset.go Tue Aug 21 11:33:19 2018 +0200 @@ -15,7 +15,6 @@ "gemma.intevation.de/gemma/pkg/auth" "gemma.intevation.de/gemma/pkg/common" - "gemma.intevation.de/gemma/pkg/config" "gemma.intevation.de/gemma/pkg/misc" ) @@ -55,6 +54,8 @@ cleanupPause = 15 * time.Minute ) +const pwResetRole = "pw_reset" + var ( passwordResetRequestMailTmpl = template.Must( template.New("request").Parse(`You have requested a password change @@ -83,15 +84,6 @@ Your service team`)) ) -func asServiceUser(fn func(*sql.DB) error) error { - db, err := auth.OpenDB(config.ServiceUser(), config.ServicePassword()) - if err == nil { - defer db.Close() - err = fn(db) - } - return err -} - func init() { go removeOutdated() } @@ -99,7 +91,7 @@ func removeOutdated() { for { time.Sleep(cleanupPause) - err := asServiceUser(func(db *sql.DB) error { + err := auth.RunAs(pwResetRole, func(db *sql.DB) error { good := time.Now().Add(-passwordResetValid) _, err := db.Exec(cleanupRequestsSQL, good) return err @@ -184,7 +176,7 @@ var hash, email string - if err = asServiceUser(func(db *sql.DB) error { + if err = auth.RunAs(pwResetRole, func(db *sql.DB) error { var count int64 if err := db.QueryRow(countRequestsSQL).Scan(&count); err != nil { @@ -249,7 +241,7 @@ var email, user, password string - if err = asServiceUser(func(db *sql.DB) error { + if err = auth.RunAs(pwResetRole, func(db *sql.DB) error { err := db.QueryRow(findRequestSQL, hash).Scan(&email, &user) switch { case err == sql.ErrNoRows: