kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity

관리자 비밀번호 변경을 Kratos 해시 업데이트 방식으로 수정

Browse Source
This commit is contained in:
김용연
2026-03-31 10:28:27 +09:00
parent 4d8b9d9f87
commit 2364ff59d2
6 changed files with 335 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
backend/internal/handler/user_handler.go
View File

@@ -1203,12 +1203,13 @@ func (h *UserHandler) UpdateUser(c *fiber.Ctx) error {
}
}
finalLoginID := extractTraitString(traits, "id")
explicitLoginID := strings.TrimSpace(extractTraitString(traits, "id"))
userEmail := extractTraitString(traits, "email")
userPhone := extractTraitString(traits, "phone")
if err := domain.ValidateLoginID(finalLoginID, userEmail, userPhone); err != nil {
userPhone := extractTraitString(traits, "phone_number")
if err := domain.ValidateLoginID(explicitLoginID, userEmail, userPhone); err != nil {
return errorJSON(c, fiber.StatusBadRequest, err.Error())
}
finalLoginID := resolvePasswordLoginID(traits)
state := normalizeKratosState(req.Status)
@@ -1234,7 +1235,10 @@ func (h *UserHandler) UpdateUser(c *fiber.Ctx) error {
}
if req.Password != nil && *req.Password != "" {
if err := h.KratosAdmin.UpdateIdentityPassword(c.Context(), userID, *req.Password); err != nil {
if h.OryProvider == nil {
return errorJSON(c, fiber.StatusServiceUnavailable, "password provider not available")
}
if err := h.OryProvider.UpdateUserPassword(finalLoginID, *req.Password, nil); err != nil {
return errorJSON(c, fiber.StatusInternalServerError, err.Error())
}
}
@@ -1508,6 +1512,16 @@ func extractTraitString(traits map[string]interface{}, key string) string {
return ""
}
func resolvePasswordLoginID(traits map[string]interface{}) string {
if loginID := strings.TrimSpace(extractTraitString(traits, "id")); loginID != "" {
return loginID
}
if email := strings.TrimSpace(extractTraitString(traits, "email")); email != "" {
return email
}
return strings.TrimSpace(extractTraitString(traits, "phone_number"))
}
// syncLoginID ensures that the 'id' trait (used as Kratos identifier) is in sync with the configured custom field.
func syncLoginID(traits map[string]interface{}, metadata map[string]any, tenantID string, loginIDField string) {
if loginIDField == "" || loginIDField == "id" {