From 5405cc50d938fa0a7bdcd3fff3a145b6cdf3012d Mon Sep 17 00:00:00 2001
From: cdricms <36056008+cdricms@users.noreply.github.com>
Date: Fri, 17 Jan 2025 10:57:59 +0100
Subject: [PATCH] Hashing new password on update

Using postgres' pgcrypt
---
 backend/api/update_user.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/api/update_user.go b/backend/api/update_user.go
index 3c7c915..3d7cd84 100644
--- a/backend/api/update_user.go
+++ b/backend/api/update_user.go
@@ -49,6 +49,7 @@ func HandleUpdateUser(w http.ResponseWriter, r *http.Request) {
 
 	for i := 0; i < val.NumField(); i++ {
 		field := val.Field(i)
+		fieldname := typ.Field(i).Name
 
 		tag := typ.Field(i).Tag.Get("bun")
 		if tag == "" {
@@ -57,7 +58,11 @@ func HandleUpdateUser(w http.ResponseWriter, r *http.Request) {
 
 		// Only add fields that are non-nil and non-zero
 		if field.IsValid() && !field.IsNil() && !field.IsZero() {
-			updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
+			if fieldname == "Password" {
+				updateQuery.Set(fmt.Sprintf("%s = crypt(?, gen_salt('bf'))", strings.Split(tag, ",")[0]), field.Interface())
+			} else {
+				updateQuery.Set(fmt.Sprintf("%s = ?", strings.Split(tag, ",")[0]), field.Interface())
+			}
 		}
 	}