Use correct models in user apis

api/user.go

@@ -45,7 +45,7 @@ func (a *UserAPI) GetCurrentUser(ctx *gin.Context) {
 
 // CreateUser creates a user
 func (a *UserAPI) CreateUser(ctx *gin.Context) {
-	user := model.UserExternal{}
+	user := model.UserExternalWithPass{}
 	if err := ctx.Bind(&user); err == nil {
 		if len(user.Pass) == 0 {
 			ctx.AbortWithError(400, errors.New("password may not be empty"))
@@ -87,13 +87,9 @@ func (a *UserAPI) DeleteUserByID(ctx *gin.Context) {
 	}
 }
 
-type userPassword struct {
-	Pass string `binding:"required" json:"pass" form:"pass" query:"pass" `
-}
-
 // ChangePassword changes the password from the current user
 func (a *UserAPI) ChangePassword(ctx *gin.Context) {
-	pw := userPassword{}
+	pw := model.UserExternalPass{}
 	if err := ctx.Bind(&pw); err == nil {
 		user := a.DB.GetUserByID(auth.GetUserID(ctx))
 		user.Pass = auth.CreatePassword(pw.Pass, a.PasswordStrength)
@@ -104,7 +100,7 @@ func (a *UserAPI) ChangePassword(ctx *gin.Context) {
 // UpdateUserByID updates and user by id
 func (a *UserAPI) UpdateUserByID(ctx *gin.Context) {
 	if id, err := toUInt(ctx.Param("id")); err == nil {
-		var user *model.UserExternal
+		var user *model.UserExternalWithPass
 		if err := ctx.Bind(&user); err == nil {
 			if oldUser := a.DB.GetUserByID(id); oldUser != nil {
 				internal := a.toInternal(user, oldUser.Pass)
@@ -125,7 +121,7 @@ func toUInt(id string) (uint, error) {
 	return uint(parsed), err
 }
 
-func (a *UserAPI) toInternal(response *model.UserExternal, pw []byte) *model.User {
+func (a *UserAPI) toInternal(response *model.UserExternalWithPass, pw []byte) *model.User {
 	user := &model.User{
 		Name:  response.Name,
 		Admin: response.Admin,

docs/spec.json

@@ -509,7 +509,7 @@
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/User"
+              "$ref": "#/definitions/UserPass"
             }
           }
         ],
@@ -833,7 +833,7 @@
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/User"
+              "$ref": "#/definitions/UserWithPass"
             }
           }
         ],
@@ -950,7 +950,7 @@
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/User"
+              "$ref": "#/definitions/UserWithPass"
             }
           }
         ],
@@ -1192,9 +1192,60 @@
       "x-go-package": "github.com/gotify/server/model"
     },
     "User": {
-      "description": "The User holds information about the credentials and other stuff.",
+      "description": "The User holds information about permission and other stuff.",
       "type": "object",
       "title": "UserExternal Model",
+      "required": [
+        "id",
+        "name"
+      ],
+      "properties": {
+        "admin": {
+          "description": "If the user is an administrator.",
+          "type": "boolean",
+          "x-go-name": "Admin",
+          "example": true
+        },
+        "id": {
+          "description": "The user id.",
+          "type": "integer",
+          "format": "uint64",
+          "x-go-name": "ID",
+          "readOnly": true,
+          "example": 25
+        },
+        "name": {
+          "description": "The user name. For login.",
+          "type": "string",
+          "x-go-name": "Name",
+          "example": "unicorn"
+        }
+      },
+      "x-go-name": "UserExternal",
+      "x-go-package": "github.com/gotify/server/model"
+    },
+    "UserPass": {
+      "description": "The Password for updating the user.",
+      "type": "object",
+      "title": "UserExternalPass Model",
+      "required": [
+        "pass"
+      ],
+      "properties": {
+        "pass": {
+          "description": "The user password. For login.",
+          "type": "string",
+          "x-go-name": "Pass",
+          "example": "nrocinu"
+        }
+      },
+      "x-go-name": "UserExternalPass",
+      "x-go-package": "github.com/gotify/server/model"
+    },
+    "UserWithPass": {
+      "description": "The UserWithPass holds information about the credentials and other stuff.",
+      "type": "object",
+      "title": "UserExternalWithPass Model",
       "required": [
         "id",
         "name",
@@ -1222,13 +1273,13 @@
           "example": "unicorn"
         },
         "pass": {
-          "description": "The user password. For login. (Will not be returned by any API)",
+          "description": "The user password. For login.",
           "type": "string",
           "x-go-name": "Pass",
-          "example": "mypassword; !will not be returned by any API!"
+          "example": "nrocinu"
         }
       },
-      "x-go-name": "UserExternal",
+      "x-go-name": "UserExternalWithPass",
       "x-go-package": "github.com/gotify/server/model"
     },
     "VersionInfo": {

model/user.go

@@ -12,7 +12,7 @@ type User struct {
 
 // UserExternal Model
 //
-// The User holds information about the credentials and other stuff.
+// The User holds information about permission and other stuff.
 //
 // swagger:model User
 type UserExternal struct {
@@ -21,19 +21,37 @@ type UserExternal struct {
 	// read only: true
 	// required: true
 	// example: 25
-	ID    uint   `json:"id"`
+	ID uint `json:"id"`
 	// The user name. For login.
 	//
 	// required: true
 	// example: unicorn
-	Name  string `binding:"required" json:"name" query:"name" form:"name"`
+	Name string `binding:"required" json:"name" query:"name" form:"name"`
-	// The user password. For login. (Will not be returned by any API)
-	//
-	// required: true
-	// example: mypassword; !will not be returned by any API!
-	Pass  string `json:"pass,omitempty" form:"pass" query:"pass"`
 	// If the user is an administrator.
 	//
 	// example: true
-	Admin bool   `json:"admin" form:"admin" query:"admin"`
+	Admin bool `json:"admin" form:"admin" query:"admin"`
+}
+
+// UserExternalWithPass Model
+//
+// The UserWithPass holds information about the credentials and other stuff.
+//
+// swagger:model UserWithPass
+type UserExternalWithPass struct {
+	UserExternal
+	UserExternalPass
+}
+
+// UserExternalPass Model
+//
+// The Password for updating the user.
+//
+// swagger:model UserPass
+type UserExternalPass struct {
+	// The user password. For login.
+	//
+	// required: true
+	// example: nrocinu
+	Pass string `json:"pass,omitempty" form:"pass" query:"pass" binding:"required"`
 }

router/router.go

@@ -515,7 +515,7 @@ func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Co
 		//   description: the user
 		//   required: true
 		//   schema:
-		//     $ref: "#/definitions/User"
+		//     $ref: "#/definitions/UserPass"
 		// responses:
 		//   200:
 		//     description: Ok
@@ -581,7 +581,7 @@ func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Co
 		//   description: the user to add
 		//   required: true
 		//   schema:
-		//     $ref: "#/definitions/User"
+		//     $ref: "#/definitions/UserWithPass"
 		// responses:
 		//   200:
 		//     description: Ok
@@ -685,7 +685,7 @@ func Create(db *database.GormDatabase, vInfo *model.VersionInfo, conf *config.Co
 		//   description: the updated user
 		//   required: true
 		//   schema:
-		//     $ref: "#/definitions/User"
+		//     $ref: "#/definitions/UserWithPass"
 		// responses:
 		//   200:
 		//     description: Ok