From 114dd59d703d00efe86ad02eb956aa5343daa08e Mon Sep 17 00:00:00 2001
From: Runxi Yu <me@runxiyu.org>
Date: Wed, 19 Feb 2025 21:24:47 +0800
Subject: all: Use COALESCE to handle some nullable database fields

---
 http_handle_login.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'http_handle_login.go')

diff --git a/http_handle_login.go b/http_handle_login.go
index f45db80..5aed680 100644
--- a/http_handle_login.go
+++ b/http_handle_login.go
@@ -23,7 +23,7 @@ func handle_login(w http.ResponseWriter, r *http.Request, params map[string]any)
 	password := r.PostFormValue("password")
 
 	var password_hash string
-	err := database.QueryRow(r.Context(), "SELECT id, password FROM users WHERE username = $1", username).Scan(&user_id, &password_hash)
+	err := database.QueryRow(r.Context(), "SELECT id, COALESCE(password, '') FROM users WHERE username = $1", username).Scan(&user_id, &password_hash)
 	if err != nil {
 		if errors.Is(err, pgx.ErrNoRows) {
 			params["login_error"] = "Unknown username"
@@ -33,6 +33,11 @@ func handle_login(w http.ResponseWriter, r *http.Request, params map[string]any)
 		http.Error(w, "Error querying user information: "+err.Error(), http.StatusInternalServerError)
 		return
 	}
+	if password_hash == "" {
+		params["login_error"] = "User has no password"
+		render_template(w, "login", params)
+		return
+	}
 
 	match, err := argon2id.ComparePasswordAndHash(password, password_hash)
 	if err != nil {
-- 
cgit v1.2.3