[System][Plugin] auth: Using find_user for password reset, fixes #443

* find_user will also search auth backend for user, so password recovery will also work if user was never logged in on Flaschengeist.
2021-01-19 03:30:49 +01:00 · 2021-01-19 03:30:49 +01:00 · aeadc78acc
parent 68512a9851
commit aeadc78acc
2 changed files with 25 additions and 5 deletions
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@ -116,6 +116,13 @@ def get_user_by_role(role: Role):


 def get_user(uid):
+    """Get an user by userid from database
+    Args:
+        uid: Userid to search for
+    Returns:
+        User fround
+    Raises:
+        NotFound if not found"""
    user = User.query.filter(User.userid == uid).one_or_none()
    if not user:
        raise NotFound
@ -123,16 +130,31 @@ def get_user(uid):


 def find_user(uid_mail):
+    """Finding an user by userid or mail in database or auth-backend
+    Args:
+        uid_mail: userid and or mail to search for
+    Returns:
+        User if found or None
+    """
    mail = uid_mail.split("@")
    mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0

    query = User.userid == uid_mail
    if mail:
        query |= User.mail == uid_mail
-    return User.query.filter(query).one_or_none()
+    user = User.query.filter(query).one_or_none()
+    if user:
+        update_user(user)
+    else:
+        user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None)
+        if user:
+            db.session.add(user)
+            db.session.commit()
+    return user


 def delete(user):
+    """Delete given user"""
    current_app.config["FG_AUTH_BACKEND"].delete_user(user)
    db.session.delete(user)
    db.session.commit()
--- a/flaschengeist/plugins/auth/init.py
+++ b/flaschengeist/plugins/auth/init.py
@ -169,11 +169,9 @@ def get_assocd_user(token, current_session, **kwargs):
 def reset_password():
    data = request.get_json()
    if "userid" in data:
-        try:
-            user = userController.find_user(data["userid"])
+        user = userController.find_user(data["userid"])
+        if user:
            userController.request_reset(user)
-        except NotFound:
-            pass
    elif "password" in data and "token" in data:
        userController.reset_password(data["token"], data["password"])
    else: