From aeadc78acc03dd20c0bc6666ffc79cd2162a9e4f Mon Sep 17 00:00:00 2001 From: Ferdinand Thiessen Date: Tue, 19 Jan 2021 03:30:49 +0100 Subject: [PATCH] [System][Plugin] auth: Using find_user for password reset, fixes #443 * find_user will also search auth backend for user, so password recovery will also work if user was never logged in on Flaschengeist. --- flaschengeist/controller/userController.py | 24 +++++++++++++++++++++- flaschengeist/plugins/auth/__init__.py | 6 ++---- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py index eefcdeb..ed930e5 100644 --- a/flaschengeist/controller/userController.py +++ b/flaschengeist/controller/userController.py @@ -116,6 +116,13 @@ def get_user_by_role(role: Role): def get_user(uid): + """Get an user by userid from database + Args: + uid: Userid to search for + Returns: + User fround + Raises: + NotFound if not found""" user = User.query.filter(User.userid == uid).one_or_none() if not user: raise NotFound @@ -123,16 +130,31 @@ def get_user(uid): def find_user(uid_mail): + """Finding an user by userid or mail in database or auth-backend + Args: + uid_mail: userid and or mail to search for + Returns: + User if found or None + """ mail = uid_mail.split("@") mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0 query = User.userid == uid_mail if mail: query |= User.mail == uid_mail - return User.query.filter(query).one_or_none() + user = User.query.filter(query).one_or_none() + if user: + update_user(user) + else: + user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None) + if user: + db.session.add(user) + db.session.commit() + return user def delete(user): + """Delete given user""" current_app.config["FG_AUTH_BACKEND"].delete_user(user) db.session.delete(user) db.session.commit() diff --git a/flaschengeist/plugins/auth/__init__.py b/flaschengeist/plugins/auth/__init__.py index fa9e789..1ca0ad8 100644 --- a/flaschengeist/plugins/auth/__init__.py +++ b/flaschengeist/plugins/auth/__init__.py @@ -169,11 +169,9 @@ def get_assocd_user(token, current_session, **kwargs): def reset_password(): data = request.get_json() if "userid" in data: - try: - user = userController.find_user(data["userid"]) + user = userController.find_user(data["userid"]) + if user: userController.request_reset(user) - except NotFound: - pass elif "password" in data and "token" in data: userController.reset_password(data["token"], data["password"]) else: