From aeadc78acc03dd20c0bc6666ffc79cd2162a9e4f Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <rpm@fthiessen.de>
Date: Tue, 19 Jan 2021 03:30:49 +0100
Subject: [PATCH] [System][Plugin] auth: Using find_user for password reset,
 fixes #443

* find_user will also search auth backend for user, so password recovery will also work if user was never logged in on Flaschengeist.
---
 flaschengeist/controller/userController.py | 24 +++++++++++++++++++++-
 flaschengeist/plugins/auth/__init__.py     |  6 ++----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/flaschengeist/controller/userController.py b/flaschengeist/controller/userController.py
index eefcdeb..ed930e5 100644
--- a/flaschengeist/controller/userController.py
+++ b/flaschengeist/controller/userController.py
@@ -116,6 +116,13 @@ def get_user_by_role(role: Role):
 
 
 def get_user(uid):
+    """Get an user by userid from database
+    Args:
+        uid: Userid to search for
+    Returns:
+        User fround
+    Raises:
+        NotFound if not found"""
     user = User.query.filter(User.userid == uid).one_or_none()
     if not user:
         raise NotFound
@@ -123,16 +130,31 @@ def get_user(uid):
 
 
 def find_user(uid_mail):
+    """Finding an user by userid or mail in database or auth-backend
+    Args:
+        uid_mail: userid and or mail to search for
+    Returns:
+        User if found or None
+    """
     mail = uid_mail.split("@")
     mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0
 
     query = User.userid == uid_mail
     if mail:
         query |= User.mail == uid_mail
-    return User.query.filter(query).one_or_none()
+    user = User.query.filter(query).one_or_none()
+    if user:
+        update_user(user)
+    else:
+        user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None)
+        if user:
+            db.session.add(user)
+            db.session.commit()
+    return user
 
 
 def delete(user):
+    """Delete given user"""
     current_app.config["FG_AUTH_BACKEND"].delete_user(user)
     db.session.delete(user)
     db.session.commit()
diff --git a/flaschengeist/plugins/auth/__init__.py b/flaschengeist/plugins/auth/__init__.py
index fa9e789..1ca0ad8 100644
--- a/flaschengeist/plugins/auth/__init__.py
+++ b/flaschengeist/plugins/auth/__init__.py
@@ -169,11 +169,9 @@ def get_assocd_user(token, current_session, **kwargs):
 def reset_password():
     data = request.get_json()
     if "userid" in data:
-        try:
-            user = userController.find_user(data["userid"])
+        user = userController.find_user(data["userid"])
+        if user:
             userController.request_reset(user)
-        except NotFound:
-            pass
     elif "password" in data and "token" in data:
         userController.reset_password(data["token"], data["password"])
     else: