Flaschengeist/flaschengeist
Flaschengeist
/
flaschengeist
7
0
Fork 0
Code Issues 20 Pull Requests Packages Projects Releases 2 Wiki Activity

[System][Plugin] auth: Using find_user for password reset, fixes #443 

* find_user will also search auth backend for user, so password recovery will also work if user was never logged in on Flaschengeist.
This commit is contained in:
Ferdinand Thiessen 2021-01-19 03:30:49 +01:00
parent 68512a9851
commit aeadc78acc
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
flaschengeist/controller/userController.py
View File

@ -116,6 +116,13 @@ def get_user_by_role(role: Role):
def get_user(uid): def get_user(uid):
"""Get an user by userid from database
Args:
uid: Userid to search for
Returns:
User fround
Raises:
NotFound if not found"""
user = User.query.filter(User.userid == uid).one_or_none() user = User.query.filter(User.userid == uid).one_or_none()
if not user: if not user:
raise NotFound raise NotFound
@ -123,16 +130,31 @@ def get_user(uid):
def find_user(uid_mail): def find_user(uid_mail):
"""Finding an user by userid or mail in database or auth-backend
Args:
uid_mail: userid and or mail to search for
Returns:
User if found or None
"""
mail = uid_mail.split("@") mail = uid_mail.split("@")
mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0 mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0
query = User.userid == uid_mail query = User.userid == uid_mail
if mail: if mail:
query |= User.mail == uid_mail query |= User.mail == uid_mail
return User.query.filter(query).one_or_none() user = User.query.filter(query).one_or_none()
if user:
update_user(user)
else:
user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None)
if user:
db.session.add(user)
db.session.commit()
return user
def delete(user): def delete(user):
"""Delete given user"""
current_app.config["FG_AUTH_BACKEND"].delete_user(user) current_app.config["FG_AUTH_BACKEND"].delete_user(user)
db.session.delete(user) db.session.delete(user)
db.session.commit() db.session.commit()

6
flaschengeist/plugins/auth/__init__.py
View File

@ -169,11 +169,9 @@ def get_assocd_user(token, current_session, **kwargs):
def reset_password(): def reset_password():
data = request.get_json() data = request.get_json()
if "userid" in data: if "userid" in data:
try: user = userController.find_user(data["userid"])
user = userController.find_user(data["userid"]) if user:
userController.request_reset(user) userController.request_reset(user)
except NotFound:
pass
elif "password" in data and "token" in data: elif "password" in data and "token" in data:
userController.reset_password(data["token"], data["password"]) userController.reset_password(data["token"], data["password"])
else: else: