[System][Plugin] auth: Using find_user for password reset, fixes #443

* find_user will also search auth backend for user, so password recovery will also work if user was never logged in on Flaschengeist.
This commit is contained in:
Ferdinand Thiessen 2021-01-19 03:30:49 +01:00
parent 68512a9851
commit aeadc78acc
2 changed files with 25 additions and 5 deletions

View File

@ -116,6 +116,13 @@ def get_user_by_role(role: Role):
def get_user(uid):
"""Get an user by userid from database
Args:
uid: Userid to search for
Returns:
User fround
Raises:
NotFound if not found"""
user = User.query.filter(User.userid == uid).one_or_none()
if not user:
raise NotFound
@ -123,16 +130,31 @@ def get_user(uid):
def find_user(uid_mail):
"""Finding an user by userid or mail in database or auth-backend
Args:
uid_mail: userid and or mail to search for
Returns:
User if found or None
"""
mail = uid_mail.split("@")
mail = len(mail) == 2 and len(mail[0]) > 0 and len(mail[1]) > 0
query = User.userid == uid_mail
if mail:
query |= User.mail == uid_mail
return User.query.filter(query).one_or_none()
user = User.query.filter(query).one_or_none()
if user:
update_user(user)
else:
user = current_app.config["FG_AUTH_BACKEND"].find_user(uid_mail, uid_mail if mail else None)
if user:
db.session.add(user)
db.session.commit()
return user
def delete(user):
"""Delete given user"""
current_app.config["FG_AUTH_BACKEND"].delete_user(user)
db.session.delete(user)
db.session.commit()

View File

@ -169,11 +169,9 @@ def get_assocd_user(token, current_session, **kwargs):
def reset_password():
data = request.get_json()
if "userid" in data:
try:
user = userController.find_user(data["userid"])
user = userController.find_user(data["userid"])
if user:
userController.request_reset(user)
except NotFound:
pass
elif "password" in data and "token" in data:
userController.reset_password(data["token"], data["password"])
else: