fix(users): Register: validate `mail`, handle duplicated `userid`, only send password mail if `mail` was set
continuous-integration/woodpecker the build was successful Details

This commit is contained in:
Ferdinand Thiessen 2021-12-18 01:56:52 +01:00
parent 9f6aa38925
commit bd371dfcf2
1 changed files with 24 additions and 12 deletions

View File

@ -1,4 +1,5 @@
import secrets
import re
from io import BytesIO
from sqlalchemy import exc
from flask import current_app
@ -214,20 +215,31 @@ def delete_user(user: User):
db.session.commit()
def register(data):
def register(data, passwd=None):
"""Register a new user
Args:
data: dictionary containing valid user properties
passwd: optional a password, default: 16byte random
"""
allowed_keys = User().serialize().keys()
values = {key: value for key, value in data.items() if key in allowed_keys}
roles = values.pop("roles", [])
if "birthday" in data:
values["birthday"] = from_iso_format(data["birthday"]).date()
if "mail" in data and not re.match(r"[^@]+@[^@]+\.[^@]+", data["mail"]):
raise BadRequest("Invalid mail given")
user = User(**values)
set_roles(user, roles)
password = secrets.token_urlsafe(16)
password = passwd if passwd else secrets.token_urlsafe(16)
current_app.config["FG_AUTH_BACKEND"].create_user(user, password)
try:
db.session.add(user)
db.session.commit()
except exc.IntegrityError:
raise BadRequest("userid already in use")
if user.mail:
reset = _generate_password_reset(user)
subject = str(config["MESSAGES"]["welcome_subject"]).format(name=user.display_name, username=user.userid)