ensure authentication isn't possible without password

This commit is contained in:
thomasDOTde 2017-11-06 23:36:11 +01:00
parent 5a1a4b0161
commit d65efe477a
2 changed files with 7 additions and 5 deletions

View File

@ -133,7 +133,9 @@ class User(db.Model):
def check_password(self, hashed_password):
# Check hased password. Useing bcrypt, the salt is saved into the hash itself
return bcrypt.checkpw(self.plain_text_password.encode('utf-8'), hashed_password.encode('utf-8'))
if (self.plain_text_password):
return bcrypt.checkpw(self.plain_text_password.encode('utf-8'), hashed_password.encode('utf-8'))
return False
def get_user_info_by_id(self):
user_info = User.query.get(int(self.id))

View File

@ -223,7 +223,7 @@ def saml_authorized():
if not user:
# create user
user = User(username=session['samlNameId'],
plain_text_password=gen_salt(30),
plain_text_password = None,
email=session['samlNameId'])
user.create_local_user()
session['user_id'] = user.id
@ -233,7 +233,7 @@ def saml_authorized():
user.firstname = session['samlUserdata']["givenname"][0]
if session['samlUserdata'].has_key("surname"):
user.lastname = session['samlUserdata']["surname"][0]
user.plain_text_password = gen_salt(30)
user.plain_text_password = None
user.update_profile()
session['external_auth'] = True
login_user(user, remember=False)
@ -267,7 +267,7 @@ def login():
user = User(username=email,
firstname=first_name,
lastname=surname,
plain_text_password=gen_salt(7),
plain_text_password=None,
email=email)
user.create_local_user()
@ -283,7 +283,7 @@ def login():
if not user:
# create user
user = User(username=user_info['name'],
plain_text_password=gen_salt(30),
plain_text_password=None,
email=user_info['email'])
user.create_local_user()