mirror of
https://github.com/cwinfo/powerdns-admin.git
synced 2024-12-29 06:25:40 +00:00
ensure authentication isn't possible without password
This commit is contained in:
parent
5a1a4b0161
commit
d65efe477a
@ -133,7 +133,9 @@ class User(db.Model):
|
|||||||
|
|
||||||
def check_password(self, hashed_password):
|
def check_password(self, hashed_password):
|
||||||
# Check hased password. Useing bcrypt, the salt is saved into the hash itself
|
# Check hased password. Useing bcrypt, the salt is saved into the hash itself
|
||||||
return bcrypt.checkpw(self.plain_text_password.encode('utf-8'), hashed_password.encode('utf-8'))
|
if (self.plain_text_password):
|
||||||
|
return bcrypt.checkpw(self.plain_text_password.encode('utf-8'), hashed_password.encode('utf-8'))
|
||||||
|
return False
|
||||||
|
|
||||||
def get_user_info_by_id(self):
|
def get_user_info_by_id(self):
|
||||||
user_info = User.query.get(int(self.id))
|
user_info = User.query.get(int(self.id))
|
||||||
|
@ -223,7 +223,7 @@ def saml_authorized():
|
|||||||
if not user:
|
if not user:
|
||||||
# create user
|
# create user
|
||||||
user = User(username=session['samlNameId'],
|
user = User(username=session['samlNameId'],
|
||||||
plain_text_password=gen_salt(30),
|
plain_text_password = None,
|
||||||
email=session['samlNameId'])
|
email=session['samlNameId'])
|
||||||
user.create_local_user()
|
user.create_local_user()
|
||||||
session['user_id'] = user.id
|
session['user_id'] = user.id
|
||||||
@ -233,7 +233,7 @@ def saml_authorized():
|
|||||||
user.firstname = session['samlUserdata']["givenname"][0]
|
user.firstname = session['samlUserdata']["givenname"][0]
|
||||||
if session['samlUserdata'].has_key("surname"):
|
if session['samlUserdata'].has_key("surname"):
|
||||||
user.lastname = session['samlUserdata']["surname"][0]
|
user.lastname = session['samlUserdata']["surname"][0]
|
||||||
user.plain_text_password = gen_salt(30)
|
user.plain_text_password = None
|
||||||
user.update_profile()
|
user.update_profile()
|
||||||
session['external_auth'] = True
|
session['external_auth'] = True
|
||||||
login_user(user, remember=False)
|
login_user(user, remember=False)
|
||||||
@ -267,7 +267,7 @@ def login():
|
|||||||
user = User(username=email,
|
user = User(username=email,
|
||||||
firstname=first_name,
|
firstname=first_name,
|
||||||
lastname=surname,
|
lastname=surname,
|
||||||
plain_text_password=gen_salt(7),
|
plain_text_password=None,
|
||||||
email=email)
|
email=email)
|
||||||
user.create_local_user()
|
user.create_local_user()
|
||||||
|
|
||||||
@ -283,7 +283,7 @@ def login():
|
|||||||
if not user:
|
if not user:
|
||||||
# create user
|
# create user
|
||||||
user = User(username=user_info['name'],
|
user = User(username=user_info['name'],
|
||||||
plain_text_password=gen_salt(30),
|
plain_text_password=None,
|
||||||
email=user_info['email'])
|
email=user_info['email'])
|
||||||
user.create_local_user()
|
user.create_local_user()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user