Ebola-Chan/kd_discord_bot
1
0
Fork 0
forked from sh-edraft.de/sh_discord_bot
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed password handling #70

Browse Source
This commit is contained in:
Sven Heidemann 2022-10-18 19:50:13 +02:00
parent a082b879ca
commit 47a73a4298
3 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
kdb-bot/src/bot_api/controller/auth_controller.py
View File

@ -12,6 +12,7 @@ from bot_api.filter.auth_user_select_criteria import AuthUserSelectCriteria
from bot_api.json_processor import JSONProcessor from bot_api.json_processor import JSONProcessor
from bot_api.logging.api_logger import ApiLogger from bot_api.logging.api_logger import ApiLogger
from bot_api.model.auth_user_dto import AuthUserDTO from bot_api.model.auth_user_dto import AuthUserDTO
from bot_api.model.reset_password_dto import ResetPasswordDTO
from bot_api.model.token_dto import TokenDTO from bot_api.model.token_dto import TokenDTO
from bot_api.model.update_auth_user_dto import UpdateAuthUserDTO from bot_api.model.update_auth_user_dto import UpdateAuthUserDTO
from bot_api.route.route import Route from bot_api.route.route import Route
@ -62,7 +63,7 @@ class AuthController:
return jsonify(result.to_dict()) return jsonify(result.to_dict())
@Route.get(f'{BasePath}/users/find/<email>') @Route.get(f'{BasePath}/users/find/<email>')
@Route.authorize(role=AuthRoleEnum.admin) @Route.authorize
async def find_user_from_email(self, email: str) -> Response: async def find_user_from_email(self, email: str) -> Response:
result = await self._auth_service.find_auth_user_by_email_async(email) result = await self._auth_service.find_auth_user_by_email_async(email)
return jsonify(result.to_dict()) return jsonify(result.to_dict())
@ -99,7 +100,13 @@ class AuthController:
@Route.post(f'{BasePath}/confirm-forgot-password/<id>') @Route.post(f'{BasePath}/confirm-forgot-password/<id>')
async def confirm_forgot_password(self, id: str): async def confirm_forgot_password(self, id: str):
await self._auth_service.confirm_forgot_password_async(id) result = await self._auth_service.confirm_forgot_password_async(id)
return jsonify(result.to_dict())
@Route.post(f'{BasePath}/reset-password')
async def reset_password(self):
dto: ResetPasswordDTO = JSONProcessor.process(ResetPasswordDTO, request.get_json(force=True, silent=True))
await self._auth_service.reset_password_async(dto)
return '', 200 return '', 200
@Route.post(f'{BasePath}/update-user') @Route.post(f'{BasePath}/update-user')

4
kdb-bot/src/bot_api/model/update_auth_user_dto.py
View File

@ -12,7 +12,7 @@ class UpdateAuthUserDTO(DtoABC):
self, self,
auth_user_dto: AuthUserDTO, auth_user_dto: AuthUserDTO,
new_auth_user_dto: AuthUserDTO, new_auth_user_dto: AuthUserDTO,
change_password=False change_password: bool = False
): ):
DtoABC.__init__(self) DtoABC.__init__(self)
@ -35,7 +35,7 @@ class UpdateAuthUserDTO(DtoABC):
def from_dict(self, values: dict): def from_dict(self, values: dict):
self._auth_user = values['authUser'] self._auth_user = values['authUser']
self._new_auth_user = values['newAuthUser'] self._new_auth_user = values['newAuthUser']
self._change_password = False if 'changePassword' not in values else values['changePassword'] self._change_password = False if 'changePassword' not in values else bool(values['changePassword'])
def to_dict(self) -> dict: def to_dict(self) -> dict:
return { return {

21
kdb-bot/src/bot_api/service/auth_service.py
View File

@ -240,24 +240,14 @@ class AuthService(AuthServiceABC):
raise ServiceException(ServiceErrorCode.InvalidUser, 'User already exists') raise ServiceException(ServiceErrorCode.InvalidUser, 'User already exists')
user.email = update_user_dto.new_auth_user.email user.email = update_user_dto.new_auth_user.email
is_existing_password_set = False
is_new_password_set = False
# hash passwords in DTOs
if update_user_dto.auth_user.password is not None and update_user_dto.auth_user.password != '':
is_existing_password_set = True
update_user_dto.auth_user.password = self._hash_sha256(update_user_dto.auth_user.password, user.password_salt) update_user_dto.auth_user.password = self._hash_sha256(update_user_dto.auth_user.password, user.password_salt)
if update_user_dto.auth_user.password != user.password: if update_user_dto.auth_user.password != user.password:
raise ServiceException(ServiceErrorCode.InvalidUser, 'Wrong password') raise ServiceException(ServiceErrorCode.InvalidUser, 'Wrong password')
if update_user_dto.new_auth_user.password is not None and update_user_dto.new_auth_user.password != '':
is_new_password_set = True
update_user_dto.new_auth_user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
# update password # update password
if is_existing_password_set and is_new_password_set and update_user_dto.auth_user.password != update_user_dto.new_auth_user.password: if self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt) != user.password:
user.password_salt = uuid.uuid4() user.password_salt = uuid.uuid4()
user.password = update_user_dto.new_auth_user.password user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
self._auth_users.update_auth_user(user) self._auth_users.update_auth_user(user)
self._db.save_changes() self._db.save_changes()
@ -302,7 +292,7 @@ class AuthService(AuthServiceABC):
user.email = update_user_dto.new_auth_user.email user.email = update_user_dto.new_auth_user.email
# update password # update password
if update_user_dto.change_password and update_user_dto.auth_user.password != update_user_dto.new_auth_user.password: if update_user_dto.change_password and user.password != self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt):
user.password_salt = uuid.uuid4() user.password_salt = uuid.uuid4()
user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt) user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
@ -340,7 +330,7 @@ class AuthService(AuthServiceABC):
if user is None: if user is None:
raise ServiceException(ServiceErrorCode.InvalidData, 'Token expired') raise ServiceException(ServiceErrorCode.InvalidData, 'Token expired')
except Exception as e: except Exception as e:
self._logger.error(__name__, f'Refreshing token failed', e) self._logger.error(__name__, f'Token invalid', e)
return False return False
return True return True
@ -435,5 +425,8 @@ class AuthService(AuthServiceABC):
if user.password is None or rp_dto.password == '': if user.password is None or rp_dto.password == '':
raise ServiceException(ServiceErrorCode.InvalidData, f'Password not set') raise ServiceException(ServiceErrorCode.InvalidData, f'Password not set')
user.password_salt = uuid.uuid4()
user.password = self._hash_sha256(rp_dto.password, user.password_salt) user.password = self._hash_sha256(rp_dto.password, user.password_salt)
user.forgot_password_id = None
self._auth_users.update_auth_user(user)
self._db.save_changes() self._db.save_changes()