Fixed password handling #70
This commit is contained in:
parent
a082b879ca
commit
47a73a4298
@ -12,6 +12,7 @@ from bot_api.filter.auth_user_select_criteria import AuthUserSelectCriteria
|
|||||||
from bot_api.json_processor import JSONProcessor
|
from bot_api.json_processor import JSONProcessor
|
||||||
from bot_api.logging.api_logger import ApiLogger
|
from bot_api.logging.api_logger import ApiLogger
|
||||||
from bot_api.model.auth_user_dto import AuthUserDTO
|
from bot_api.model.auth_user_dto import AuthUserDTO
|
||||||
|
from bot_api.model.reset_password_dto import ResetPasswordDTO
|
||||||
from bot_api.model.token_dto import TokenDTO
|
from bot_api.model.token_dto import TokenDTO
|
||||||
from bot_api.model.update_auth_user_dto import UpdateAuthUserDTO
|
from bot_api.model.update_auth_user_dto import UpdateAuthUserDTO
|
||||||
from bot_api.route.route import Route
|
from bot_api.route.route import Route
|
||||||
@ -62,7 +63,7 @@ class AuthController:
|
|||||||
return jsonify(result.to_dict())
|
return jsonify(result.to_dict())
|
||||||
|
|
||||||
@Route.get(f'{BasePath}/users/find/<email>')
|
@Route.get(f'{BasePath}/users/find/<email>')
|
||||||
@Route.authorize(role=AuthRoleEnum.admin)
|
@Route.authorize
|
||||||
async def find_user_from_email(self, email: str) -> Response:
|
async def find_user_from_email(self, email: str) -> Response:
|
||||||
result = await self._auth_service.find_auth_user_by_email_async(email)
|
result = await self._auth_service.find_auth_user_by_email_async(email)
|
||||||
return jsonify(result.to_dict())
|
return jsonify(result.to_dict())
|
||||||
@ -99,7 +100,13 @@ class AuthController:
|
|||||||
|
|
||||||
@Route.post(f'{BasePath}/confirm-forgot-password/<id>')
|
@Route.post(f'{BasePath}/confirm-forgot-password/<id>')
|
||||||
async def confirm_forgot_password(self, id: str):
|
async def confirm_forgot_password(self, id: str):
|
||||||
await self._auth_service.confirm_forgot_password_async(id)
|
result = await self._auth_service.confirm_forgot_password_async(id)
|
||||||
|
return jsonify(result.to_dict())
|
||||||
|
|
||||||
|
@Route.post(f'{BasePath}/reset-password')
|
||||||
|
async def reset_password(self):
|
||||||
|
dto: ResetPasswordDTO = JSONProcessor.process(ResetPasswordDTO, request.get_json(force=True, silent=True))
|
||||||
|
await self._auth_service.reset_password_async(dto)
|
||||||
return '', 200
|
return '', 200
|
||||||
|
|
||||||
@Route.post(f'{BasePath}/update-user')
|
@Route.post(f'{BasePath}/update-user')
|
||||||
|
@ -12,7 +12,7 @@ class UpdateAuthUserDTO(DtoABC):
|
|||||||
self,
|
self,
|
||||||
auth_user_dto: AuthUserDTO,
|
auth_user_dto: AuthUserDTO,
|
||||||
new_auth_user_dto: AuthUserDTO,
|
new_auth_user_dto: AuthUserDTO,
|
||||||
change_password=False
|
change_password: bool = False
|
||||||
):
|
):
|
||||||
DtoABC.__init__(self)
|
DtoABC.__init__(self)
|
||||||
|
|
||||||
@ -35,7 +35,7 @@ class UpdateAuthUserDTO(DtoABC):
|
|||||||
def from_dict(self, values: dict):
|
def from_dict(self, values: dict):
|
||||||
self._auth_user = values['authUser']
|
self._auth_user = values['authUser']
|
||||||
self._new_auth_user = values['newAuthUser']
|
self._new_auth_user = values['newAuthUser']
|
||||||
self._change_password = False if 'changePassword' not in values else values['changePassword']
|
self._change_password = False if 'changePassword' not in values else bool(values['changePassword'])
|
||||||
|
|
||||||
def to_dict(self) -> dict:
|
def to_dict(self) -> dict:
|
||||||
return {
|
return {
|
||||||
|
@ -240,24 +240,14 @@ class AuthService(AuthServiceABC):
|
|||||||
raise ServiceException(ServiceErrorCode.InvalidUser, 'User already exists')
|
raise ServiceException(ServiceErrorCode.InvalidUser, 'User already exists')
|
||||||
user.email = update_user_dto.new_auth_user.email
|
user.email = update_user_dto.new_auth_user.email
|
||||||
|
|
||||||
is_existing_password_set = False
|
|
||||||
is_new_password_set = False
|
|
||||||
# hash passwords in DTOs
|
|
||||||
if update_user_dto.auth_user.password is not None and update_user_dto.auth_user.password != '':
|
|
||||||
is_existing_password_set = True
|
|
||||||
update_user_dto.auth_user.password = self._hash_sha256(update_user_dto.auth_user.password, user.password_salt)
|
update_user_dto.auth_user.password = self._hash_sha256(update_user_dto.auth_user.password, user.password_salt)
|
||||||
|
|
||||||
if update_user_dto.auth_user.password != user.password:
|
if update_user_dto.auth_user.password != user.password:
|
||||||
raise ServiceException(ServiceErrorCode.InvalidUser, 'Wrong password')
|
raise ServiceException(ServiceErrorCode.InvalidUser, 'Wrong password')
|
||||||
|
|
||||||
if update_user_dto.new_auth_user.password is not None and update_user_dto.new_auth_user.password != '':
|
|
||||||
is_new_password_set = True
|
|
||||||
update_user_dto.new_auth_user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
|
|
||||||
|
|
||||||
# update password
|
# update password
|
||||||
if is_existing_password_set and is_new_password_set and update_user_dto.auth_user.password != update_user_dto.new_auth_user.password:
|
if self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt) != user.password:
|
||||||
user.password_salt = uuid.uuid4()
|
user.password_salt = uuid.uuid4()
|
||||||
user.password = update_user_dto.new_auth_user.password
|
user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
|
||||||
|
|
||||||
self._auth_users.update_auth_user(user)
|
self._auth_users.update_auth_user(user)
|
||||||
self._db.save_changes()
|
self._db.save_changes()
|
||||||
@ -302,7 +292,7 @@ class AuthService(AuthServiceABC):
|
|||||||
user.email = update_user_dto.new_auth_user.email
|
user.email = update_user_dto.new_auth_user.email
|
||||||
|
|
||||||
# update password
|
# update password
|
||||||
if update_user_dto.change_password and update_user_dto.auth_user.password != update_user_dto.new_auth_user.password:
|
if update_user_dto.change_password and user.password != self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt):
|
||||||
user.password_salt = uuid.uuid4()
|
user.password_salt = uuid.uuid4()
|
||||||
user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
|
user.password = self._hash_sha256(update_user_dto.new_auth_user.password, user.password_salt)
|
||||||
|
|
||||||
@ -340,7 +330,7 @@ class AuthService(AuthServiceABC):
|
|||||||
if user is None:
|
if user is None:
|
||||||
raise ServiceException(ServiceErrorCode.InvalidData, 'Token expired')
|
raise ServiceException(ServiceErrorCode.InvalidData, 'Token expired')
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
self._logger.error(__name__, f'Refreshing token failed', e)
|
self._logger.error(__name__, f'Token invalid', e)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
@ -435,5 +425,8 @@ class AuthService(AuthServiceABC):
|
|||||||
if user.password is None or rp_dto.password == '':
|
if user.password is None or rp_dto.password == '':
|
||||||
raise ServiceException(ServiceErrorCode.InvalidData, f'Password not set')
|
raise ServiceException(ServiceErrorCode.InvalidData, f'Password not set')
|
||||||
|
|
||||||
|
user.password_salt = uuid.uuid4()
|
||||||
user.password = self._hash_sha256(rp_dto.password, user.password_salt)
|
user.password = self._hash_sha256(rp_dto.password, user.password_salt)
|
||||||
|
user.forgot_password_id = None
|
||||||
|
self._auth_users.update_auth_user(user)
|
||||||
self._db.save_changes()
|
self._db.save_changes()
|
||||||
|
Loading…
Reference in New Issue
Block a user