forked from Github-Mirrors/canaille
profile hashes take the user email in account
This commit is contained in:
Éloi Rivard
parent
456d996741
commit
4f82b9eca4
4 changed files with 14 additions and 9 deletions
|
|
@ -358,7 +358,7 @@ def reset(uid, hash):
|
|||
user = User.get(uid)
|
||||
|
||||
if not user or hash != profile_hash(
|
||||
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
||||
user.uid[0], user.mail[0], user.userPassword[0] if user.has_password() else ""
|
||||
):
|
||||
flash(
|
||||
_("The password reset link that brought you here was invalid."),
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ def reset_html(user):
|
|||
reset_url = url_for(
|
||||
"account.reset",
|
||||
uid=user.uid[0],
|
||||
hash=profile_hash(user.uid[0], user.userPassword[0]),
|
||||
hash=profile_hash(user.uid[0], user.mail[0], user.userPassword[0]),
|
||||
_external=True,
|
||||
)
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ def reset_txt(user):
|
|||
reset_url = url_for(
|
||||
"account.reset",
|
||||
uid=user.uid[0],
|
||||
hash=profile_hash(user.uid[0], user.userPassword[0]),
|
||||
hash=profile_hash(user.uid[0], user.mail[0], user.userPassword[0]),
|
||||
_external=True,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,11 +5,12 @@ from flask_themer import render_template
|
|||
from .apputils import logo, send_email
|
||||
|
||||
|
||||
def profile_hash(user, password):
|
||||
def profile_hash(user, email, password=None):
|
||||
return hashlib.sha256(
|
||||
current_app.config["SECRET_KEY"].encode("utf-8")
|
||||
+ user.encode("utf-8")
|
||||
+ password.encode("utf-8")
|
||||
+ email.encode("utf-8")
|
||||
+ (password.encode("utf-8") if password else b"")
|
||||
).hexdigest()
|
||||
|
||||
|
||||
|
|
@ -19,7 +20,9 @@ def send_password_reset_mail(user):
|
|||
"account.reset",
|
||||
uid=user.uid[0],
|
||||
hash=profile_hash(
|
||||
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
||||
user.uid[0],
|
||||
user.mail[0],
|
||||
user.userPassword[0] if user.has_password() else "",
|
||||
),
|
||||
_external=True,
|
||||
)
|
||||
|
|
@ -57,7 +60,9 @@ def send_password_initialization_mail(user):
|
|||
"account.reset",
|
||||
uid=user.uid[0],
|
||||
hash=profile_hash(
|
||||
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
||||
user.uid[0],
|
||||
user.mail[0],
|
||||
user.userPassword[0] if user.has_password() else "",
|
||||
),
|
||||
_external=True,
|
||||
)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ def test_password_reset(testclient, slapd_connection, user):
|
|||
user.attr_type_by_name(conn=slapd_connection)
|
||||
user.reload(conn=slapd_connection)
|
||||
with testclient.app.app_context():
|
||||
hash = profile_hash("user", user.userPassword[0])
|
||||
hash = profile_hash("user", user.mail[0], user.userPassword[0])
|
||||
|
||||
res = testclient.get("/reset/user/" + hash, status=200)
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ def test_password_reset_bad_password(testclient, slapd_connection, user):
|
|||
user.attr_type_by_name(conn=slapd_connection)
|
||||
user.reload(conn=slapd_connection)
|
||||
with testclient.app.app_context():
|
||||
hash = profile_hash("user", user.userPassword[0])
|
||||
hash = profile_hash("user", user.mail[0], user.userPassword[0])
|
||||
|
||||
res = testclient.get("/reset/user/" + hash, status=200)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue