forked from Github-Mirrors/canaille
profile hashes take the user email in account
This commit is contained in:
parent
456d996741
commit
4f82b9eca4
4 changed files with 14 additions and 9 deletions
|
@ -358,7 +358,7 @@ def reset(uid, hash):
|
||||||
user = User.get(uid)
|
user = User.get(uid)
|
||||||
|
|
||||||
if not user or hash != profile_hash(
|
if not user or hash != profile_hash(
|
||||||
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
user.uid[0], user.mail[0], user.userPassword[0] if user.has_password() else ""
|
||||||
):
|
):
|
||||||
flash(
|
flash(
|
||||||
_("The password reset link that brought you here was invalid."),
|
_("The password reset link that brought you here was invalid."),
|
||||||
|
|
|
@ -15,7 +15,7 @@ def reset_html(user):
|
||||||
reset_url = url_for(
|
reset_url = url_for(
|
||||||
"account.reset",
|
"account.reset",
|
||||||
uid=user.uid[0],
|
uid=user.uid[0],
|
||||||
hash=profile_hash(user.uid[0], user.userPassword[0]),
|
hash=profile_hash(user.uid[0], user.mail[0], user.userPassword[0]),
|
||||||
_external=True,
|
_external=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -38,7 +38,7 @@ def reset_txt(user):
|
||||||
reset_url = url_for(
|
reset_url = url_for(
|
||||||
"account.reset",
|
"account.reset",
|
||||||
uid=user.uid[0],
|
uid=user.uid[0],
|
||||||
hash=profile_hash(user.uid[0], user.userPassword[0]),
|
hash=profile_hash(user.uid[0], user.mail[0], user.userPassword[0]),
|
||||||
_external=True,
|
_external=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,12 @@ from flask_themer import render_template
|
||||||
from .apputils import logo, send_email
|
from .apputils import logo, send_email
|
||||||
|
|
||||||
|
|
||||||
def profile_hash(user, password):
|
def profile_hash(user, email, password=None):
|
||||||
return hashlib.sha256(
|
return hashlib.sha256(
|
||||||
current_app.config["SECRET_KEY"].encode("utf-8")
|
current_app.config["SECRET_KEY"].encode("utf-8")
|
||||||
+ user.encode("utf-8")
|
+ user.encode("utf-8")
|
||||||
+ password.encode("utf-8")
|
+ email.encode("utf-8")
|
||||||
|
+ (password.encode("utf-8") if password else b"")
|
||||||
).hexdigest()
|
).hexdigest()
|
||||||
|
|
||||||
|
|
||||||
|
@ -19,7 +20,9 @@ def send_password_reset_mail(user):
|
||||||
"account.reset",
|
"account.reset",
|
||||||
uid=user.uid[0],
|
uid=user.uid[0],
|
||||||
hash=profile_hash(
|
hash=profile_hash(
|
||||||
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
user.uid[0],
|
||||||
|
user.mail[0],
|
||||||
|
user.userPassword[0] if user.has_password() else "",
|
||||||
),
|
),
|
||||||
_external=True,
|
_external=True,
|
||||||
)
|
)
|
||||||
|
@ -57,7 +60,9 @@ def send_password_initialization_mail(user):
|
||||||
"account.reset",
|
"account.reset",
|
||||||
uid=user.uid[0],
|
uid=user.uid[0],
|
||||||
hash=profile_hash(
|
hash=profile_hash(
|
||||||
user.uid[0], user.userPassword[0] if user.has_password() else ""
|
user.uid[0],
|
||||||
|
user.mail[0],
|
||||||
|
user.userPassword[0] if user.has_password() else "",
|
||||||
),
|
),
|
||||||
_external=True,
|
_external=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -5,7 +5,7 @@ def test_password_reset(testclient, slapd_connection, user):
|
||||||
user.attr_type_by_name(conn=slapd_connection)
|
user.attr_type_by_name(conn=slapd_connection)
|
||||||
user.reload(conn=slapd_connection)
|
user.reload(conn=slapd_connection)
|
||||||
with testclient.app.app_context():
|
with testclient.app.app_context():
|
||||||
hash = profile_hash("user", user.userPassword[0])
|
hash = profile_hash("user", user.mail[0], user.userPassword[0])
|
||||||
|
|
||||||
res = testclient.get("/reset/user/" + hash, status=200)
|
res = testclient.get("/reset/user/" + hash, status=200)
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ def test_password_reset_bad_password(testclient, slapd_connection, user):
|
||||||
user.attr_type_by_name(conn=slapd_connection)
|
user.attr_type_by_name(conn=slapd_connection)
|
||||||
user.reload(conn=slapd_connection)
|
user.reload(conn=slapd_connection)
|
||||||
with testclient.app.app_context():
|
with testclient.app.app_context():
|
||||||
hash = profile_hash("user", user.userPassword[0])
|
hash = profile_hash("user", user.mail[0], user.userPassword[0])
|
||||||
|
|
||||||
res = testclient.get("/reset/user/" + hash, status=200)
|
res = testclient.get("/reset/user/" + hash, status=200)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue