From 50d2c91a546044cddb782ac07a14e9d92584c280 Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Fri, 8 Nov 2024 21:48:39 +0100
Subject: [PATCH] Connexion CAS / non CAS: correctif

---
 app/auth/models.py | 21 ++++++++++++++++-----
 sco_version.py     |  2 +-
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/app/auth/models.py b/app/auth/models.py
index dd3b649b..6749150d 100644
--- a/app/auth/models.py
+++ b/app/auth/models.py
@@ -180,7 +180,7 @@ class User(UserMixin, ScoDocModel):
 
     def set_password(self, password):
         "Set password"
-        current_app.logger.info(f"set_password({self})")
+        log(f"set_password({self})")
         if password:
             self.password_hash = generate_password_hash(password)
         else:
@@ -213,10 +213,21 @@ class User(UserMixin, ScoDocModel):
 
         # if CAS activated and cas_id, allow only super-user and users with cas_allow_scodoc_login
         cas_enabled = ScoDocSiteConfig.is_cas_enabled()
-        if cas_enabled:
-            if ScoDocSiteConfig.get("cas_force") and not self.is_administrator():
-                return False  # si CAS forcé, n'accepte que super-admin
-            if self.cas_id and not self.cas_allow_scodoc_login:
+        if cas_enabled and not self.is_administrator():
+            if not self.cas_allow_scodoc_login:
+                # CAS activé et compte non autorisé à se logguer sur ScoDoc
+                log(
+                    f"""auth: login attempt for user {self.user_name}: scodoc login not allowed
+                    """
+                )
+                return False
+            # si CAS activé et forcé et cas_id renseigné, on ne peut pas se logguer
+            if self.cas_id and ScoDocSiteConfig.get("cas_force"):
+                log(
+                    f"""auth: login attempt for user {self.user_name
+                        } (cas_id='{
+                        self.cas_id}'): cas forced and cas_id set: scodoc login not allowed"""
+                )
                 return False
 
         if not self.password_hash:  # user without password can't login
diff --git a/sco_version.py b/sco_version.py
index 76851301..8e43f1a7 100644
--- a/sco_version.py
+++ b/sco_version.py
@@ -3,7 +3,7 @@
 
 "Infos sur version ScoDoc"
 
-SCOVERSION = "9.7.41"
+SCOVERSION = "9.7.42"
 
 SCONAME = "ScoDoc"
 
-- 
GitLab