diff --git a/app/auth/models.py b/app/auth/models.py
index 1fd96ff9fbd68b47f5c5b6ae25a092dece5dd165..1022e90b89e98c2bde45db0097aa6ab74dcef65b 100644
--- a/app/auth/models.py
+++ b/app/auth/models.py
@@ -258,13 +258,16 @@ class User(UserMixin, ScoDocModel):
return True
return False
- def get_reset_password_token(self, expires_in=600):
- "Un token pour réinitialiser son mot de passe"
- return jwt.encode(
+ def get_reset_password_token(self, expires_in=24 * 60 * 60):
+ """Un token pour réinitialiser son mot de passe.
+ Par défaut valide durant 24 heures.
+ """
+ token = jwt.encode(
{"reset_password": self.id, "exp": time() + expires_in},
current_app.config["SECRET_KEY"],
algorithm="HS256",
)
+ return token
@staticmethod
def verify_reset_password_token(token):
@@ -275,7 +278,10 @@ class User(UserMixin, ScoDocModel):
)
except jwt.exceptions.ExpiredSignatureError:
log("verify_reset_password_token: token expired")
- except: # pylint: disable=bare-except
+ return None
+ except Exception as exc: # pylint: disable=bare-except
+ log("verify_reset_password_token: checking token '{token}'")
+ log(f"verify_reset_password_token: {exc}")
return None
try:
user_id = token["reset_password"]
diff --git a/app/auth/routes.py b/app/auth/routes.py
index e8283c1a49bb1cde9963383a2e991a71c6274832..6adb9a1e8c58b10f05a5b9d51e1dd630171c05a8 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -9,7 +9,7 @@ from flask import redirect, url_for, request
from flask_login import login_user, current_user
from sqlalchemy import func
-from app import db
+from app import db, log
from app.auth import bp, cas, logic
from app.auth.forms import (
CASUsersImportConfigForm,
@@ -168,6 +168,7 @@ def reset_password(token):
return redirect(url_for("scodoc.index"))
user: User = User.verify_reset_password_token(token)
if user is None:
+ log("reset_password: can't retreive user")
return redirect(url_for("scodoc.index"))
form = ResetPasswordForm()
if form.validate_on_submit():
diff --git a/app/views/users.py b/app/views/users.py
index c552503111ecaf0b9aee3f47c925508db543dfbc..5659d5c4cf2b40f8e0f52871acecbefc1e9a5736 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -308,6 +308,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"allow_null": False,
"readonly": edit_only_roles,
"strip": True,
+ "attributes": ['autocomplete="off"'],
},
),
(
@@ -318,6 +319,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"allow_null": False,
"readonly": edit_only_roles,
"strip": True,
+ "attributes": ['autocomplete="off"'],
},
),
]
@@ -355,6 +357,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"explanation": """nom utilisé pour la connexion.
Doit être unique parmi tous les utilisateurs.
Lettres ou chiffres uniquement.""",
+ "attributes": ['autocomplete="off"'],
},
),
("formsemestre_id", {"input_type": "hidden"}),
diff --git a/sco_version.py b/sco_version.py
index 4b1296bdaca6b84fb045dee2533a3f9e3a3ab841..b2ad927101bfe75c6f68fa71ef4b267767fb440d 100644
--- a/sco_version.py
+++ b/sco_version.py
@@ -3,7 +3,7 @@
"Infos sur version ScoDoc"
-SCOVERSION = "9.7.54"
+SCOVERSION = "9.7.55"
SCONAME = "ScoDoc"