From 6e2f3cb2c2f4f565c7cf783db7b474246da32e86 Mon Sep 17 00:00:00 2001
From: Emmanuel Viennet <emmanuel.viennet@gmail.com>
Date: Fri, 17 Jan 2025 15:52:21 +0100
Subject: [PATCH] User: augmente timeout token reset password.
---
app/auth/models.py | 14 ++++++++++----
app/auth/routes.py | 3 ++-
app/views/users.py | 3 +++
sco_version.py | 2 +-
4 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/app/auth/models.py b/app/auth/models.py
index 1fd96ff9..1022e90b 100644
--- a/app/auth/models.py
+++ b/app/auth/models.py
@@ -258,13 +258,16 @@ class User(UserMixin, ScoDocModel):
return True
return False
- def get_reset_password_token(self, expires_in=600):
- "Un token pour réinitialiser son mot de passe"
- return jwt.encode(
+ def get_reset_password_token(self, expires_in=24 * 60 * 60):
+ """Un token pour réinitialiser son mot de passe.
+ Par défaut valide durant 24 heures.
+ """
+ token = jwt.encode(
{"reset_password": self.id, "exp": time() + expires_in},
current_app.config["SECRET_KEY"],
algorithm="HS256",
)
+ return token
@staticmethod
def verify_reset_password_token(token):
@@ -275,7 +278,10 @@ class User(UserMixin, ScoDocModel):
)
except jwt.exceptions.ExpiredSignatureError:
log("verify_reset_password_token: token expired")
- except: # pylint: disable=bare-except
+ return None
+ except Exception as exc: # pylint: disable=bare-except
+ log("verify_reset_password_token: checking token '{token}'")
+ log(f"verify_reset_password_token: {exc}")
return None
try:
user_id = token["reset_password"]
diff --git a/app/auth/routes.py b/app/auth/routes.py
index e8283c1a..6adb9a1e 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -9,7 +9,7 @@ from flask import redirect, url_for, request
from flask_login import login_user, current_user
from sqlalchemy import func
-from app import db
+from app import db, log
from app.auth import bp, cas, logic
from app.auth.forms import (
CASUsersImportConfigForm,
@@ -168,6 +168,7 @@ def reset_password(token):
return redirect(url_for("scodoc.index"))
user: User = User.verify_reset_password_token(token)
if user is None:
+ log("reset_password: can't retreive user")
return redirect(url_for("scodoc.index"))
form = ResetPasswordForm()
if form.validate_on_submit():
diff --git a/app/views/users.py b/app/views/users.py
index c5525031..5659d5c4 100644
--- a/app/views/users.py
+++ b/app/views/users.py
@@ -308,6 +308,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"allow_null": False,
"readonly": edit_only_roles,
"strip": True,
+ "attributes": ['autocomplete="off"'],
},
),
(
@@ -318,6 +319,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"allow_null": False,
"readonly": edit_only_roles,
"strip": True,
+ "attributes": ['autocomplete="off"'],
},
),
]
@@ -355,6 +357,7 @@ def create_user_form(user_name=None, edit=0, all_roles=True):
"explanation": """nom utilisé pour la connexion.
Doit être unique parmi tous les utilisateurs.
Lettres ou chiffres uniquement.""",
+ "attributes": ['autocomplete="off"'],
},
),
("formsemestre_id", {"input_type": "hidden"}),
diff --git a/sco_version.py b/sco_version.py
index 4b1296bd..b2ad9271 100644
--- a/sco_version.py
+++ b/sco_version.py
@@ -3,7 +3,7 @@
"Infos sur version ScoDoc"
-SCOVERSION = "9.7.54"
+SCOVERSION = "9.7.55"
SCONAME = "ScoDoc"
--
GitLab