diff options
| author | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-19 12:29:45 +0200 |
|---|---|---|
| committer | Alejandro Sirgo Rica <asirgo@soleta.eu> | 2024-06-19 13:19:55 +0200 |
| commit | 29cc4d928051bd05fb00f3fd1df463ab8598e0f1 (patch) | |
| tree | 0eb625bfa374f6407713770fb7e98fdd974cd2ad | |
| parent | ee42cbd32355669304c63cbffe2c9d758e373fc2 (diff) | |
views: prevent user removal after password mismatch in user/edit
If password and confirm password fields mismatch in user/edit,
then the user is deleted.
The deletion of the user happens before the password validation
and the new user configuration is only saved if the validation
passes.
Add code to properly handle the user deletion after the validation.
| -rw-r--r-- | ogcp/views.py | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/ogcp/views.py b/ogcp/views.py index f023d1f..59e138c 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -2903,12 +2903,18 @@ def save_user(form, preserve_pwd): with open(filename, 'r+') as file: config = json.load(file) + old_user = get_user(username) + + if old_user: + config['USERS'].remove(old_user) config['USERS'].append(user) file.seek(0) json.dump(config, file, indent='\t') file.truncate() + if old_user: + app.config['USERS'].remove(old_user) app.config['USERS'].append(user) return redirect(url_for('users')) @@ -2998,8 +3004,6 @@ def user_edit_post(): if preserve_pwd: form.pwd.data = old_user_data.get("PASS") - delete_user(username) - return save_user(form, preserve_pwd) |