From 29cc4d928051bd05fb00f3fd1df463ab8598e0f1 Mon Sep 17 00:00:00 2001 From: Alejandro Sirgo Rica Date: Wed, 19 Jun 2024 12:29:45 +0200 Subject: views: prevent user removal after password mismatch in user/edit If password and confirm password fields mismatch in user/edit, then the user is deleted. The deletion of the user happens before the password validation and the new user configuration is only saved if the validation passes. Add code to properly handle the user deletion after the validation. --- ogcp/views.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ogcp/views.py b/ogcp/views.py index f023d1f..59e138c 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -2903,12 +2903,18 @@ def save_user(form, preserve_pwd): with open(filename, 'r+') as file: config = json.load(file) + old_user = get_user(username) + + if old_user: + config['USERS'].remove(old_user) config['USERS'].append(user) file.seek(0) json.dump(config, file, indent='\t') file.truncate() + if old_user: + app.config['USERS'].remove(old_user) app.config['USERS'].append(user) return redirect(url_for('users')) @@ -2998,8 +3004,6 @@ def user_edit_post(): if preserve_pwd: form.pwd.data = old_user_data.get("PASS") - delete_user(username) - return save_user(form, preserve_pwd) -- cgit v1.2.3-18-g5258