Fix failed login to unclaimed account

2020-12-15 12:29:25 +00:00 · 2020-12-15 12:29:25 +00:00 · 8e3930d092
parent 5cbdaae5b3
commit 8e3930d092
3 changed files with 18 additions and 8 deletions
--- a/app/blueprints/github/init.py
+++ b/app/blueprints/github/init.py
@ -19,11 +19,11 @@ from flask import Blueprint
 bp = Blueprint("github", __name__)

 from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
-from flask_login import current_user, login_required, login_user
+from flask_login import current_user, login_required
 from sqlalchemy import func, or_, and_
 from app import github, csrf
-from app.models import db, User, APIToken, Package, Permission, AuditSeverity, UserRank
-from app.utils import randomString, abs_url_for, addAuditLog
+from app.models import db, User, APIToken, Package, Permission, AuditSeverity
+from app.utils import randomString, abs_url_for, addAuditLog, login_user_set_active
 from app.blueprints.api.support import error, handleCreateRelease
 import hmac, requests, json

@ -72,7 +72,7 @@ def callback(oauth_token):
 		if userByGithub is None:
 			flash("Unable to find an account for that Github user", "danger")
 			return redirect(url_for("users.claim"))
-		elif login_user(userByGithub, remember=True):
+		elif login_user_set_active(userByGithub, remember=True):
 			addAuditLog(AuditSeverity.USER, userByGithub, "Logged in using GitHub OAuth",
 					url_for("users.profile", username=userByGithub.username))
 			db.session.commit()
--- a/app/blueprints/users/claim.py
+++ b/app/blueprints/users/claim.py
@ -14,18 +14,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.

-from flask_login import login_user
 from . import bp
 from flask import redirect, render_template, session, request, flash, url_for
 from app.models import db, User, UserRank
-from app.utils import randomString
+from app.utils import randomString, login_user_set_active
 from app.tasks.forumtasks import checkForumAccount
 from app.tasks.phpbbparser import getProfile
 import re

+
 def check_username(username):
 	return username is not None and len(username) >= 2 and re.match("^[A-Za-z0-9._-]*$", username)

+
@bp.route("/user/claim/", methods=["GET", "POST"])
 def claim():
 	username = request.args.get("username")
@ -52,7 +53,6 @@ def claim():
 			flash("Unable to find user", "danger")
 			return redirect(url_for("users.claim"))

-	token = None
 	if "forum_token" in session:
 		token = session["forum_token"]
 	else:
@ -102,7 +102,7 @@ def claim():
 					db.session.add(user)
 					db.session.commit()

-				if login_user(user, remember=True):
+				if login_user_set_active(user, remember=True):
 					return redirect(url_for("users.set_password"))
 				else:
 					flash("Unable to login as user", "danger")
--- a/app/utils.py
+++ b/app/utils.py
@ -149,6 +149,15 @@ def make_flask_login_password(plaintext):
 	return bcrypt.hash(plaintext.encode("UTF-8"))


+def login_user_set_active(user: User, *args, **kwargs):
+	if user.rank == UserRank.NOT_JOINED and user.email is None:
+		user.rank = UserRank.MEMBER
+		user.is_active = True
+		db.session.commit()
+
+	return login_user(user, *args, **kwargs)
+
+
 def rank_required(rank):
 	def decorator(f):
 		@wraps(f)
@ -163,6 +172,7 @@ def rank_required(rank):
 		return decorated_function
 	return decorator

+
 def getPackageByInfo(author, name):
 	user = User.query.filter_by(username=author).first()
 	if user is None: