github/plane
0
0
Fork 1
mirror of https://github.com/makeplane/plane synced 2024-06-14 14:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: update empty passwords to hashed string and add hashing for magic sign in

Browse Source
This commit is contained in:
pablohashescobar 2023-02-08 00:45:56 +05:30
parent d5bf1f7a91
commit 343718cd2a
2 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
apiserver/back_migration.py
View File

@ -1,11 +1,13 @@
# All the python scripts that are used for back migrations # All the python scripts that are used for back migrations
import uuid
from plane.db.models import ProjectIdentifier from plane.db.models import ProjectIdentifier
from plane.db.models import Issue, IssueComment from plane.db.models import Issue, IssueComment, User
from django.contrib.auth.hashers import make_password
# Update description and description html values for old descriptions # Update description and description html values for old descriptions
def update_description(): def update_description():
try: try:
issues = Issue.objects.all() issues = Issue.objects.all()
updated_issues = [] updated_issues = []
@ -25,7 +27,6 @@ def update_description():
def update_comments(): def update_comments():
try: try:
issue_comments = IssueComment.objects.all() issue_comments = IssueComment.objects.all()
updated_issue_comments = [] updated_issue_comments = []
@ -44,9 +45,11 @@ def update_comments():
def update_project_identifiers(): def update_project_identifiers():
try: try:
project_identifiers = ProjectIdentifier.objects.filter(workspace_id=None).select_related("project", "project__workspace") project_identifiers = ProjectIdentifier.objects.filter(
workspace_id=None
).select_related("project", "project__workspace")
updated_identifiers = [] updated_identifiers = []
for identifier in project_identifiers: for identifier in project_identifiers:
identifier.workspace_id = identifier.project.workspace_id identifier.workspace_id = identifier.project.workspace_id
updated_identifiers.append(identifier) updated_identifiers.append(identifier)
@ -58,3 +61,22 @@ def update_project_identifiers():
except Exception as e: except Exception as e:
print(e) print(e)
print("Failed") print("Failed")
def update_user_empty_password():
try:
users = User.objects.filter(password="")
updated_users = []
print(users)
for user in users:
user.password = make_password(uuid.uuid4().hex)
user.is_password_autoset = True
updated_users.append(user)
User.objects.bulk_update(updated_users, ["password"], batch_size=50)
print("Success")
except Exception as e:
print(e)
print("Failed")

15
apiserver/plane/api/views/authentication.py
View File

@ -9,6 +9,7 @@ from django.utils import timezone
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
from django.core.validators import validate_email from django.core.validators import validate_email
from django.conf import settings from django.conf import settings
from django.contrib.auth.hashers import make_password
# Third party imports # Third party imports
from rest_framework.response import Response from rest_framework.response import Response
@ -35,12 +36,10 @@ def get_tokens_for_user(user):
class SignUpEndpoint(BaseAPIView): class SignUpEndpoint(BaseAPIView):
permission_classes = (AllowAny,) permission_classes = (AllowAny,)
def post(self, request): def post(self, request):
try: try:
email = request.data.get("email", False) email = request.data.get("email", False)
password = request.data.get("password", False) password = request.data.get("password", False)
@ -216,14 +215,12 @@ class SignOutEndpoint(BaseAPIView):
class MagicSignInGenerateEndpoint(BaseAPIView): class MagicSignInGenerateEndpoint(BaseAPIView):
permission_classes = [ permission_classes = [
AllowAny, AllowAny,
] ]
def post(self, request): def post(self, request):
try: try:
email = request.data.get("email", False) email = request.data.get("email", False)
if not email: if not email:
@ -269,7 +266,6 @@ class MagicSignInGenerateEndpoint(BaseAPIView):
ri.set(key, json.dumps(value), ex=expiry) ri.set(key, json.dumps(value), ex=expiry)
else: else:
value = {"current_attempt": 0, "email": email, "token": token} value = {"current_attempt": 0, "email": email, "token": token}
expiry = 600 expiry = 600
@ -293,14 +289,12 @@ class MagicSignInGenerateEndpoint(BaseAPIView):
class MagicSignInEndpoint(BaseAPIView): class MagicSignInEndpoint(BaseAPIView):
permission_classes = [ permission_classes = [
AllowAny, AllowAny,
] ]
def post(self, request): def post(self, request):
try: try:
user_token = request.data.get("token", "").strip().lower() user_token = request.data.get("token", "").strip().lower()
key = request.data.get("key", False) key = request.data.get("key", False)
@ -313,19 +307,20 @@ class MagicSignInEndpoint(BaseAPIView):
ri = redis_instance() ri = redis_instance()
if ri.exists(key): if ri.exists(key):
data = json.loads(ri.get(key)) data = json.loads(ri.get(key))
token = data["token"] token = data["token"]
email = data["email"] email = data["email"]
if str(token) == str(user_token): if str(token) == str(user_token):
if User.objects.filter(email=email).exists(): if User.objects.filter(email=email).exists():
user = User.objects.get(email=email) user = User.objects.get(email=email)
else: else:
user = User.objects.create( user = User.objects.create(
email=email, username=uuid.uuid4().hex email=email,
username=uuid.uuid4().hex,
password=make_password(uuid.uuid4().hex),
is_password_autoset=True,
) )
user.last_active = timezone.now() user.last_active = timezone.now()