forked from github/plane
Merge pull request #248 from makeplane/fix/password_empty
fix: update empty passwords to hashed string and add hashing for magic sign in
This commit is contained in:
commit
5785ab9e96
@ -1,11 +1,13 @@
|
|||||||
# All the python scripts that are used for back migrations
|
# All the python scripts that are used for back migrations
|
||||||
|
import uuid
|
||||||
from plane.db.models import ProjectIdentifier
|
from plane.db.models import ProjectIdentifier
|
||||||
from plane.db.models import Issue, IssueComment
|
from plane.db.models import Issue, IssueComment, User
|
||||||
|
from django.contrib.auth.hashers import make_password
|
||||||
|
|
||||||
|
|
||||||
# Update description and description html values for old descriptions
|
# Update description and description html values for old descriptions
|
||||||
def update_description():
|
def update_description():
|
||||||
try:
|
try:
|
||||||
|
|
||||||
issues = Issue.objects.all()
|
issues = Issue.objects.all()
|
||||||
updated_issues = []
|
updated_issues = []
|
||||||
|
|
||||||
@ -25,7 +27,6 @@ def update_description():
|
|||||||
|
|
||||||
def update_comments():
|
def update_comments():
|
||||||
try:
|
try:
|
||||||
|
|
||||||
issue_comments = IssueComment.objects.all()
|
issue_comments = IssueComment.objects.all()
|
||||||
updated_issue_comments = []
|
updated_issue_comments = []
|
||||||
|
|
||||||
@ -44,9 +45,11 @@ def update_comments():
|
|||||||
|
|
||||||
def update_project_identifiers():
|
def update_project_identifiers():
|
||||||
try:
|
try:
|
||||||
project_identifiers = ProjectIdentifier.objects.filter(workspace_id=None).select_related("project", "project__workspace")
|
project_identifiers = ProjectIdentifier.objects.filter(
|
||||||
|
workspace_id=None
|
||||||
|
).select_related("project", "project__workspace")
|
||||||
updated_identifiers = []
|
updated_identifiers = []
|
||||||
|
|
||||||
for identifier in project_identifiers:
|
for identifier in project_identifiers:
|
||||||
identifier.workspace_id = identifier.project.workspace_id
|
identifier.workspace_id = identifier.project.workspace_id
|
||||||
updated_identifiers.append(identifier)
|
updated_identifiers.append(identifier)
|
||||||
@ -58,3 +61,21 @@ def update_project_identifiers():
|
|||||||
except Exception as e:
|
except Exception as e:
|
||||||
print(e)
|
print(e)
|
||||||
print("Failed")
|
print("Failed")
|
||||||
|
|
||||||
|
|
||||||
|
def update_user_empty_password():
|
||||||
|
try:
|
||||||
|
users = User.objects.filter(password="")
|
||||||
|
updated_users = []
|
||||||
|
|
||||||
|
for user in users:
|
||||||
|
user.password = make_password(uuid.uuid4().hex)
|
||||||
|
user.is_password_autoset = True
|
||||||
|
updated_users.append(user)
|
||||||
|
|
||||||
|
User.objects.bulk_update(updated_users, ["password"], batch_size=50)
|
||||||
|
print("Success")
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
print(e)
|
||||||
|
print("Failed")
|
||||||
|
@ -9,6 +9,7 @@ from django.utils import timezone
|
|||||||
from django.core.exceptions import ValidationError
|
from django.core.exceptions import ValidationError
|
||||||
from django.core.validators import validate_email
|
from django.core.validators import validate_email
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from django.contrib.auth.hashers import make_password
|
||||||
|
|
||||||
# Third party imports
|
# Third party imports
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
@ -35,12 +36,10 @@ def get_tokens_for_user(user):
|
|||||||
|
|
||||||
|
|
||||||
class SignUpEndpoint(BaseAPIView):
|
class SignUpEndpoint(BaseAPIView):
|
||||||
|
|
||||||
permission_classes = (AllowAny,)
|
permission_classes = (AllowAny,)
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
try:
|
try:
|
||||||
|
|
||||||
email = request.data.get("email", False)
|
email = request.data.get("email", False)
|
||||||
password = request.data.get("password", False)
|
password = request.data.get("password", False)
|
||||||
|
|
||||||
@ -216,14 +215,12 @@ class SignOutEndpoint(BaseAPIView):
|
|||||||
|
|
||||||
|
|
||||||
class MagicSignInGenerateEndpoint(BaseAPIView):
|
class MagicSignInGenerateEndpoint(BaseAPIView):
|
||||||
|
|
||||||
permission_classes = [
|
permission_classes = [
|
||||||
AllowAny,
|
AllowAny,
|
||||||
]
|
]
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
try:
|
try:
|
||||||
|
|
||||||
email = request.data.get("email", False)
|
email = request.data.get("email", False)
|
||||||
|
|
||||||
if not email:
|
if not email:
|
||||||
@ -269,7 +266,6 @@ class MagicSignInGenerateEndpoint(BaseAPIView):
|
|||||||
ri.set(key, json.dumps(value), ex=expiry)
|
ri.set(key, json.dumps(value), ex=expiry)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
|
||||||
value = {"current_attempt": 0, "email": email, "token": token}
|
value = {"current_attempt": 0, "email": email, "token": token}
|
||||||
expiry = 600
|
expiry = 600
|
||||||
|
|
||||||
@ -293,14 +289,12 @@ class MagicSignInGenerateEndpoint(BaseAPIView):
|
|||||||
|
|
||||||
|
|
||||||
class MagicSignInEndpoint(BaseAPIView):
|
class MagicSignInEndpoint(BaseAPIView):
|
||||||
|
|
||||||
permission_classes = [
|
permission_classes = [
|
||||||
AllowAny,
|
AllowAny,
|
||||||
]
|
]
|
||||||
|
|
||||||
def post(self, request):
|
def post(self, request):
|
||||||
try:
|
try:
|
||||||
|
|
||||||
user_token = request.data.get("token", "").strip().lower()
|
user_token = request.data.get("token", "").strip().lower()
|
||||||
key = request.data.get("key", False)
|
key = request.data.get("key", False)
|
||||||
|
|
||||||
@ -313,19 +307,20 @@ class MagicSignInEndpoint(BaseAPIView):
|
|||||||
ri = redis_instance()
|
ri = redis_instance()
|
||||||
|
|
||||||
if ri.exists(key):
|
if ri.exists(key):
|
||||||
|
|
||||||
data = json.loads(ri.get(key))
|
data = json.loads(ri.get(key))
|
||||||
|
|
||||||
token = data["token"]
|
token = data["token"]
|
||||||
email = data["email"]
|
email = data["email"]
|
||||||
|
|
||||||
if str(token) == str(user_token):
|
if str(token) == str(user_token):
|
||||||
|
|
||||||
if User.objects.filter(email=email).exists():
|
if User.objects.filter(email=email).exists():
|
||||||
user = User.objects.get(email=email)
|
user = User.objects.get(email=email)
|
||||||
else:
|
else:
|
||||||
user = User.objects.create(
|
user = User.objects.create(
|
||||||
email=email, username=uuid.uuid4().hex
|
email=email,
|
||||||
|
username=uuid.uuid4().hex,
|
||||||
|
password=make_password(uuid.uuid4().hex),
|
||||||
|
is_password_autoset=True,
|
||||||
)
|
)
|
||||||
|
|
||||||
user.last_active = timezone.now()
|
user.last_active = timezone.now()
|
||||||
|
Loading…
Reference in New Issue
Block a user