thunderstrike/plane
thunderstrike/plane
2
0
Fork 0
forked from github/plane
Code Pull Requests Activity

[WEB - 1315] fix: user sign up and sign in on a deactivated account (#4460)

Browse Source 
* dev: remove email host user and email host password

* dev: fix user account deactivation error

* dev: fix caching issue of last workspace

* dev: add exclude for instances endpoint

* dev: update url redirection for auth
This commit is contained in:
Nikhil 2024-05-15 22:08:54 +05:30 committed by GitHub
parent b78a064305
commit 89f2e37b14
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 35 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apiserver/plane/app/views/user/base.py
View File

@ -269,6 +269,7 @@ class ProfileEndpoint(BaseAPIView):
serializer = ProfileSerializer(profile)
return Response(serializer.data, status=status.HTTP_200_OK)
@invalidate_cache("/api/users/me/settings/")
def patch(self, request):
profile = Profile.objects.get(user=request.user)
serializer = ProfileSerializer(

6
apiserver/plane/authentication/views/app/check.py
View File

@ -57,6 +57,8 @@ class EmailCheckSignUpEndpoint(APIView):
],
error_message="USER_ACCOUNT_DEACTIVATED",
)
# Raise user already exist
raise AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"USER_ALREADY_EXIST"
@ -120,7 +122,7 @@ class EmailCheckSignInEndpoint(APIView):
],
error_message="USER_ACCOUNT_DEACTIVATED",
)
# Return true
return Response(
{
"status": True,
@ -128,6 +130,8 @@ class EmailCheckSignInEndpoint(APIView):
},
status=status.HTTP_200_OK,
)
# Raise error
raise AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",

1
apiserver/plane/authentication/views/app/email.py
View File

@ -215,6 +215,7 @@ class SignUpAuthEndpoint(View):
)
return HttpResponseRedirect(url)
# Existing user
existing_user = User.objects.filter(email=email).first()
if existing_user:

48
apiserver/plane/authentication/views/app/magic.py
View File

@ -99,22 +99,6 @@ class MagicSignInEndpoint(View):
existing_user = User.objects.filter(email=email).first()
if not existing_user:
if not existing_user.is_active:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"USER_ACCOUNT_DEACTIVATED"
],
error_message="USER_ACCOUNT_DEACTIVATED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
base_host(request=request, is_app=True),
"sign-in?" + urlencode(params),
)
return HttpResponseRedirect(url)
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
@ -128,6 +112,22 @@ class MagicSignInEndpoint(View):
)
return HttpResponseRedirect(url)
if not existing_user.is_active:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"USER_ACCOUNT_DEACTIVATED"
],
error_message="USER_ACCOUNT_DEACTIVATED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
base_host(request=request, is_app=True),
"sign-in?" + urlencode(params),
)
return HttpResponseRedirect(url)
try:
provider = MagicCodeProvider(
request=request, key=f"magic_{email}", code=code
@ -189,22 +189,6 @@ class MagicSignUpEndpoint(View):
# Existing user
existing_user = User.objects.filter(email=email).first()
if not existing_user:
if not existing_user.is_active:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"USER_ACCOUNT_DEACTIVATED"
],
error_message="USER_ACCOUNT_DEACTIVATED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
base_host(request=request, is_app=True),
"?" + urlencode(params),
)
return HttpResponseRedirect(url)
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",

17
apiserver/plane/authentication/views/space/magic.py
View File

@ -176,23 +176,8 @@ class MagicSignUpSpaceEndpoint(View):
return HttpResponseRedirect(url)
# Existing User
existing_user = User.objects.filter(email=email).first()
# Already existing
if existing_user:
if not existing_user.is_active:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"USER_ACCOUNT_DEACTIVATED"
],
error_message="USER_ACCOUNT_DEACTIVATED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
base_host(request=request, is_space=True),
"?" + urlencode(params),
)
return HttpResponseRedirect(url)
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",

9
apiserver/plane/license/api/serializers/instance.py
View File

@ -11,13 +11,14 @@ class InstanceSerializer(BaseSerializer):
class Meta:
model = Instance
fields = "__all__"
read_only_fields = [
"id",
"instance_id",
exclude = [
"license_key",
"api_key",
"version",
]
read_only_fields = [
"id",
"instance_id",
"email",
"last_checked_at",
"is_setup_done",

12
apiserver/plane/license/api/views/admin.py
View File

@ -107,7 +107,7 @@ class InstanceAdminSignUpEndpoint(View):
)
url = urljoin(
base_host(request=request, is_admin=True),
"setup?" + urlencode(exc.get_error_dict()),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -119,7 +119,7 @@ class InstanceAdminSignUpEndpoint(View):
)
url = urljoin(
base_host(request=request, is_admin=True),
"setup?" + urlencode(exc.get_error_dict()),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -148,7 +148,7 @@ class InstanceAdminSignUpEndpoint(View):
)
url = urljoin(
base_host(request=request, is_admin=True),
"setup?" + urlencode(exc.get_error_dict()),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -170,7 +170,7 @@ class InstanceAdminSignUpEndpoint(View):
)
url = urljoin(
base_host(request=request, is_admin=True),
"setup?" + urlencode(exc.get_error_dict()),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -192,7 +192,7 @@ class InstanceAdminSignUpEndpoint(View):
)
url = urljoin(
base_host(request=request, is_admin=True),
"setup?" + urlencode(exc.get_error_dict()),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
else:
@ -214,7 +214,7 @@ class InstanceAdminSignUpEndpoint(View):
)
url = urljoin(
base_host(request=request, is_admin=True),
"setup?" + urlencode(exc.get_error_dict()),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)

11
apiserver/plane/license/api/views/instance.py
View File

@ -39,7 +39,6 @@ class InstanceEndpoint(BaseAPIView):
def get(self, request):
instance = Instance.objects.first()
print("Instance: ", instance)
# get the instance
if instance is None:
return Response(
@ -56,8 +55,6 @@ class InstanceEndpoint(BaseAPIView):
IS_GITHUB_ENABLED,
GITHUB_APP_NAME,
EMAIL_HOST,
EMAIL_HOST_USER,
EMAIL_HOST_PASSWORD,
ENABLE_MAGIC_LINK_LOGIN,
ENABLE_EMAIL_PASSWORD,
SLACK_CLIENT_ID,
@ -83,14 +80,6 @@ class InstanceEndpoint(BaseAPIView):
"key": "EMAIL_HOST",
"default": os.environ.get("EMAIL_HOST", ""),
},
{
"key": "EMAIL_HOST_USER",
"default": os.environ.get("EMAIL_HOST_USER", ""),
},
{
"key": "EMAIL_HOST_PASSWORD",
"default": os.environ.get("EMAIL_HOST_PASSWORD", ""),
},
{
"key": "ENABLE_MAGIC_LINK_LOGIN",
"default": os.environ.get("ENABLE_MAGIC_LINK_LOGIN", "1"),