From 5a45af4465e1574e058d9e8ee080a76b0cbe50f2 Mon Sep 17 00:00:00 2001 From: tcprod Date: Sun, 8 Feb 2026 02:56:04 +0100 Subject: [PATCH] fix reset password --- sql/users_patch.sql | 3 +++ src/ezgg_lan_manager/pages/ForgotPassword.py | 2 +- .../services/DatabaseService.py | 25 ++++++++++--------- src/ezgg_lan_manager/services/UserService.py | 2 ++ src/ezgg_lan_manager/types/User.py | 1 + 5 files changed, 20 insertions(+), 13 deletions(-) create mode 100644 sql/users_patch.sql diff --git a/sql/users_patch.sql b/sql/users_patch.sql new file mode 100644 index 0000000..4aea0b3 --- /dev/null +++ b/sql/users_patch.sql @@ -0,0 +1,3 @@ +ALTER TABLE users +ADD COLUMN user_fallback_password VARCHAR(255) DEFAULT NULL +AFTER user_password; \ No newline at end of file diff --git a/src/ezgg_lan_manager/pages/ForgotPassword.py b/src/ezgg_lan_manager/pages/ForgotPassword.py index 9804a4a..b9b69bb 100644 --- a/src/ezgg_lan_manager/pages/ForgotPassword.py +++ b/src/ezgg_lan_manager/pages/ForgotPassword.py @@ -27,7 +27,7 @@ class ForgotPasswordPage(Component): user = await user_service.get_user(self.email_input.text.strip()) if user is not None: new_password = "".join(choices(user_service.ALLOWED_USER_NAME_SYMBOLS, k=16)) - user.user_password = sha256(new_password.encode(encoding="utf-8")).hexdigest() + user.user_fallback_password = sha256(new_password.encode(encoding="utf-8")).hexdigest() await user_service.update_user(user) await mailing_service.send_email( subject=f"Dein neues Passwort für {lan_info.name}", diff --git a/src/ezgg_lan_manager/services/DatabaseService.py b/src/ezgg_lan_manager/services/DatabaseService.py index ccbbfc1..977ea6b 100644 --- a/src/ezgg_lan_manager/services/DatabaseService.py +++ b/src/ezgg_lan_manager/services/DatabaseService.py @@ -75,14 +75,15 @@ class DatabaseService: user_name=data[1], user_mail=data[2], user_password=data[3], - user_first_name=data[4], - user_last_name=data[5], - user_birth_day=data[6], - is_active=bool(data[7]), - is_team_member=bool(data[8]), - is_admin=bool(data[9]), - created_at=data[10], - last_updated_at=data[11] + user_fallback_password=data[4], + user_first_name=data[5], + user_last_name=data[6], + user_birth_day=data[7], + is_active=bool(data[8]), + is_team_member=bool(data[9]), + is_admin=bool(data[10]), + created_at=data[11], + last_updated_at=data[12] ) @staticmethod @@ -185,10 +186,10 @@ class DatabaseService: async with conn.cursor(aiomysql.Cursor) as cursor: try: await cursor.execute( - "UPDATE users SET user_name=%s, user_mail=%s, user_password=%s, user_first_name=%s, " - "user_last_name=%s, user_birth_date=%s, is_active=%s, is_team_member=%s, is_admin=%s " - "WHERE (user_id=%s)", - (user.user_name, user.user_mail.lower(), user.user_password, + "UPDATE users SET user_name=%s, user_mail=%s, user_password=%s, user_fallback_password=%s," + "user_first_name=%s, user_last_name=%s, user_birth_date=%s, is_active=%s, is_team_member=%s," + " is_admin=%s WHERE (user_id=%s)", + (user.user_name, user.user_mail.lower(), user.user_password, user.user_fallback_password, user.user_first_name, user.user_last_name, user.user_birth_day, user.is_active, user.is_team_member, user.is_admin, user.user_id) diff --git a/src/ezgg_lan_manager/services/UserService.py b/src/ezgg_lan_manager/services/UserService.py index d341b51..7295683 100644 --- a/src/ezgg_lan_manager/services/UserService.py +++ b/src/ezgg_lan_manager/services/UserService.py @@ -61,6 +61,8 @@ class UserService: user = await self.get_user(user_name_or_mail) if not user: return False + if user.user_fallback_password: + user.user_fallback_password == sha256(password_clear_text.encode(encoding="utf-8")).hexdigest() return user.user_password == sha256(password_clear_text.encode(encoding="utf-8")).hexdigest() diff --git a/src/ezgg_lan_manager/types/User.py b/src/ezgg_lan_manager/types/User.py index a397962..9f9cece 100644 --- a/src/ezgg_lan_manager/types/User.py +++ b/src/ezgg_lan_manager/types/User.py @@ -9,6 +9,7 @@ class User: user_name: str user_mail: str user_password: str + user_fallback_password: Optional[str] user_first_name: Optional[str] user_last_name: Optional[str] user_birth_day: Optional[date]