FIX: UserManager.get_users

`UserManager.get_users` should not return a reference to the query
object, since the query object will be invalidated as soon as the
connection is closed.

Instead, it should return directly the list of `User` objects.
This commit is contained in:
Fabio Manganiello 2022-11-21 00:57:00 +01:00
parent e579fb3417
commit ae17a12c12
Signed by untrusted user: blacklight
GPG key ID: D90FBA7F76362774
2 changed files with 42 additions and 16 deletions

View file

@ -14,8 +14,15 @@ class UserPlugin(Plugin):
self.user_manager = UserManager() self.user_manager = UserManager()
@action @action
def create_user(self, username, password, executing_user=None, executing_user_password=None, session_token=None, def create_user(
**kwargs): self,
username,
password,
executing_user=None,
executing_user_password=None,
session_token=None,
**kwargs
):
""" """
Create a user. This action needs to be executed by an already existing user, who needs to authenticate with Create a user. This action needs to be executed by an already existing user, who needs to authenticate with
their own credentials, unless this is the first user created on the system. their own credentials, unless this is the first user created on the system.
@ -32,11 +39,17 @@ class UserPlugin(Plugin):
""" """
if self.user_manager.get_user_count() > 0 and not executing_user and not session_token: if (
self.user_manager.get_user_count() > 0
and not executing_user
and not session_token
):
return None, "You need to authenticate in order to create another user" return None, "You need to authenticate in order to create another user"
if not self.user_manager.authenticate_user(executing_user, executing_user_password): if not self.user_manager.authenticate_user(
user, session = self.user_manager.authenticate_user_session(session_token) executing_user, executing_user_password
):
user, _ = self.user_manager.authenticate_user_session(session_token)
if not user: if not user:
return None, "Invalid credentials and/or session_token" return None, "Invalid credentials and/or session_token"
@ -58,7 +71,7 @@ class UserPlugin(Plugin):
:return: True if the provided username and password are correct, False otherwise :return: True if the provided username and password are correct, False otherwise
""" """
return True if self.user_manager.authenticate_user(username, password) else False return bool(self.user_manager.authenticate_user(username, password))
@action @action
def update_password(self, username, old_password, new_password): def update_password(self, username, old_password, new_password):
@ -70,13 +83,21 @@ class UserPlugin(Plugin):
return self.user_manager.update_password(username, old_password, new_password) return self.user_manager.update_password(username, old_password, new_password)
@action @action
def delete_user(self, username, executing_user=None, executing_user_password=None, session_token=None): def delete_user(
self,
username,
executing_user=None,
executing_user_password=None,
session_token=None,
):
""" """
Delete a user Delete a user
""" """
if not self.user_manager.authenticate_user(executing_user, executing_user_password): if not self.user_manager.authenticate_user(
user, session = self.user_manager.authenticate_user_session(session_token) executing_user, executing_user_password
):
user, _ = self.user_manager.authenticate_user_session(session_token)
if not user: if not user:
return None, "Invalid credentials and/or session_token" return None, "Invalid credentials and/or session_token"
@ -100,9 +121,9 @@ class UserPlugin(Plugin):
""" """
session = self.user_manager.create_user_session(username=username, session = self.user_manager.create_user_session(
password=password, username=username, password=password, expires_at=expires_at
expires_at=expires_at) )
if not session: if not session:
return None, "Invalid credentials" return None, "Invalid credentials"
@ -111,7 +132,9 @@ class UserPlugin(Plugin):
'session_token': session.session_token, 'session_token': session.session_token,
'user_id': session.user_id, 'user_id': session.user_id,
'created_at': session.created_at.isoformat(), 'created_at': session.created_at.isoformat(),
'expires_at': session.expires_at.isoformat() if session.expires_at else None, 'expires_at': session.expires_at.isoformat()
if session.expires_at
else None,
} }
@action @action
@ -130,7 +153,9 @@ class UserPlugin(Plugin):
""" """
user, session = self.user_manager.authenticate_user_session(session_token=session_token) user, _ = self.user_manager.authenticate_user_session(
session_token=session_token
)
if not user: if not user:
return None, 'Invalid session token' return None, 'Invalid session token'
@ -170,13 +195,14 @@ class UserPlugin(Plugin):
] ]
""" """
users = self.user_manager.get_users()
return [ return [
{ {
'user_id': user.user_id, 'user_id': user.user_id,
'username': user.username, 'username': user.username,
'created_at': user.created_at.isoformat(), 'created_at': user.created_at.isoformat(),
} }
for user in self.user_manager.get_users().all() for user in users
] ]
@action @action

View file

@ -59,7 +59,7 @@ class UserManager:
def get_users(self): def get_users(self):
with self._get_session() as session: with self._get_session() as session:
return session.query(User) return session.query(User).all()
def create_user(self, username, password, **kwargs): def create_user(self, username, password, **kwargs):
if not username: if not username: