From ae17a12c121811c9f7c3d4766092673816d7fbe8 Mon Sep 17 00:00:00 2001
From: Fabio Manganiello <fabio@manganiello.tech>
Date: Mon, 21 Nov 2022 00:57:00 +0100
Subject: [PATCH] FIX: `UserManager.get_users`

`UserManager.get_users` should not return a reference to the query
object, since the query object will be invalidated as soon as the
connection is closed.

Instead, it should return directly the list of `User` objects.
---
 platypush/plugins/user/__init__.py | 56 ++++++++++++++++++++++--------
 platypush/user/__init__.py         |  2 +-
 2 files changed, 42 insertions(+), 16 deletions(-)

diff --git a/platypush/plugins/user/__init__.py b/platypush/plugins/user/__init__.py
index fb360e1e..7d0613cf 100644
--- a/platypush/plugins/user/__init__.py
+++ b/platypush/plugins/user/__init__.py
@@ -14,8 +14,15 @@ class UserPlugin(Plugin):
         self.user_manager = UserManager()
 
     @action
-    def create_user(self, username, password, executing_user=None, executing_user_password=None, session_token=None,
-                    **kwargs):
+    def create_user(
+        self,
+        username,
+        password,
+        executing_user=None,
+        executing_user_password=None,
+        session_token=None,
+        **kwargs
+    ):
         """
         Create a user. This action needs to be executed by an already existing user, who needs to authenticate with
             their own credentials, unless this is the first user created on the system.
@@ -32,11 +39,17 @@ class UserPlugin(Plugin):
 
         """
 
-        if self.user_manager.get_user_count() > 0 and not executing_user and not session_token:
+        if (
+            self.user_manager.get_user_count() > 0
+            and not executing_user
+            and not session_token
+        ):
             return None, "You need to authenticate in order to create another user"
 
-        if not self.user_manager.authenticate_user(executing_user, executing_user_password):
-            user, session = self.user_manager.authenticate_user_session(session_token)
+        if not self.user_manager.authenticate_user(
+            executing_user, executing_user_password
+        ):
+            user, _ = self.user_manager.authenticate_user_session(session_token)
             if not user:
                 return None, "Invalid credentials and/or session_token"
 
@@ -58,7 +71,7 @@ class UserPlugin(Plugin):
         :return: True if the provided username and password are correct, False otherwise
         """
 
-        return True if self.user_manager.authenticate_user(username, password) else False
+        return bool(self.user_manager.authenticate_user(username, password))
 
     @action
     def update_password(self, username, old_password, new_password):
@@ -70,13 +83,21 @@ class UserPlugin(Plugin):
         return self.user_manager.update_password(username, old_password, new_password)
 
     @action
-    def delete_user(self, username, executing_user=None, executing_user_password=None, session_token=None):
+    def delete_user(
+        self,
+        username,
+        executing_user=None,
+        executing_user_password=None,
+        session_token=None,
+    ):
         """
         Delete a user
         """
 
-        if not self.user_manager.authenticate_user(executing_user, executing_user_password):
-            user, session = self.user_manager.authenticate_user_session(session_token)
+        if not self.user_manager.authenticate_user(
+            executing_user, executing_user_password
+        ):
+            user, _ = self.user_manager.authenticate_user_session(session_token)
             if not user:
                 return None, "Invalid credentials and/or session_token"
 
@@ -100,9 +121,9 @@ class UserPlugin(Plugin):
 
         """
 
-        session = self.user_manager.create_user_session(username=username,
-                                                        password=password,
-                                                        expires_at=expires_at)
+        session = self.user_manager.create_user_session(
+            username=username, password=password, expires_at=expires_at
+        )
 
         if not session:
             return None, "Invalid credentials"
@@ -111,7 +132,9 @@ class UserPlugin(Plugin):
             'session_token': session.session_token,
             'user_id': session.user_id,
             'created_at': session.created_at.isoformat(),
-            'expires_at': session.expires_at.isoformat() if session.expires_at else None,
+            'expires_at': session.expires_at.isoformat()
+            if session.expires_at
+            else None,
         }
 
     @action
@@ -130,7 +153,9 @@ class UserPlugin(Plugin):
 
         """
 
-        user, session = self.user_manager.authenticate_user_session(session_token=session_token)
+        user, _ = self.user_manager.authenticate_user_session(
+            session_token=session_token
+        )
         if not user:
             return None, 'Invalid session token'
 
@@ -170,13 +195,14 @@ class UserPlugin(Plugin):
                 ]
 
         """
+        users = self.user_manager.get_users()
         return [
             {
                 'user_id': user.user_id,
                 'username': user.username,
                 'created_at': user.created_at.isoformat(),
             }
-            for user in self.user_manager.get_users().all()
+            for user in users
         ]
 
     @action
diff --git a/platypush/user/__init__.py b/platypush/user/__init__.py
index 4dd95cfd..7453aa28 100644
--- a/platypush/user/__init__.py
+++ b/platypush/user/__init__.py
@@ -59,7 +59,7 @@ class UserManager:
 
     def get_users(self):
         with self._get_session() as session:
-            return session.query(User)
+            return session.query(User).all()
 
     def create_user(self, username, password, **kwargs):
         if not username: