views: prevent user removal after password mismatch in user/edit

If password and confirm password fields mismatch in user/edit, then the user is deleted. The deletion of the user happens before the password validation and the new user configuration is only saved if the validation passes. Add code to properly handle the user deletion after the validation.
2024-06-19 12:29:45 +02:00 · 2024-06-19 12:29:45 +02:00 · 29cc4d9280
parent ee42cbd323
commit 29cc4d9280
1 changed files with 6 additions and 2 deletions
--- a/ogcp/views.py
+++ b/ogcp/views.py
@ -2903,12 +2903,18 @@ def save_user(form, preserve_pwd):
    with open(filename, 'r+') as file:
        config = json.load(file)

+        old_user = get_user(username)
+
+        if old_user:
+            config['USERS'].remove(old_user)
        config['USERS'].append(user)

        file.seek(0)
        json.dump(config, file, indent='\t')
        file.truncate()

+    if old_user:
+        app.config['USERS'].remove(old_user)
    app.config['USERS'].append(user)

    return redirect(url_for('users'))
@ -2998,8 +3004,6 @@ def user_edit_post():
    if preserve_pwd:
        form.pwd.data = old_user_data.get("PASS")

-    delete_user(username)
-
    return save_user(form, preserve_pwd)