implement forced password change for generated passwords

2021-02-08 18:30:54 +01:00
parent ed6594401c
commit 331e9627d6
7 changed files with 93 additions and 23 deletions
--- a/owrx/controllers/admin.py
+++ b/owrx/controllers/admin.py
@@ -10,33 +10,36 @@ logger = logging.getLogger(__name__)


 class Authentication(object):
-    def isAuthenticated(self, request):
+    def getUser(self, request):
        if "owrx-session" not in request.cookies:
-            return False
+            return None
        session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
        if session is None:
-            return False
+            return None
        if "user" not in session:
-            return False
+            return None
        userList = UserList.getSharedInstance()
        try:
-            user = userList[session["user"]]
-            return user.is_enabled()
+            return userList[session["user"]]
        except KeyError:
-            return False
+            return None


 class AdminController(WebpageController):
    def __init__(self, handler, request, options):
        self.authentication = Authentication()
+        self.user = self.authentication.getUser(request)
        super().__init__(handler, request, options)

+    def isAuthorized(self):
+        return self.user is not None and self.user.is_enabled() and not self.user.must_change_password
+
    def handle_request(self):
        config = Config.get()
        if "webadmin_enabled" not in config or not config["webadmin_enabled"]:
            self.send_response("Web Admin is disabled", code=403)
            return
-        if self.authentication.isAuthenticated(self.request):
+        if self.isAuthorized():
            super().handle_request()
        else:
            target = "/login?{0}".format(parse.urlencode({"ref": self.request.path}))