diff --git a/cps/ub.py b/cps/ub.py index ccf82a6da..1824fc42d 100644 --- a/cps/ub.py +++ b/cps/ub.py @@ -649,6 +649,10 @@ def migrate_Database(): conn.execute("ALTER TABLE Settings ADD column `config_certfile` String DEFAULT ''") conn.execute("ALTER TABLE Settings ADD column `config_keyfile` String DEFAULT ''") session.commit() + # Remove login capability of user Guest + conn = engine.connect() + conn.execute("UPDATE user SET password='' where nickname = 'Guest' and password !=''") + session.commit() def clean_database(): @@ -691,10 +695,10 @@ def get_mail_settings(): # Generate user Guest (translated text), as anoymous user, no rights def create_anonymous_user(): user = User() - user.nickname = _("Guest") + user.nickname = "Guest" user.email = 'no@email' user.role = ROLE_ANONYMOUS - user.password = generate_password_hash('1') + user.password = '' session.add(user) try: diff --git a/cps/web.py b/cps/web.py index efbdf45f9..a16b14c9b 100755 --- a/cps/web.py +++ b/cps/web.py @@ -2049,10 +2049,8 @@ def login(): if request.method == "POST": form = request.form.to_dict() user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first() - - if user and check_password_hash(user.password, form['password']): + if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest": login_user(user, remember=True) - flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") return redirect_back(url_for("index")) else: