From c66bb54478a6429ea7ba8112b74745c40b77a2b3 Mon Sep 17 00:00:00 2001 From: OzzieIsaacs Date: Tue, 3 Jul 2018 19:34:29 +0200 Subject: [PATCH] Fix #534 --- cps/ub.py | 8 ++++++-- cps/web.py | 4 +--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/cps/ub.py b/cps/ub.py index ccf82a6da..1824fc42d 100644 --- a/cps/ub.py +++ b/cps/ub.py @@ -649,6 +649,10 @@ def migrate_Database(): conn.execute("ALTER TABLE Settings ADD column `config_certfile` String DEFAULT ''") conn.execute("ALTER TABLE Settings ADD column `config_keyfile` String DEFAULT ''") session.commit() + # Remove login capability of user Guest + conn = engine.connect() + conn.execute("UPDATE user SET password='' where nickname = 'Guest' and password !=''") + session.commit() def clean_database(): @@ -691,10 +695,10 @@ def get_mail_settings(): # Generate user Guest (translated text), as anoymous user, no rights def create_anonymous_user(): user = User() - user.nickname = _("Guest") + user.nickname = "Guest" user.email = 'no@email' user.role = ROLE_ANONYMOUS - user.password = generate_password_hash('1') + user.password = '' session.add(user) try: diff --git a/cps/web.py b/cps/web.py index efbdf45f9..a16b14c9b 100755 --- a/cps/web.py +++ b/cps/web.py @@ -2049,10 +2049,8 @@ def login(): if request.method == "POST": form = request.form.to_dict() user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first() - - if user and check_password_hash(user.password, form['password']): + if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest": login_user(user, remember=True) - flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success") return redirect_back(url_for("index")) else: