From 714073e326eda4fa22202bd8cbcfc31d2afc8f47 Mon Sep 17 00:00:00 2001 From: Massimo Di Pierro Date: Sat, 11 Nov 2023 19:26:18 -0800 Subject: [PATCH] fixed user handling, thanks Ali --- py4web/utils/auth.py | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/py4web/utils/auth.py b/py4web/utils/auth.py index 9e3f67633..f20ad44a9 100644 --- a/py4web/utils/auth.py +++ b/py4web/utils/auth.py @@ -9,8 +9,15 @@ import urllib import uuid -from pydal.validators import (CRYPT, IS_EMAIL, IS_EQUAL_TO, IS_MATCH, - IS_NOT_EMPTY, IS_NOT_IN_DB, IS_STRONG) +from pydal.validators import ( + CRYPT, + IS_EMAIL, + IS_EQUAL_TO, + IS_MATCH, + IS_NOT_EMPTY, + IS_NOT_IN_DB, + IS_STRONG, +) from yatl.helpers import DIV, A from py4web import HTTP, URL, Field, action, redirect, request, response @@ -234,7 +241,6 @@ def __init__( two_factor_required=None, two_factor_send=None, ): - # configuration parameters self.param = Param( registration_requires_confirmation=registration_requires_confirmation, @@ -420,7 +426,7 @@ def define_tables(self): def signature(self): """Returns a list of fields for a table signature""" now = lambda: datetime.datetime.utcnow() - user = lambda s=self: s.get_user().get("id") + user = lambda s=self: s.user_id fields = [ Field( "created_on", @@ -491,17 +497,18 @@ def get_user(self, safe=True): If session contains only a user['id'] retrives the other readable user info from auth_user """ - if not self.session.is_valid(): - return {} - user = copy.copy(self.session.get("user")) - if not user or not isinstance(user, dict) or "id" not in user: + if not self.session.is_valid() or not self.user_id: return {} if self.db: - user = self.db.auth_user(user["id"]) + user = self.db.auth_user(self.user_id) if not user: return {} if safe: - user = {f.name: user[f.name] for f in self.db.auth_user if f.readable} + user = { + f.name: user[f.name] + for f in self.db.auth_user + if f.readable or f.name == "id" + } return user @property @@ -981,7 +988,6 @@ def enable(self, route="auth", uses=(), env=None, spa=False, allow_api_routes=Tr # and API Models as /{app_name}/{route}/api/{name}?@model=true exposed_api_routes = [] if allow_api_routes: - # Exposed Public APIs exposed_api_routes = [ dict(api_name=api_name, api_route=f"{route}/api/{api_name}", uses=auth) @@ -1147,7 +1153,6 @@ def model_request(route): @staticmethod def get_model(defaultAuthFunction): - model = defaultAuthFunction(model=True) for key, value in model.items(): @@ -1341,7 +1346,6 @@ def change_password(auth): @staticmethod @api_wrapper def change_email(auth): - payload = request.POST if (request.json is None) else request.json if payload is None: @@ -1660,7 +1664,6 @@ def _reset_two_factor(self): self.auth.session["auth.2fa_tries_left"] = self.auth.param.two_factor_tries def two_factor(self): - if self.auth.param.two_factor_send is None: raise HTTP(404) @@ -1952,7 +1955,6 @@ def profile(self, model=False): return form def logout(self, model=False): - if model: return dict( public=False, hidden=False, noform=True, href="/auth/api/logout" @@ -1965,7 +1967,6 @@ def logout(self, model=False): return "" def verify_email(self, model=False): - if model: return dict( public=True, hidden=True, noform=True, href="/auth/api/verify_email"