diff --git a/app/auth/models.py b/app/auth/models.py index 37e687519..989ab43c1 100644 --- a/app/auth/models.py +++ b/app/auth/models.py @@ -5,7 +5,6 @@ import base64 from datetime import datetime, timedelta -from hashlib import md5 import json import os import re @@ -40,6 +39,7 @@ class User(UserMixin, db.Model): active = db.Column(db.Boolean, default=True, index=True) password_hash = db.Column(db.String(128)) + password_scodoc7 = db.Column(db.String(42)) last_seen = db.Column(db.DateTime, default=datetime.utcnow) date_modif_passwd = db.Column(db.DateTime, default=datetime.utcnow) date_created = db.Column(db.DateTime, default=datetime.utcnow) @@ -55,7 +55,6 @@ class User(UserMixin, db.Model): self.roles = [] self.user_roles = [] super(User, self).__init__(**kwargs) - self._format_noms() # Ajoute roles: if ( not self.roles @@ -89,6 +88,18 @@ class User(UserMixin, db.Model): """ if not self.active: # inactived users can't login return False + if (not self.password_hash) and self.password_scodoc7: + # Special case: user freshly migrated from ScoDoc7 + if scu.check_scodoc7_password(self.password_scodoc7, password): + current_app.logger.warning( + "migrating legacy ScoDoc7 password for {}".format(self) + ) + self.set_password(password) + self.password_scodoc7 = None + db.session.add(self) + db.session.commit() + return True + return False if not self.password_hash: # user without password can't login return False return check_password_hash(self.password_hash, password) @@ -161,7 +172,6 @@ class User(UserMixin, db.Model): for r_d in data["roles_string"].split(","): role, dept = UserRole.role_dept_from_string(r_d) self.add_role(role, dept) - self._format_noms() def get_token(self, expires_in=3600): now = datetime.utcnow() @@ -342,10 +352,10 @@ class Role(db.Model): def insert_roles(): """Create default roles""" default_role = "Observateur" - for r, permissions in SCO_ROLES_DEFAULTS.items(): - role = Role.query.filter_by(name=r).first() + for role_name, permissions in SCO_ROLES_DEFAULTS.items(): + role = Role.query.filter_by(name=role_name).first() if role is None: - role = Role(name=r) + role = Role(name=role_name) role.reset_permissions() for perm in permissions: role.add_permission(perm) diff --git a/app/scodoc/sco_utils.py b/app/scodoc/sco_utils.py index cd0775927..3f5ceb2b9 100644 --- a/app/scodoc/sco_utils.py +++ b/app/scodoc/sco_utils.py @@ -28,10 +28,12 @@ """ Common definitions """ +import base64 import bisect import copy import datetime import json +from hashlib import md5 import numbers import os import re @@ -672,6 +674,16 @@ def get_scodoc_version(): return os.popen("cd %s; ./get_scodoc_version.sh -s" % SCO_TOOLS_DIR).read().strip() +def check_scodoc7_password(scodoc7_hash, password): + """Check a password vs scodoc7 hash + used only during old databases migrations""" + m = md5() + m.update(password.encode("utf-8")) + # encodestring à remplacer par encodebytes #py3 + h = base64.encodestring(m.digest()).decode("utf-8").strip() + return h == scodoc7_hash + + # Simple string manipulations # on utf-8 encoded python strings # (yes, we should only use unicode strings, but... we use only strings) diff --git a/app/templates/scodoc.html b/app/templates/scodoc.html index 0af663974..47ccd535b 100644 --- a/app/templates/scodoc.html +++ b/app/templates/scodoc.html @@ -4,8 +4,11 @@ {% block app_content %}

ScoDoc: gestion scolarité

-

Bonjour {{current_user.get_nomcomplet()}}.

+{% if not current_user.is_anonymous %} +

Bonjour {{current_user.get_nomcomplet()}} + .

N'oubliez pas de vous déconnecter après usage.

+{% endif %}