diff --git a/app/auth/models.py b/app/auth/models.py index dd3b649b4..6749150d9 100644 --- a/app/auth/models.py +++ b/app/auth/models.py @@ -180,7 +180,7 @@ class User(UserMixin, ScoDocModel): def set_password(self, password): "Set password" - current_app.logger.info(f"set_password({self})") + log(f"set_password({self})") if password: self.password_hash = generate_password_hash(password) else: @@ -213,10 +213,21 @@ class User(UserMixin, ScoDocModel): # if CAS activated and cas_id, allow only super-user and users with cas_allow_scodoc_login cas_enabled = ScoDocSiteConfig.is_cas_enabled() - if cas_enabled: - if ScoDocSiteConfig.get("cas_force") and not self.is_administrator(): - return False # si CAS forcé, n'accepte que super-admin - if self.cas_id and not self.cas_allow_scodoc_login: + if cas_enabled and not self.is_administrator(): + if not self.cas_allow_scodoc_login: + # CAS activé et compte non autorisé à se logguer sur ScoDoc + log( + f"""auth: login attempt for user {self.user_name}: scodoc login not allowed + """ + ) + return False + # si CAS activé et forcé et cas_id renseigné, on ne peut pas se logguer + if self.cas_id and ScoDocSiteConfig.get("cas_force"): + log( + f"""auth: login attempt for user {self.user_name + } (cas_id='{ + self.cas_id}'): cas forced and cas_id set: scodoc login not allowed""" + ) return False if not self.password_hash: # user without password can't login diff --git a/sco_version.py b/sco_version.py index 768513011..8e43f1a7e 100644 --- a/sco_version.py +++ b/sco_version.py @@ -3,7 +3,7 @@ "Infos sur version ScoDoc" -SCOVERSION = "9.7.41" +SCOVERSION = "9.7.42" SCONAME = "ScoDoc"