Connexion CAS / non CAS: correctif

This commit is contained in:
Emmanuel Viennet 2024-11-08 21:48:39 +01:00
parent d98eb7dc6b
commit 50d2c91a54
2 changed files with 17 additions and 6 deletions

View File

@ -180,7 +180,7 @@ class User(UserMixin, ScoDocModel):
def set_password(self, password): def set_password(self, password):
"Set password" "Set password"
current_app.logger.info(f"set_password({self})") log(f"set_password({self})")
if password: if password:
self.password_hash = generate_password_hash(password) self.password_hash = generate_password_hash(password)
else: else:
@ -213,10 +213,21 @@ class User(UserMixin, ScoDocModel):
# if CAS activated and cas_id, allow only super-user and users with cas_allow_scodoc_login # if CAS activated and cas_id, allow only super-user and users with cas_allow_scodoc_login
cas_enabled = ScoDocSiteConfig.is_cas_enabled() cas_enabled = ScoDocSiteConfig.is_cas_enabled()
if cas_enabled: if cas_enabled and not self.is_administrator():
if ScoDocSiteConfig.get("cas_force") and not self.is_administrator(): if not self.cas_allow_scodoc_login:
return False # si CAS forcé, n'accepte que super-admin # CAS activé et compte non autorisé à se logguer sur ScoDoc
if self.cas_id and not self.cas_allow_scodoc_login: log(
f"""auth: login attempt for user {self.user_name}: scodoc login not allowed
"""
)
return False
# si CAS activé et forcé et cas_id renseigné, on ne peut pas se logguer
if self.cas_id and ScoDocSiteConfig.get("cas_force"):
log(
f"""auth: login attempt for user {self.user_name
} (cas_id='{
self.cas_id}'): cas forced and cas_id set: scodoc login not allowed"""
)
return False return False
if not self.password_hash: # user without password can't login if not self.password_hash: # user without password can't login

View File

@ -3,7 +3,7 @@
"Infos sur version ScoDoc" "Infos sur version ScoDoc"
SCOVERSION = "9.7.41" SCOVERSION = "9.7.42"
SCONAME = "ScoDoc" SCONAME = "ScoDoc"