pull/535/head
OzzieIsaacs 7 years ago
parent a06748e348
commit c66bb54478

@ -649,6 +649,10 @@ def migrate_Database():
conn.execute("ALTER TABLE Settings ADD column `config_certfile` String DEFAULT ''")
conn.execute("ALTER TABLE Settings ADD column `config_keyfile` String DEFAULT ''")
session.commit()
# Remove login capability of user Guest
conn = engine.connect()
conn.execute("UPDATE user SET password='' where nickname = 'Guest' and password !=''")
session.commit()
def clean_database():
@ -691,10 +695,10 @@ def get_mail_settings():
# Generate user Guest (translated text), as anoymous user, no rights
def create_anonymous_user():
user = User()
user.nickname = _("Guest")
user.nickname = "Guest"
user.email = 'no@email'
user.role = ROLE_ANONYMOUS
user.password = generate_password_hash('1')
user.password = ''
session.add(user)
try:

@ -2049,10 +2049,8 @@ def login():
if request.method == "POST":
form = request.form.to_dict()
user = ub.session.query(ub.User).filter(func.lower(ub.User.nickname) == form['username'].strip().lower()).first()
if user and check_password_hash(user.password, form['password']):
if user and check_password_hash(user.password, form['password']) and user.nickname is not "Guest":
login_user(user, remember=True)
flash(_(u"you are now logged in as: '%(nickname)s'", nickname=user.nickname), category="success")
return redirect_back(url_for("index"))
else:

Loading…
Cancel
Save