diff options
Diffstat (limited to 'animism-align/cli/app')
| -rw-r--r-- | animism-align/cli/app/controllers/user_controller.py | 5 | ||||
| -rw-r--r-- | animism-align/cli/app/server/web.py | 3 | ||||
| -rw-r--r-- | animism-align/cli/app/sql/models/user.py | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/animism-align/cli/app/controllers/user_controller.py b/animism-align/cli/app/controllers/user_controller.py index 8d14b98..54b39ab 100644 --- a/animism-align/cli/app/controllers/user_controller.py +++ b/animism-align/cli/app/controllers/user_controller.py @@ -5,6 +5,7 @@ from werkzeug.datastructures import MultiDict from app.sql.common import db, Session from app.sql.models.user import User, UserForm from app.controllers.crud_controller import CrudView +from app.utils.auth_utils import encrypt_password from flask_jwt import current_identity @@ -17,6 +18,8 @@ class UserView(CrudView): raise ValueError("Unauthorized") if 'password' in form: item.password = encrypt_password(form['password']) + else: + raise ValueError("No password specified") if 'settings' in form: item.settings = form['settings'] @@ -31,7 +34,7 @@ class UserView(CrudView): if 'settings' in form: item.settings = form['settings'] - def on_destroy(self, session, form, item): + def on_destroy(self, session, item): if not current_identity.is_admin: raise ValueError("Unauthorized") if item.id == current_identity.id: diff --git a/animism-align/cli/app/server/web.py b/animism-align/cli/app/server/web.py index f9714cb..3f2136a 100644 --- a/animism-align/cli/app/server/web.py +++ b/animism-align/cli/app/server/web.py @@ -1,6 +1,7 @@ import os import logging import logging.handlers +from datetime import timedelta logger = logging.getLogger("") logger.setLevel(logging.DEBUG) @@ -37,6 +38,8 @@ def create_app(script_info=None): app.config['SERVER_NAME'] = app_cfg.SERVER_NAME app.config['SECRET_KEY'] = app_cfg.TOKEN_SECRET app.config['JWT_AUTH_URL_RULE'] = '/api/v1/auth/login' + # app.config['JWT_VERIFY_EXPIRATION'] = False + app.config['EXPIRATION_DELTA'] = timedelta(days=365 * 10) app.url_map.strict_slashes = False db.init_app(app) diff --git a/animism-align/cli/app/sql/models/user.py b/animism-align/cli/app/sql/models/user.py index 85549da..41ac917 100644 --- a/animism-align/cli/app/sql/models/user.py +++ b/animism-align/cli/app/sql/models/user.py @@ -28,6 +28,6 @@ class User(Base): class UserForm(ModelForm): class Meta: model = User - exclude = ['settings'] + exclude = ['password','settings'] def get_session(): return Session() |