PowerOn/gateway
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

2 critical fixes: pwd reset and invitation caching ui

Browse source
This commit is contained in:
patrick-motsch 2026-03-03 23:07:41 +01:00
parent f4940cf9e1
commit 92d9a2a0d5
2 changed files with 2 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/interfaces/interfaceDbApp.py
View file

@ -662,10 +662,6 @@ class AppObjects:
if authAuthority != AuthAuthority.LOCAL and authAuthority != AuthAuthority.LOCAL.value: if authAuthority != AuthAuthority.LOCAL and authAuthority != AuthAuthority.LOCAL.value:
raise ValueError("User does not have local authentication enabled") raise ValueError("User does not have local authentication enabled")
# Check if user has a reset token set (password reset required)
if userRecord.get("resetToken"):
raise ValueError("Passwort-Zurücksetzung erforderlich. Bitte prüfen Sie Ihre E-Mail.")
if not userRecord.get("hashedPassword"): if not userRecord.get("hashedPassword"):
raise ValueError("User has no password set") raise ValueError("User has no password set")

4
modules/routes/routeSecurityLocal.py
View file

@ -602,8 +602,8 @@ def password_reset_request(
# Generate reset token # Generate reset token
token, expires = rootInterface.generateResetTokenAndExpiry() token, expires = rootInterface.generateResetTokenAndExpiry()
# Set reset token (clears password) # Set reset token but keep existing password valid until new one is set
rootInterface.setResetToken(user.id, token, expires) rootInterface.setResetToken(user.id, token, expires, clearPassword=False)
# Generate magic link using provided frontend URL # Generate magic link using provided frontend URL
magicLink = f"{baseUrl}/reset?token={token}" magicLink = f"{baseUrl}/reset?token={token}"