fix(filestore): handle django allauth oauth pass reset

Author: mwfarb

users/filestore.py

@@ -37,8 +37,8 @@ def use_filestore_auth(user: User):
     user_login = get_user_login(user)
     user_token, status = get_filestore_token(user_login, host, verify)
     if not user_token:
-        return None
-    return user_token
+        return None, status
+    return user_token, status
 
 
 def get_filestore_token(user_login, host, verify):
@@ -95,7 +95,7 @@ def add_filestore_auth(user: User):
     if user.is_staff:  # admin and staff get root scope
         set_filestore_scope(user)
 
-    fs_user_token = use_filestore_auth(user)
+    fs_user_token, status = use_filestore_auth(user)
     return fs_user_token
 
 
@@ -107,7 +107,7 @@ def set_filestore_scope(user: User):
     if not admin_token:
         return False
     # find user
-    fs_user_token = use_filestore_auth(user)
+    fs_user_token, status = use_filestore_auth(user)
     if not fs_user_token:
         return False
     payload = jwt.decode(fs_user_token, options={"verify_signature": False})
@@ -138,7 +138,53 @@ def set_filestore_scope(user: User):
             print("{0}: ".format(err))
             return False
 
-    return True
+    fs_user_token, status = use_filestore_auth(user)
+    return fs_user_token
+
+
+def set_filestore_pass(user: User):
+    if not user.is_authenticated:
+        return False
+    if user.username == os.environ["STORE_ADMIN_USERNAME"]:
+        return False  # root admin not allowed pass renew
+    verify, host = get_rest_host()
+    # get auth for removing user
+    admin_login = get_admin_login()
+    admin_token, status = get_filestore_token(admin_login, host, verify)
+    if not admin_token:
+        return False
+    # find user without valid pass, loop through all
+    edit_user = {}
+    try:
+        r_users = requests.get(f"https://{host}/storemng/api/users",
+                               headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
+        r_users.raise_for_status()
+    except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
+        print("{0}: ".format(err))
+        return False
+    print(r_users.text)
+    for r_user in json.loads(r_users.text):
+        if r_user["username"] == user.username:
+            edit_user = r_user
+            break
+    print(edit_user)
+    # return False
+    edit_user["password"] = user.password
+    fs_user = {
+        "what": "user",
+        "which": ["all"],
+        "data": edit_user,
+    }
+    try:
+        r_useradd = requests.put(f"https://{host}/storemng/api/users/{edit_user['id']}",
+                                 data=json.dumps(fs_user), headers={"X-Auth": admin_token}, verify=verify, timeout=FS_API_TIMEOUT)
+        r_useradd.raise_for_status()
+    except (requests.exceptions.ConnectionError, requests.exceptions.HTTPError) as err:
+        print("{0}: ".format(err))
+        return None
+
+    fs_user_token, status = use_filestore_auth(user)
+    return fs_user_token
 
 
 def delete_filestore_user(user: User):
@@ -153,7 +199,7 @@ def delete_filestore_user(user: User):
     if not admin_token:
         return False
     # find user
-    fs_user_token = use_filestore_auth(user)
+    fs_user_token, status = use_filestore_auth(user)
     if not fs_user_token:
         return False
     payload = jwt.decode(fs_user_token, options={"verify_signature": False})

users/persistence.py

@@ -1,6 +1,5 @@
 import json
 
-import jwt
 import requests
 from requests.exceptions import HTTPError
 

users/views.py

@@ -25,7 +25,8 @@
 from rest_framework.schemas import AutoSchema
 
 from .filestore import (add_filestore_auth, delete_filestore_user,
-                        set_filestore_scope, use_filestore_auth)
+                        set_filestore_pass, set_filestore_scope,
+                        use_filestore_auth)
 from .forms import (DeviceForm, SceneForm, SocialSignupForm, UpdateDeviceForm,
                     UpdateSceneForm, UpdateStaffForm)
 from .models import Device, Scene
@@ -335,7 +336,7 @@ def profile_update_staff(request):
         print(f"Setting Filebrowser user {staff_username}, staff={is_staff}")
         if not set_filestore_scope(user):
             messages.error(
-                request, f"Unable to update user's filestore status.")
+                request, "Unable to update user's filestore status.")
             return redirect("user_profile")
 
     return redirect("user_profile")
@@ -493,7 +494,7 @@ def user_profile(request):
             # delete filestore files/account
             if not delete_filestore_user(request.user):
                 messages.error(
-                    request, f"Unable to delete account/files from the filestore.")
+                    request, "Unable to delete account/files from the filestore.")
                 return redirect("user_profile")
 
             # Be careful of foreign keys, in that case this is suggested:
@@ -619,7 +620,9 @@ def storelogin(request):
     fs_user_token = None
     if user.is_authenticated:
         # try user auth
-        fs_user_token = use_filestore_auth(user)
+        fs_user_token, status = use_filestore_auth(user)
+        if status == 403:  # if django allauth pass updated by oauth, update pass
+            fs_user_token = set_filestore_pass(user)
         if not fs_user_token:
             # otherwise user needs to be added
             fs_user_token = add_filestore_auth(user)