alkc
commented
9 months ago Some mr Bo Ek is rumored to be filing a discrimination lawsuit.
Closed mhkc closed 9 months ago
alkc
commented
9 months ago Also, at the end of that gif above i could create a user without a role. Dunno if that's intended.
alkc
commented
9 months ago The providing an invalid email (or something else in the input below) crashes the frontend w/ a HTTP Error exception:
a correct password input was provided
172.0.20.1 - - [25/Jan/2024 09:09:29] "GET /admin/users/new HTTP/1.1" 200 -
172.0.20.1 - - [25/Jan/2024 09:09:56] "POST /admin/users/new HTTP/1.1" 500 -
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2213, in __call__
return self.wsgi_app(environ, start_response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2193, in wsgi_app
response = self.handle_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2190, in wsgi_app
response = self.full_dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1486, in full_dispatch_request
rv = self.handle_user_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1484, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1469, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask_login/utils.py", line 290, in decorated_view
return current_app.ensure_sync(func)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/worker/app/app/blueprints/admin/views.py", line 77, in create_user
status = create_new_user(token, user_obj=form.data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/worker/app/app/bonsai.py", line 48, in wrapper
return func(headers=headers, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/worker/app/app/bonsai.py", line 82, in create_user
resp.raise_for_status()
File "/usr/local/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 422 Client Error: Unprocessable Entity for url: http://172.17.0.1:8011/users/ Trying to create user that already exists also crashes frontend.
172.0.20.1 - - [25/Jan/2024 09:15:59] "POST /admin/users/new HTTP/1.1" 500 -
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2213, in __call__
return self.wsgi_app(environ, start_response)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2193, in wsgi_app
response = self.handle_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 2190, in wsgi_app
response = self.full_dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1486, in full_dispatch_request
rv = self.handle_user_exception(e)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1484, in full_dispatch_request
rv = self.dispatch_request()
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask/app.py", line 1469, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/site-packages/flask_login/utils.py", line 290, in decorated_view
return current_app.ensure_sync(func)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/worker/app/app/blueprints/admin/views.py", line 77, in create_user
status = create_new_user(token, user_obj=form.data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/worker/app/app/bonsai.py", line 48, in wrapper
return func(headers=headers, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/worker/app/app/bonsai.py", line 82, in create_user
resp.raise_for_status()
File "/usr/local/lib/python3.11/site-packages/requests/models.py", line 1021, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 409 Client Error: Conflict for url: http://172.17.0.1:8011/users/Some HTML popped out at me when I tried to set an invalid password for existing user:
alkc
commented
9 months ago I could set an existing users password to aaa.
At the very least you should enforce a min password length.
alkc
commented
9 months ago I found some issues related to input validation in the new admin user panel.
Other than that I can confirm that the basic functionality of adding, removing and updating users works!
alkc
commented
9 months ago I am approving this.
@mhkc: If you want to fix the issues in this pr before merging then feel free to re-request a review from me!
mhkc
commented
9 months ago Fixed most issues. I have not figured out how why WTForms does not print the error message if you try to remove all user roles.
alkc
commented
9 months ago Looks good! Approving.
One suggestion: consider add a confirmation dialog when deleting users in bulk in /admin/users
This PR adds an admin panel with short cut to edit groups and adding new users
close #130
Test that you can add, modify, and remove users