Open Always-prog opened 8 months ago
Attention: Patch coverage is 0%
with 2 lines
in your changes missing coverage. Please review.
Project coverage is 48.36%. Comparing base (
59db85d
) to head (bc6e81a
). Report is 30 commits behind head on master.
Files | Patch % | Lines |
---|---|---|
flask_appbuilder/security/sqla/apis/user/api.py | 0.00% | 2 Missing :warning: |
:exclamation: There is a different number of reports uploaded between BASE (59db85d) and HEAD (bc6e81a). Click for more details.
HEAD has 7 uploads less than BASE
| Flag | BASE (59db85d) | HEAD (bc6e81a) | |------|------|------| |python|8|1|
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
I'll look why test cases failing
Is there a solution?
Description
Updating a user using the FAB security API breaks the user’s password hash. This is because in the
pre_update
function of the user model, theitem
parameter is the user model. The check at this line is always true because the user already has a password. https://github.com/dpgaspar/Flask-AppBuilder/blob/59db85df13e5484ae24a7a9365986a15a7d9eb1f/flask_appbuilder/security/sqla/apis/user/api.py#L71-L72I fixed it by moving checking password change to
put
endpoint of the user model.Testing instructions
FAB_ADD_SECURITY_API
in the configurl = "http://localhost:8088/api/v1/security/login"
payload = json.dumps({ "password": "admin", "provider": "db", "refresh": True, "username": "admin" })
response = requests.request("POST", url, headers=headers, data=payload)
After 3 step, target user is not able to login with her old password
ADDITIONAL INFORMATION