search

theLaborInVain / kdm-manager-api

The API used by https://kdm-manager.com and related Kingdom Death: Monster utilities.
Other
3 stars 0 forks source link

Password reset fails due to out-of-order delete #84

Closed toconnell closed 1 month ago

toconnell commented 5 months ago

User OID: 666 Method: POST URL: http://api.kdm-manager.com/reset_password/reset JSON: {'username': 'xxx', 'password': 'yyy', 'recovery_code': 'zzz', 'app_url': 'https://kdm-manager.com/'}


Traceback (most recent call last):
File "/home/toconnell/kdm-manager-api/venv/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
 rv = self.dispatch_request()
File "/home/toconnell/kdm-manager-api/venv/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
 return self.view_functions[rule.endpoint](**req.view_args)
File "/home/toconnell/kdm-manager-api/app/utils/crossdomain.py", line 57, in wrapped_function
 resp = flask.make_response(func(*args, **kwargs))
File "/home/toconnell/kdm-manager-api/app/routes.py", line 364, in reset_password
 return users.reset_password()
File "/home/toconnell/kdm-manager-api/app/models/users/__init__.py", line 339, in reset_password
 del user_object.user['recovery_code']
KeyError: 'recovery_code'
toconnell commented 1 month ago

Just got another one of these:

User OID: 666 Method: POST URL: http://api.kdm-manager.com/reset_password/reset JSON: {'username': 'xxx@yahoo.com, 'password': 'xxx', 'recovery_code': 'xxx', 'app_url': 'https://kdm-manager.com/'}

Traceback (most recent call last):
File "/home/toconnell/kdm-manager-api/venv/lib/python3.8/site-packages/flask/app.py", line 1950, in full_dispatch_request
 rv = self.dispatch_request()
File "/home/toconnell/kdm-manager-api/venv/lib/python3.8/site-packages/flask/app.py", line 1936, in dispatch_request
 return self.view_functions[rule.endpoint](**req.view_args)
File "/home/toconnell/kdm-manager-api/app/utils/crossdomain.py", line 57, in wrapped_function
 resp = flask.make_response(func(*args, **kwargs))
File "/home/toconnell/kdm-manager-api/app/routes.py", line 364, in reset_password
 return users.reset_password()
File "/home/toconnell/kdm-manager-api/app/models/users/__init__.py", line 339, in reset_password
 del user_object.user['recovery_code']
KeyError: 'recovery_code'
toconnell commented 1 month ago

The problem is data model normalization:


==> logs/api.log <==
[2024-08-14 11:02:32] INFO:     Saved [toconnell@tyrannybelle.com (565f3d67421aa95c4af1e230)] to mdb.users successfully!
[2024-08-14 11:02:32] WARNING:  Removing unknown attr 'recovery_code' from record...
[2024-08-14 11:02:32] WARNING:  [[toconnell@tyrannybelle.com (565f3d67421aa95c4af1e230)]] data model corrections applied!
[2024-08-14 11:02:32] INFO:     [toconnell@tyrannybelle.com (565f3d67421aa95c4af1e230)] user modified during normalization! Saving changes...
[2024-08-14 11:02:32] INFO:     Saved [toconnell@tyrannybelle.com (565f3d67421aa95c4af1e230)] to mdb.users successfully!
toconnell commented 1 month ago

This should be fixed in the next API push:

@@ -58,6 +60,7 @@ class User(UserAsset):
     DATA_MODEL.add('latest_user_agent', str, required=False)
     DATA_MODEL.add('latest_api_client', str, required=False)
     DATA_MODEL.add('activity_log', list, required=False)
+    DATA_MODEL.add('recovery_code', str, required=False)
toconnell commented 1 month ago

This is resolved in production with 1.216.1300