pieter/eveAI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Ensure users cannot login when their valid_to date is expired.

Browse Source
This commit is contained in:
Josako
2025-12-08 16:54:59 +01:00
parent bab9e89117
commit 0f8bda0aef
3 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
common/utils/eveai_exceptions.py
View File

@@ -92,6 +92,13 @@ class EveAINoActiveLicense(EveAIException):
super().__init__(message, status_code, payload) super().__init__(message, status_code, payload)
class EveAIUserExpired(EveAIException):
"""Raised when a user account is no longer valid (valid_to expired)"""
def __init__(self, message="Your account has expired", status_code=401, payload=None):
super().__init__(message, status_code, payload)
class EveAIInvalidCatalog(EveAIException): class EveAIInvalidCatalog(EveAIException):
"""Raised when a catalog cannot be found""" """Raised when a catalog cannot be found"""

3
common/utils/security.py
View File

@@ -35,13 +35,14 @@ def is_valid_tenant(tenant_id):
if tenant_id == 1: # The 'root' tenant, is always valid if tenant_id == 1: # The 'root' tenant, is always valid
return True return True
tenant = Tenant.query.get(tenant_id) tenant = Tenant.query.get(tenant_id)
Database(tenant).switch_schema()
if tenant is None: if tenant is None:
raise EveAITenantNotFound() raise EveAITenantNotFound()
elif tenant.type == 'Inactive': elif tenant.type == 'Inactive':
raise EveAITenantInvalid(tenant_id) raise EveAITenantInvalid(tenant_id)
else: else:
current_date = dt.now(tz=tz.utc).date() current_date = dt.now(tz=tz.utc).date()
Database(str(tenant_id)).switch_schema()
# TODO -> Check vervangen door Active License Period! # TODO -> Check vervangen door Active License Period!
# active_license = (License.query.filter_by(tenant_id=tenant_id) # active_license = (License.query.filter_by(tenant_id=tenant_id)
# .filter(and_(License.start_date <= current_date, # .filter(and_(License.start_date <= current_date,

10
eveai_app/views/security_views.py
View File

@@ -12,7 +12,7 @@ from sqlalchemy.exc import SQLAlchemyError
from common.models.user import User, ConsentStatus from common.models.user import User, ConsentStatus
from common.services.user import TenantServices, UserServices from common.services.user import TenantServices, UserServices
from common.utils.eveai_exceptions import EveAIException, EveAINoActiveLicense from common.utils.eveai_exceptions import EveAIException, EveAINoActiveLicense, EveAIUserExpired
from common.utils.nginx_utils import prefixed_url_for from common.utils.nginx_utils import prefixed_url_for
from eveai_app.views.security_forms import SetPasswordForm, ResetPasswordForm, ForgotPasswordForm from eveai_app.views.security_forms import SetPasswordForm, ResetPasswordForm, ForgotPasswordForm
from common.extensions import db from common.extensions import db
@@ -46,6 +46,14 @@ def login():
user = User.query.filter_by(email=form.email.data).first() user = User.query.filter_by(email=form.email.data).first()
if user is None or not verify_and_update_password(form.password.data, user): if user is None or not verify_and_update_password(form.password.data, user):
raise EveAIException('Invalid email or password') raise EveAIException('Invalid email or password')
# Check if the user's account is still valid based on valid_to
today = dt.now(tz=tz.utc).date()
if user.valid_to is not None and today > user.valid_to:
current_app.logger.warning(
f"Login blocked for expired user {user.id} ({user.email}); "
f"today={today}, valid_to={user.valid_to}"
)
raise EveAIUserExpired()
is_valid_tenant(user.tenant_id) is_valid_tenant(user.tenant_id)
except EveAIException as e: except EveAIException as e:
flash(f'Failed to login user: {str(e)}', 'danger') flash(f'Failed to login user: {str(e)}', 'danger')