Fixed: Check if all required arguments are set in change requests from the admin panel. Also removed the requirement to enter the current password in order to change the touchkey.
This commit is contained in:
parent
c74a0d734e
commit
c3a7f3cf16
4 changed files with 19 additions and 5 deletions
|
@ -40,6 +40,8 @@ def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> No
|
|||
change = str(args.change)
|
||||
|
||||
if change == 'account':
|
||||
if 'username' not in args or 'email' not in args:
|
||||
return
|
||||
username = str(args.username)
|
||||
email = str(args.email)
|
||||
if len(email) == 0:
|
||||
|
@ -55,6 +57,8 @@ def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> No
|
|||
user.email = oldmail
|
||||
|
||||
elif change == 'password':
|
||||
if 'oldpass' not in args or 'newpass' not in args or 'newpass2' not in args:
|
||||
return
|
||||
oldpass = str(args.oldpass)
|
||||
newpass = str(args.newpass)
|
||||
newpass2 = str(args.newpass2)
|
||||
|
@ -63,13 +67,16 @@ def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> No
|
|||
db.change_password(user, oldpass, newpass)
|
||||
|
||||
elif change == 'touchkey':
|
||||
oldpass = str(args.oldpass)
|
||||
if 'touchkey' not in args:
|
||||
return
|
||||
touchkey = str(args.touchkey)
|
||||
if len(touchkey) == 0:
|
||||
touchkey = None
|
||||
db.change_touchkey(user, oldpass, touchkey)
|
||||
db.change_touchkey(user, '', touchkey, verify_password=False)
|
||||
|
||||
elif change == 'avatar':
|
||||
if 'avatar' not in args:
|
||||
return
|
||||
avatar = bytes(args.avatar)
|
||||
os.makedirs('./static/img/thumbnails/users/', exist_ok=True)
|
||||
with open(f'./static/img/thumbnails/users/{user.id}.png', 'wb') as f:
|
||||
|
@ -84,6 +91,8 @@ def handle_admin_change(args: RequestArguments, db: MatematDatabase):
|
|||
change = str(args.adminchange)
|
||||
|
||||
if change == 'newuser':
|
||||
if 'username' not in args or 'email' not in args or 'password' not in args:
|
||||
return
|
||||
username = str(args.username)
|
||||
email = str(args.email)
|
||||
if len(email) == 0:
|
||||
|
@ -94,6 +103,8 @@ def handle_admin_change(args: RequestArguments, db: MatematDatabase):
|
|||
db.create_user(username, password, email, member=is_member, admin=is_admin)
|
||||
|
||||
elif change == 'newproduct':
|
||||
if 'name' not in args or 'price_member' not in args or 'price_non_member' not in args:
|
||||
return
|
||||
name = str(args.name)
|
||||
price_member = int(str(args.pricemember))
|
||||
price_non_member = int(str(args.pricenonmember))
|
||||
|
@ -105,6 +116,8 @@ def handle_admin_change(args: RequestArguments, db: MatematDatabase):
|
|||
f.write(image)
|
||||
|
||||
elif change == 'restock':
|
||||
if 'productid' not in args or 'amount' not in args:
|
||||
return
|
||||
productid = int(str(args.productid))
|
||||
amount = int(str(args.amount))
|
||||
product = db.get_product(productid)
|
||||
|
|
|
@ -52,6 +52,8 @@ def handle_change(args: RequestArguments, product: Product, db: MatematDatabase)
|
|||
pass
|
||||
|
||||
elif change == 'update':
|
||||
if 'name' not in args or 'pricemember' not in args or 'pricenonmember' not in args or 'stock' not in args:
|
||||
return
|
||||
name = str(args.name)
|
||||
price_member = int(str(args.pricemember))
|
||||
price_non_member = int(str(args.pricenonmember))
|
||||
|
|
|
@ -52,6 +52,8 @@ def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> No
|
|||
pass
|
||||
|
||||
elif change == 'update':
|
||||
if 'username' not in args or 'email' not in args or 'password' not in args or 'balance' not in args:
|
||||
return
|
||||
username = str(args.username)
|
||||
email = str(args.email)
|
||||
password = str(args.password)
|
||||
|
|
|
@ -52,9 +52,6 @@
|
|||
<h2>Touchkey</h2>
|
||||
|
||||
<form id="admin-touchkey-form" method="post" action="/admin?change=touchkey" accept-charset="UTF-8">
|
||||
<label for="admin-touchkey-oldpass">Current password: </label>
|
||||
<input id="admin-touchkey-oldpass" type="password" name="oldpass" /><br/>
|
||||
|
||||
Draw a new touchkey (leave empty to disable):
|
||||
<br/>
|
||||
{% include "touchkey.svg" %}
|
||||
|
|
Loading…
Reference in a new issue