From 30dfefb24d97297c82c9385dce9cfb78068c050d Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sun, 29 Oct 2017 15:39:01 +0100 Subject: [PATCH] Fix the token generation process --- admin/mailu/ui/forms.py | 3 ++- admin/mailu/ui/views/tokens.py | 8 +++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/admin/mailu/ui/forms.py b/admin/mailu/ui/forms.py index bd371eec..fa2ec1dc 100644 --- a/admin/mailu/ui/forms.py +++ b/admin/mailu/ui/forms.py @@ -105,9 +105,10 @@ class UserReplyForm(flask_wtf.FlaskForm): class TokenForm(flask_wtf.FlaskForm): - raw_password = fields.StringField( + displayed_password = fields.StringField( _('Your token (write it down, as it will never be displayed again)') ) + raw_password = fields.HiddenField([validators.DataRequired()]) comment = fields.StringField(_('Comment')) ip = fields.StringField( _('Authorized IP'), [validators.Optional(), validators.IPAddress()] diff --git a/admin/mailu/ui/views/tokens.py b/admin/mailu/ui/views/tokens.py index 312d8a49..4b9881af 100644 --- a/admin/mailu/ui/views/tokens.py +++ b/admin/mailu/ui/views/tokens.py @@ -24,12 +24,14 @@ def token_create(user_email): user_email = user_email or flask_login.current_user.email user = models.User.query.get(user_email) or flask.abort(404) form = forms.TokenForm() - form.raw_password.data = pwd.genword(entropy=128, charset="hex") - wtforms_components.read_only(form.raw_password) + wtforms_components.read_only(form.displayed_password) + if not form.raw_password.data: + form.raw_password.data = pwd.genword(entropy=128, charset="hex") + form.displayed_password.data = form.raw_password.data if form.validate_on_submit(): token = models.Token(user=user) - form.populate_obj(token) token.set_password(form.raw_password.data) + form.populate_obj(token) db.session.add(token) db.session.commit() flask.flash('Authentication token created')