Merge pull request #79 from libris/bugfix/no-passwd

Bugfix/no passwd
libris · Oct 26, 2017 · 79f4cc1 · 79f4cc1
2 parents 1f92ce4 + ba886ae
commit 79f4cc1
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 14 deletions.
diff --git a/README.rst b/README.rst
@@ -183,6 +183,13 @@ DB Models
 Changelog
 =========
 
+v. 0.4.5
+--------
+
+* Bug fixes (`#75 <https://github.com/libris/xl_auth/issues/75>`_,
+  `#76 <https://github.com/libris/xl_auth/issues/76>`_)
+
+
 v. 0.4.4
 --------
 

diff --git a/migrations/script.py.mako b/migrations/script.py.mako
@@ -1,15 +1,17 @@
-"""${message}
+"""${message}.
 
 Revision ID: ${up_revision}
 Revises: ${down_revision | comma,n}
 Create Date: ${create_date}
 
 """
-from alembic import op
+
+from __future__ import absolute_import, division, print_function, unicode_literals
+
 import sqlalchemy as sa
+from alembic import op
 ${imports if imports else ""}
-
-# revision identifiers, used by Alembic.
+# Revision identifiers, used by Alembic.
 revision = ${repr(up_revision)}
 down_revision = ${repr(down_revision)}
 branch_labels = ${repr(branch_labels)}

diff --git a/migrations/versions/c9e1cd58c4a7_make_user_password_friends_non_nullable.py b/migrations/versions/c9e1cd58c4a7_make_user_password_friends_non_nullable.py
@@ -0,0 +1,34 @@
+"""Make user password and friends non-nullable.
+
+Revision ID: c9e1cd58c4a7
+Revises: bc2c31758e2a
+Create Date: 2017-10-26 16:19:22.453941
+
+"""
+
+from __future__ import absolute_import, division, print_function, unicode_literals
+
+import sqlalchemy as sa
+from alembic import op
+
+# Revision identifiers, used by Alembic.
+revision = 'c9e1cd58c4a7'
+down_revision = 'bc2c31758e2a'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    """Make columns 'active', 'is_admin' and 'password' non-nullable."""
+    with op.batch_alter_table('users', schema=None) as batch_op:
+        batch_op.alter_column('active', existing_type=sa.BOOLEAN(), nullable=False)
+        batch_op.alter_column('is_admin', existing_type=sa.BOOLEAN(), nullable=False)
+        batch_op.alter_column('password', existing_type=sa.BLOB(), nullable=False)
+
+
+def downgrade():
+    """Make things nullable again."""
+    with op.batch_alter_table('users', schema=None) as batch_op:
+        batch_op.alter_column('password', existing_type=sa.BLOB(), nullable=True)
+        batch_op.alter_column('is_admin', existing_type=sa.BOOLEAN(), nullable=True)
+        batch_op.alter_column('active', existing_type=sa.BOOLEAN(), nullable=True)
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xl_auth",
-  "version": "0.4.4",
+  "version": "0.4.5",
   "author": "National Library of Sweden",
   "license": "Apache-2.0",
   "description": "OAuth2 authorization for LibrisXL, replacing BibDB counterpart",

diff --git a/tests/models/test_user.py b/tests/models/test_user.py
@@ -33,11 +33,11 @@ def test_created_at_defaults_to_datetime():
 
 
 @pytest.mark.usefixtures('db')
-def test_password_is_nullable():
-    """Test null password."""
+def test_password_defaults_to_a_random_one():
+    """Test empty password field is assigned some random password, instead of being set to tull."""
     user = User(email='[email protected]', full_name='Mr. Foo Bar')
     user.save()
-    assert user.password is None
+    assert user.password is not None
 
 
 @pytest.mark.usefixtures('db')

diff --git a/xl_auth/user/models.py b/xl_auth/user/models.py
@@ -5,6 +5,8 @@
 
 import datetime as dt
 import hashlib
+from binascii import hexlify
+from os import urandom
 
 from flask_login import UserMixin
 
@@ -35,20 +37,20 @@ class User(UserMixin, SurrogatePK, Model):
     __tablename__ = 'users'
     email = Column(db.String(255), unique=True, nullable=False)
     full_name = Column(db.String(255), unique=False, nullable=False)
-    password = Column(db.Binary(128), nullable=True)
-    active = Column(db.Boolean(), default=False)
-    is_admin = Column(db.Boolean(), default=False)
+    password = Column(db.Binary(128), nullable=False)
+    active = Column(db.Boolean(), default=False, nullable=False)
+    is_admin = Column(db.Boolean(), default=False, nullable=False)
     permissions = relationship('Permission', back_populates='user')
     roles = relationship('Role', back_populates='user')
-    created_at = Column(db.DateTime, nullable=False, default=dt.datetime.utcnow)
+    created_at = Column(db.DateTime, default=dt.datetime.utcnow, nullable=False)
 
     def __init__(self, email, full_name, password=None, **kwargs):
         """Create instance."""
         db.Model.__init__(self, email=email, full_name=full_name, **kwargs)
         if password:
             self.set_password(password)
         else:
-            self.password = None
+            self.set_password(hexlify(urandom(16)))
 
     def set_password(self, password):
         """Set password."""