Fix the token generation process

2025-02-15 13:33:21 +02:00 · 2017-10-29 15:39:01 +01:00 · 2017-10-29 15:39:01 +01:00 · 30dfefb24d
commit 30dfefb24d
parent 291fbe7bc4
2 changed files with 7 additions and 4 deletions
--- a/admin/mailu/ui/forms.py
+++ b/admin/mailu/ui/forms.py
@ -105,9 +105,10 @@ class UserReplyForm(flask_wtf.FlaskForm):


 class TokenForm(flask_wtf.FlaskForm):
-    raw_password = fields.StringField(
+    displayed_password = fields.StringField(
        _('Your token (write it down, as it will never be displayed again)')
    )
+    raw_password = fields.HiddenField([validators.DataRequired()])
    comment = fields.StringField(_('Comment'))
    ip = fields.StringField(
        _('Authorized IP'), [validators.Optional(), validators.IPAddress()]
--- a/admin/mailu/ui/views/tokens.py
+++ b/admin/mailu/ui/views/tokens.py
@ -24,12 +24,14 @@ def token_create(user_email):
    user_email = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email) or flask.abort(404)
    form = forms.TokenForm()
-    form.raw_password.data = pwd.genword(entropy=128, charset="hex")
-    wtforms_components.read_only(form.raw_password)
+    wtforms_components.read_only(form.displayed_password)
+    if not form.raw_password.data:
+        form.raw_password.data = pwd.genword(entropy=128, charset="hex")
+        form.displayed_password.data = form.raw_password.data
    if form.validate_on_submit():
        token = models.Token(user=user)
-        form.populate_obj(token)
        token.set_password(form.raw_password.data)
+        form.populate_obj(token)
        db.session.add(token)
        db.session.commit()
        flask.flash('Authentication token created')