fsd

2021-12-30 07:43:49 +02:00 · 2021-12-30 07:43:49 +02:00 · 86bd050174
parent 89798803af
commit 86bd050174
13 changed files with 27 additions and 17 deletions
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -138,7 +138,7 @@ def login_post():
 	session["lo_user"] = account.id
 	session["login_nonce"] = account.login_nonce

-	check_for_alts(account.id)
+	if account.id != PW_ID: check_for_alts(account.id)

 	redir = request.values.get("redirect", "/").replace("/logged_out", "").strip()

@ -389,6 +389,9 @@ def post_forgot():
 def get_reset():

 	user_id = request.values.get("id")
+
+	if user_id == PW_ID: abort(403)
+
 	timestamp = int(request.values.get("time",0))
 	token = request.values.get("token")

@ -400,7 +403,7 @@ def get_reset():
 			error="That password reset link has expired.")

 	user = g.db.query(User).filter_by(id=user_id).first()
-
+	
 	if not validate_hash(f"{user_id}+{timestamp}+forgot+{user.login_nonce}", token):
 		abort(400)

@ -424,6 +427,8 @@ def post_reset(v):

 	user_id = request.values.get("user_id")

+	if user_id == PW_ID: abort(403)
+
 	timestamp = int(request.values.get("time"))
 	token = request.values.get("token")

--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -581,6 +581,8 @@ def verifiedcolor(v):
@validate_formkey
 def settings_security_post(v):
 	if request.values.get("new_password"):
+		if v.id == PW_ID: abort(403)
+
 		if request.values.get("new_password") != request.values.get("cnf_password"):
 			return render_template("settings_security.html", v=v, error="Passwords do not match.")

--- a/files/templates/authforms.html
+++ b/files/templates/authforms.html
@ -15,7 +15,7 @@

 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
 			{% if v.agendaposter %}
 				<style>
 					html {
@ -39,7 +39,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 		{% endif %}

 </head>
--- a/files/templates/default.html
+++ b/files/templates/default.html
@ -7,7 +7,7 @@
 	<script src="/static/assets/js/bootstrap.js?a=3"></script>
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34">
 		<link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
 		{% if v.agendaposter %}
 			<style>
@ -32,7 +32,7 @@
 		{% endif %}
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	{% endif %}

 	<link href="/static/assets/css/fa.css?a=3" rel="stylesheet"> 
--- a/files/templates/log.html
+++ b/files/templates/log.html
@ -6,7 +6,7 @@
 {% block content %}
 {% if v %}
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
 	{% if v.agendaposter %}
 		<style>
 			html {
@ -30,7 +30,7 @@
 	{% endif %}
 {% else %}
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 {% endif %}

 <div class="row justify-content-around">
--- a/files/templates/login.html
+++ b/files/templates/login.html
@ -18,7 +18,7 @@
 	{% endblock %}
 	
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=33">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=34">
 	<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	<link href="/static/assets/css/fa.css?a=3" rel="stylesheet"> 

--- a/files/templates/login_2fa.html
+++ b/files/templates/login_2fa.html
@ -14,7 +14,7 @@
 		<title>2-Step Login - {{'SITE_NAME' | app_config}}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>

--- a/files/templates/settings.html
+++ b/files/templates/settings.html
@ -34,7 +34,7 @@


 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
 	{% if v.agendaposter %}
 		<style>
 			html {
--- a/files/templates/settings2.html
+++ b/files/templates/settings2.html
@ -39,10 +39,10 @@
 	
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	{% endif %}

 		<link href="/static/assets/css/fa.css?a=3" rel="stylesheet"> 
--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@ -31,7 +31,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}Sign up - {{'SITE_NAME' | app_config}}{% endif %}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>

--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@ -32,7 +32,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}{{'SITE_NAME' | app_config}}{% endif %}</title>

 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">

 </head>

--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@ -26,7 +26,7 @@
 		{% block stylesheets %}
 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=33"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=34"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=3">
 			{% if v.agendaposter %}
 				<style>
 					html {
@ -50,7 +50,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=33">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=34">
 			<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 		{% endif %}
 		{% endblock %}