Auth0: Remove need for user.password field.

dsoprea · Dec 19, 2017 · 962453f · 962453f
1 parent 069679c
commit 962453f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/example_apps/auth0_app.py b/example_apps/auth0_app.py
@@ -50,7 +50,6 @@ class User(db.Model, UserMixin):
         # User authentication information. The collation='NOCASE' is required
         # to search case insensitively when USER_IFIND_MODE is 'nocase_collation'.
         email = db.Column(db.String(255, collation='NOCASE'), nullable=False, unique=True)
-        password = db.Column(db.String(255), nullable=False, server_default='')
 
         # User information
         first_name = db.Column(db.String(100, collation='NOCASE'), nullable=False, server_default='')

diff --git a/flask_user/templates/flask_user/edit_user_profile.html b/flask_user/templates/flask_user/edit_user_profile.html
@@ -6,18 +6,19 @@ <h1>{%trans%}User profile{%endtrans%}</h1>
 
 <form action="" method="POST" class="form" role="form">
     {{ form.hidden_tag() }}
-    {% for field in form.fields %}
-        {{ render_field(field, tabindex=loop.index) }}
-    {% endfor %}
+    {{ render_field(form.first_name, tabindex=10) }}
+    {{ render_field(form.last_name, tabindex=20) }}
     {{ render_submit_field(form.submit, tabindex=90) }}
 </form>
 <br/>
 
-{% if user_manager.USER_ENABLE_CHANGE_USERNAME %}
-<p><a href="{{ url_for('user.change_username') }}">{%trans%}Change username{%endtrans%}</a></p>
-{% endif %}
-{% if user_manager.USER_ENABLE_CHANGE_PASSWORD %}
-<p><a href="{{ url_for('user.change_password') }}">{%trans%}Change password{%endtrans%}</a></p>
+{% if not user_manager.USER_ENABLE_AUTH0 %}
+    {% if user_manager.USER_ENABLE_CHANGE_USERNAME %}
+        <p><a href="{{ url_for('user.change_username') }}">{%trans%}Change username{%endtrans%}</a></p>
+    {% endif %}
+    {% if user_manager.USER_ENABLE_CHANGE_PASSWORD %}
+        <p><a href="{{ url_for('user.change_password') }}">{%trans%}Change password{%endtrans%}</a></p>
+    {% endif %}
 {% endif %}
 
 {% endblock %}
diff --git a/flask_user/user_mixin.py b/flask_user/user_mixin.py
@@ -23,7 +23,7 @@ def get_id(self):
         user_manager = current_app.user_manager
 
         user_id = self.id
-        password_ends_with = self.password[-8:]
+        password_ends_with = '' if user_manager.USER_ENABLE_AUTH0 else self.password[-8:]
         user_token = user_manager.generate_token(
             user_id,               # User ID
             password_ends_with,    # Last 8 characters of user password
@@ -49,10 +49,10 @@ def get_user_by_token(cls, token, expiration_in_seconds):
             user_id = data_items[0]
             password_ends_with = data_items[1]
             user = user_manager.db_manager.get_user_by_id(user_id)
-
+            user_password = '' if user_manager.USER_ENABLE_AUTH0 else user.password[-8:]
 
             # Make sure that last 8 characters of user password matches
-            token_is_valid = user and user.password[-8:]==password_ends_with
+            token_is_valid = user and user_password==password_ends_with
 
         return user if token_is_valid else None