Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-12-09 03:45:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: Security Issues (#3530)

Browse Source 
Co-authored-by: boc-the-git <3479092+boc-the-git@users.noreply.github.com>
This commit is contained in:
Michael Genson
2024-04-30 15:53:55 -05:00
committed by GitHub
parent 2ff37c86d6
commit ec458a0a08
7 changed files with 11 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mealie/routes/auth/auth.py
View File

@@ -72,3 +72,9 @@ async def refresh_token(current_user: PrivateUser = Depends(get_current_user)):
"""Use a valid token to get another token"""
access_token = security.create_access_token(data=dict(sub=str(current_user.id)))
return MealieAuthToken.respond(access_token)
@user_router.post("/logout")
async def logout(response: Response):
response.delete_cookie("mealie.access_token")
return {"message": "Logged out"}

13
mealie/routes/users/crud.py
View File

@@ -11,14 +11,7 @@ from mealie.routes.users._helpers import assert_user_change_allowed
from mealie.schema.response import ErrorResponse, SuccessResponse
from mealie.schema.response.pagination import PaginationQuery
from mealie.schema.user import ChangePassword, UserBase, UserIn, UserOut
from mealie.schema.user.user import (
GroupInDB,
UserPagination,
UserRatings,
UserRatingSummary,
UserSummary,
UserSummaryPagination,
)
from mealie.schema.user.user import UserPagination, UserRatings, UserRatingSummary, UserSummary, UserSummaryPagination
user_router = UserAPIRouter(prefix="/users", tags=["Users: CRUD"])
admin_router = AdminAPIRouter(prefix="/users", tags=["Users: Admin CRUD"])
@@ -100,10 +93,6 @@ class UserController(BaseUserController):
def get_logged_in_user_favorites(self):
return UserRatings(ratings=self.repos.user_ratings.get_by_user(self.user.id, favorites_only=True))
@user_router.get("/self/group", response_model=GroupInDB)
def get_logged_in_user_group(self):
return self.group
@user_router.put("/password")
def update_password(self, password_change: ChangePassword):
"""Resets the User Password"""

2
mealie/schema/user/user.py
View File

@@ -206,7 +206,7 @@ class UpdateGroup(GroupBase):
class GroupInDB(UpdateGroup):
users: list[UserOut] | None = None
users: list[UserSummary] | None = None
preferences: ReadGroupPreferences | None = None
webhooks: list[ReadWebhook] = []