BUGFIX: Google OAuth accounts password now cannot be reset

2025-03-07 02:47:47 +00:00
parent 29f4400e8c
commit cc62cf400f
3 changed files with 16 additions and 3 deletions
--- a/web_server/blueprints/user.py
+++ b/web_server/blueprints/user.py
@@ -196,10 +196,12 @@ def user_forgot_password(email):
    Initializes the function to handle password reset
    """
    exists = email_exists(email)
-    if(exists):
+    password = has_password(email)
+    # Checks if password exists and is not a Google OAuth account
+    if(exists and password):
        send_email(email, lambda: forgot_password_body(email))
        return email
-    return jsonify({"error":"email not found"}), 404
+    return jsonify({"error":"Invalid email or not found"}), 404

@user_bp.route("/send_newsletter/<string:email>", methods=["POST"])
 def send_newsletter(email):
--- a/web_server/utils/user_utils.py
+++ b/web_server/utils/user_utils.py
@@ -38,6 +38,18 @@ def update_bio(user_id: int, bio: str):
            WHERE user_id = ?
        """, (bio, user_id))

+def has_password(email: str):
+    """
+    Returns if account associated with this email has password, i.e is account from Google OAuth
+    """
+    with Database() as db:
+        data = db.fetchone("""
+                SELECT password
+                FROM users
+                WHERE email = ?           
+        """, (email,))
+    return False if data["password"] == None else True
+
 def get_session_info_email(email: str) -> dict:
    """
    Returns username and user_id given email