Fixed user able to login with wrong password

[backend] Fixed an issue where user authentication SQLAlchemy query was not correct, resulting in a user being able to login with a wrong password [backend] Fixed an issue where alembic config file would overlap existing loggers configured
joaovitoriasilva · Feb 14, 2024 · 0bc1e0a · 0bc1e0a
1 parent 85be8ca
commit 0bc1e0a
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 4 deletions.
diff --git a/backend/alembic/env.py b/backend/alembic/env.py
@@ -16,7 +16,7 @@
 
 # Interpret the config file for Python logging.
 # This line sets up loggers basically.
-if config.config_file_name is not None:
+if config.attributes.get('configure_logger', True):
     fileConfig(config.config_file_name)
 
 # add your model's MetaData object here

diff --git a/backend/constants.py b/backend/constants.py
@@ -1,7 +1,7 @@
 import os
 
 # Constant related to version
-API_VERSION="v0.1.4"
+API_VERSION="v0.1.5"
 
 # JWT Token constants
 JWT_ALGORITHM = os.environ.get("ALGORITHM")

diff --git a/backend/crud/crud_users.py b/backend/crud/crud_users.py
@@ -23,7 +23,7 @@ def authenticate_user(username: str, password: str, db: Session):
         user = (
             db.query(models.User)
             .filter(
-                models.User.username == username and models.User.password == password
+                models.User.username == username, models.User.password == password
             )
             .first()
         )

diff --git a/backend/main.py b/backend/main.py
@@ -36,6 +36,8 @@ def startup_event():
 
     # Run Alembic migrations to ensure the database is up to date
     alembic_cfg = Config("alembic.ini")
+    # Disable the logger configuration in Alembic to avoid conflicts with FastAPI
+    alembic_cfg.attributes['configure_logger'] = False
     command.upgrade(alembic_cfg, "head")
 
     # Create a scheduler to run background jobs

diff --git a/frontend/inc/Template-Bottom.php b/frontend/inc/Template-Bottom.php
@@ -6,7 +6,7 @@
                                 } else { ?>2023 -
                                         <?php echo date("Y");
                                 } ?> Endurain • <a href="https://github.com/joaovitoriasilva/endurain"
-                                        role="button"><i class="fa-brands fa-github"></i></a> • <a href="https://fosstodon.org/@endurain"><i class="fa-brands fa-mastodon"></i></a> • v0.1.4
+                                        role="button"><i class="fa-brands fa-github"></i></a> • <a href="https://fosstodon.org/@endurain"><i class="fa-brands fa-mastodon"></i></a> • v0.1.5
                         </p>
                         <p class="text-center text-muted"><img src="../img/strava/api_logo_cptblWith_strava_horiz_light.png"
                                         alt="Compatible with STRAVA image" height="25" /></p>