Use CoreUser schemas instead of CoreUser models in modules #514

armanddidierjean · 2024-08-07T08:31:29Z

Subject of the issue

Currently, all modules get CoreUser models from the db, using dependencies like is_user_a_member. These modules don't need to manipulate CoreUser models, as they won't modify them.
Usually, they just use data about the user, like its name.

The model CoreUser contains sensitive information, like the password hash. Some module could accidentally leak them by logging or returning them in the http response.

Proposed solution

Dependencies (like is_user_a_member) could return a CoreUser schema.
If some modules use cruds from cruds_user, we could replace them by utils returning CoreUser schemas.

The text was updated successfully, but these errors were encountered:

armanddidierjean added enhancement New feature or request good first issue Good for newcomers core labels Aug 7, 2024

armanddidierjean changed the title ~~Use User schemas instead of models in modules~~ Use CoreUser schemas instead of CoreUser models in modules Aug 7, 2024

Marc-Andrieu removed the good first issue Good for newcomers label Nov 19, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use CoreUser schemas instead of CoreUser models in modules #514

Use CoreUser schemas instead of CoreUser models in modules #514

armanddidierjean commented Aug 7, 2024

Use CoreUser schemas instead of CoreUser models in modules #514

Use CoreUser schemas instead of CoreUser models in modules #514

Comments

armanddidierjean commented Aug 7, 2024

Subject of the issue

Proposed solution