Triplehx3/contentdb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use GitHub user ids instead of usernames for authentication

Browse Source 
Otherwise, renaming a GitHub account could allow someone else
to gain access to a CDB account.
This commit is contained in:
rubenwardy
2024-03-30 16:52:17 +00:00
parent a8d2cc0383
commit f5dd77fcb3
8 changed files with 118 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/users.py
View File

@@ -144,6 +144,7 @@ class User(db.Model, UserMixin):
# Account linking
github_username = db.Column(db.String(50, collation="NOCASE"), nullable=True, unique=True)
github_user_id = db.Column(db.Integer, nullable=True, unique=True)
forums_username = db.Column(db.String(50, collation="NOCASE"), nullable=True, unique=True)
# Access token for webhook setup