Allow adding users from the admin panel

2022-10-09 14:55:49 +02:00
parent 650130d33c
commit f4e543b1f7
3 changed files with 46 additions and 2 deletions
--- a/db/sqlite.py
+++ b/db/sqlite.py
@@ -360,7 +360,10 @@ class DB:
            return True
        return False

-    def add_user(self, username, password, time):
+    def register_user(self, username, password, time):
+        '''
+        Add a user if registrations are enabled.
+        '''
        try:
            db = self._db()
            c = db.cursor()
@@ -380,6 +383,27 @@ class DB:
            # User already exists, probably
            return False

+    def add_user(self, username, password, time):
+        '''
+        Add a user without checking if registrations are enabled.
+        '''
+        try:
+            db = self._db()
+            c = db.cursor()
+            c.execute('''
+                insert into users(name, password, join_time)
+                values (lower(?), ?, ?)
+                ''',
+                (username, password, time)
+            )
+            if c.rowcount > 0:
+                db.commit()
+                return True
+            return False
+        except sqlite3.IntegrityError:
+            # User already exists, probably
+            return False
+
    def get_users(self):
        return self._db().execute('''
            select user_id, name, join_time, role, banned_until
--- a/main.py
+++ b/main.py
@@ -335,7 +335,7 @@ def register():
            request.form['answer'],
        ):
            flash('CAPTCHA answer is incorrect', 'error')
-        elif not db.add_user(username, hash_password(password), time.time_ns()):
+        elif not db.register_user(username, hash_password(password), time.time_ns()):
            flash('Failed to create account (username may already be taken)', 'error')
        else:
            flash('Account has been created. You can login now.', 'success')
@@ -491,6 +491,18 @@ def admin_unban_user(user_id):
        flash(str(e), 'error')
    return redirect(url_for('admin'))

+@app.route('/admin/user/new/', methods = ['POST'])
+def admin_new_user():
+    try:
+        name, password = request.form['name'], request.form['password']
+        if db.add_user(name, hash_password(password), time.time_ns()):
+            flash('Added user', 'success')
+        else:
+            flash('Failed to add user', 'error')
+    except Exception as e:
+        flash(str(e), 'error')
+    return redirect(url_for('admin'))
+
@app.route('/admin/restart/', methods = ['POST'])
 def admin_restart():
    chk, user = _admin_check()
--- a/templates/admin/index.html
+++ b/templates/admin/index.html
@@ -114,4 +114,12 @@
 </tr>
 {%- endfor -%}
 </table>
+<h3>Add user</h3>
+<form method=post action=user/new/>
+<table>
+<tr><td>Name</td><td><input type=text name=name></td></tr>
+<tr><td>Password</td><td><input type=password name=password></td></tr>
+</table>
+<input type=submit value="Add user">
+</form>
 {%- endblock %}