diff --git a/CHANGELOG b/CHANGELOG index ed628eb99..7750e5e5b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -55,6 +55,8 @@ Users: - Fixed compare of duplicated users while CSV user import [#3201]. - Added fast mass import for users [#3290]. - Removed OPTIONS request. All permissions are now provided on startup [#3306]. +- Added option to enable updating the last_login field in the database. The + default is now disabled [#3400]. Core: - No reload on logoff. OpenSlides is now a full single page diff --git a/openslides/global_settings.py b/openslides/global_settings.py index e47f8fe8a..44ae53e6d 100644 --- a/openslides/global_settings.py +++ b/openslides/global_settings.py @@ -106,7 +106,6 @@ PASSWORD_HASHERS = [ 'django.contrib.auth.hashers.Argon2PasswordHasher', 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher', 'django.contrib.auth.hashers.BCryptPasswordHasher', - 'django.contrib.auth.hashers.MD5PasswordHasher', # MD5 is only used for initial passwords. ] @@ -143,3 +142,6 @@ CHANNEL_LAYERS = { }, }, } + +# Enable updating the last_login field for users on every login. +ENABLE_LAST_LOGIN_FIELD = False diff --git a/openslides/users/apps.py b/openslides/users/apps.py index b50abc8db..6c1a5adcf 100644 --- a/openslides/users/apps.py +++ b/openslides/users/apps.py @@ -1,4 +1,6 @@ from django.apps import AppConfig +from django.conf import settings +from django.contrib.auth.signals import user_logged_in from ..utils.collection import Collection from ..utils.projector import register_projector_elements @@ -32,6 +34,10 @@ class UsersAppConfig(AppConfig): get_permission_change_data, dispatch_uid='users_get_permission_change_data') + # Disconnect the last_login signal + if not settings.ENABLE_LAST_LOGIN_FIELD: + user_logged_in.disconnect(dispatch_uid='update_last_login') + # Register viewsets. router.register(self.get_model('User').get_collection_string(), UserViewSet) router.register(self.get_model('Group').get_collection_string(), GroupViewSet) diff --git a/openslides/users/models.py b/openslides/users/models.py index dff601ee1..d722544d6 100644 --- a/openslides/users/models.py +++ b/openslides/users/models.py @@ -70,7 +70,7 @@ class UserManager(BaseUserManager): username='admin', defaults={'last_name': 'Administrator'}) admin.default_password = 'admin' - admin.password = make_password(admin.default_password, '', 'md5') + admin.password = make_password(admin.default_password) admin.save() admin.groups.add(staff) return created diff --git a/openslides/users/serializers.py b/openslides/users/serializers.py index fcde2e24a..7ec58f599 100644 --- a/openslides/users/serializers.py +++ b/openslides/users/serializers.py @@ -80,7 +80,7 @@ class UserFullSerializer(ModelSerializer): # Prepare setup password. if not validated_data.get('default_password'): validated_data['default_password'] = User.objects.generate_password() - validated_data['password'] = make_password(validated_data['default_password'], '', 'md5') + validated_data['password'] = make_password(validated_data['default_password']) return validated_data def create(self, validated_data): diff --git a/openslides/utils/settings.py.tpl b/openslides/utils/settings.py.tpl index 542b38313..10a196cfe 100644 --- a/openslides/utils/settings.py.tpl +++ b/openslides/utils/settings.py.tpl @@ -136,7 +136,6 @@ MEDIA_ROOT = os.path.join(OPENSLIDES_USER_DATA_PATH, 'media', '') # https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#module-django.contrib.auth.password_validation # AUTH_PASSWORD_VALIDATORS = [] - # Customization of OpenSlides apps MOTION_IDENTIFIER_MIN_DIGITS = 1 diff --git a/tests/example_data_generator/management/commands/create-example-data.py b/tests/example_data_generator/management/commands/create-example-data.py index b395e19ed..b30bd1d6d 100644 --- a/tests/example_data_generator/management/commands/create-example-data.py +++ b/tests/example_data_generator/management/commands/create-example-data.py @@ -193,7 +193,7 @@ class Command(BaseCommand): if staff_users is not None and staff_users > 0: self.stdout.write('Start creating {} staff users ...'.format(staff_users)) group_staff = Group.objects.get(name='Staff') - hashed_password = make_password(PASSWORD, '', 'md5') + hashed_password = make_password(PASSWORD) current_users = list(User.objects.values_list('id', flat=True)) new_users = [] for i in range(staff_users): @@ -223,7 +223,7 @@ class Command(BaseCommand): default_users = options['users'][1] if default_users is not None and default_users > 0: self.stdout.write('Start creating {} default users ...'.format(default_users)) - hashed_password = make_password(PASSWORD, '', 'md5') + hashed_password = make_password(PASSWORD) new_users = [] for i in range(default_users): new_users.append(User(