fix: Remove encrypted password when it is unset

2021-04-01 17:48:20 +05:30 · 2021-04-01 17:48:20 +05:30 · bcb01f6491
commit bcb01f6491
parent a1f15245f7
2 changed files with 12 additions and 1 deletions
--- a/frappe/model/base_document.py
+++ b/frappe/model/base_document.py
@ -792,7 +792,7 @@ class BaseDocument(object):

 	def _save_passwords(self):
 		"""Save password field values in __Auth table"""
-		from frappe.utils.password import set_encrypted_password
+		from frappe.utils.password import set_encrypted_password, remove_encrypted_password

 		if self.flags.ignore_save_passwords is True:
 			return
@ -800,6 +800,10 @@ class BaseDocument(object):
 		for df in self.meta.get('fields', {'fieldtype': ('=', 'Password')}):
 			if self.flags.ignore_save_passwords and df.fieldname in self.flags.ignore_save_passwords: continue
 			new_password = self.get(df.fieldname)
+
+			if not new_password:
+				remove_encrypted_password(self.doctype, self.name, df.fieldname)
+
 			if new_password and not self.is_dummy_password(new_password):
 				# is not a dummy password like '*****'
 				set_encrypted_password(self.doctype, self.name, new_password, df.fieldname)
--- a/frappe/utils/password.py
+++ b/frappe/utils/password.py
@ -65,6 +65,13 @@ def set_encrypted_password(doctype, name, pwd, fieldname='password'):
 		raise e


+def remove_encrypted_password(doctype, name, fieldname='password'):
+	frappe.db.sql(
+		'DELETE FROM `__Auth` WHERE doctype = %s and name = %s and fieldname = %s',
+		values=[doctype, name, fieldname]
+	)
+
+
 def check_password(user, pwd, doctype='User', fieldname='password'):
 	'''Checks if user and password are correct, else raises frappe.AuthenticationError'''