2 # Copyright (C) 2018 rubenwardy
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <https://www.gnu.org/licenses/>.
19 from flask_user import signals, current_user, user_manager
20 from flask_login import login_user, logout_user
21 from app.markdown import render_markdown
23 from app.models import *
24 from flask_wtf import FlaskForm
26 from wtforms.validators import *
27 from app.utils import randomString, loginUser, rank_required, nonEmptyOrNone, addAuditLog
28 from app.tasks.forumtasks import checkForumAccount
29 from app.tasks.emails import sendVerifyEmail, sendEmailRaw
30 from app.tasks.phpbbparser import getProfile
31 from sqlalchemy import func
33 # Define the User profile form
34 class UserProfileForm(FlaskForm):
35 display_name = StringField("Display name", [Optional(), Length(2, 100)])
36 forums_username = StringField("Forums Username", [Optional(), Length(2, 50)])
37 github_username = StringField("GitHub Username", [Optional(), Length(2, 50)])
38 email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])
39 website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
40 donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
41 rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
42 submit = SubmitField("Save")
45 @bp.route("/users/", methods=["GET"])
47 users = db.session.query(User, func.count(Package.id)) \
48 .select_from(User).outerjoin(Package) \
49 .order_by(db.desc(User.rank), db.asc(User.display_name)) \
50 .group_by(User.id).all()
52 return render_template("users/list.html", users=users)
55 @bp.route("/users/<username>/", methods=["GET", "POST"])
56 def profile(username):
57 user = User.query.filter_by(username=username).first()
62 if user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \
63 user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
64 user.checkPerm(current_user, Permission.CHANGE_RANK):
66 form = UserProfileForm(formdata=request.form, obj=user)
69 if request.method=="POST" and form.validate():
70 severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
71 addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name),
72 url_for("users.profile", username=username))
74 # Copy form fields to user_profile fields
75 if user.checkPerm(current_user, Permission.CHANGE_USERNAMES):
76 user.display_name = form.display_name.data
77 user.forums_username = nonEmptyOrNone(form.forums_username.data)
78 user.github_username = nonEmptyOrNone(form.github_username.data)
80 if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
81 user.website_url = form["website_url"].data
82 user.donate_url = form["donate_url"].data
84 if user.checkPerm(current_user, Permission.CHANGE_RANK):
85 newRank = form["rank"].data
86 if current_user.rank.atLeast(newRank):
87 if newRank != user.rank:
88 user.rank = form["rank"].data
89 msg = "Set rank of {} to {}".format(user.display_name, user.rank.getTitle())
90 addAuditLog(AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username))
92 flash("Can't promote a user to a rank higher than yourself!", "danger")
94 if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
95 newEmail = form["email"].data
96 if newEmail != user.email and newEmail.strip() != "":
97 token = randomString(32)
99 msg = "Changed email of {}".format(user.display_name)
100 addAuditLog(severity, current_user, msg, url_for("users.profile", username=username))
102 ver = UserEmailVerification()
109 task = sendVerifyEmail.delay(newEmail, token)
110 return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))
115 # Redirect to home page
116 return redirect(url_for("users.profile", username=username))
118 packages = user.packages.filter(Package.state!=PackageState.DELETED)
119 if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
120 packages = packages.filter_by(state=PackageState.APPROVED)
121 packages = packages.order_by(db.asc(Package.title))
124 if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR):
125 topics_to_add = ForumTopic.query \
126 .filter_by(author_id=user.id) \
127 .filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
128 .order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
131 # Process GET or invalid POST
132 return render_template("users/profile.html",
133 user=user, form=form, packages=packages, topics_to_add=topics_to_add)
136 @bp.route("/users/<username>/check/", methods=["POST"])
138 def user_check(username):
139 user = User.query.filter_by(username=username).first()
143 if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):
146 if user.forums_username is None:
149 task = checkForumAccount.delay(user.forums_username)
150 next_url = url_for("users.profile", username=username)
152 return redirect(url_for("tasks.check", id=task.id, r=next_url))
155 class SendEmailForm(FlaskForm):
156 subject = StringField("Subject", [InputRequired(), Length(1, 300)])
157 text = TextAreaField("Message", [InputRequired()])
158 submit = SubmitField("Send")
161 @bp.route("/users/<username>/email/", methods=["GET", "POST"])
162 @rank_required(UserRank.MODERATOR)
163 def send_email(username):
164 user = User.query.filter_by(username=username).first()
168 next_url = url_for("users.profile", username=user.username)
170 if user.email is None:
171 flash("User has no email address!", "danger")
172 return redirect(next_url)
174 form = SendEmailForm(request.form)
175 if form.validate_on_submit():
176 addAuditLog(AuditSeverity.MODERATION, current_user,
177 "Sent email to {}".format(user.display_name), url_for("users.profile", username=username))
179 text = form.text.data
180 html = render_markdown(text)
181 task = sendEmailRaw.delay([user.email], form.subject.data, text, html)
182 return redirect(url_for("tasks.check", id=task.id, r=next_url))
184 return render_template("users/send_email.html", form=form)
188 class SetPasswordForm(FlaskForm):
189 email = StringField("Email", [Optional(), Email()])
190 password = PasswordField("New password", [InputRequired(), Length(2, 100)])
191 password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])
192 submit = SubmitField("Save")
194 @bp.route("/user/set-password/", methods=["GET", "POST"])
197 if current_user.hasPassword():
198 return redirect(url_for("user.change_password"))
200 form = SetPasswordForm(request.form)
201 if current_user.email == None:
202 form.email.validators = [InputRequired(), Email()]
204 if request.method == "POST" and form.validate():
205 one = form.password.data
206 two = form.password2.data
209 hashed_password = user_manager.hash_password(form.password.data)
212 current_user.password = hashed_password
215 # Send 'password_changed' email
216 if user_manager.USER_ENABLE_EMAIL and current_user.email:
217 user_manager.email_manager.send_password_changed_email(current_user)
219 # Send password_changed signal
220 signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
222 # Prepare one-time system message
223 flash('Your password has been changed successfully.', 'success')
225 newEmail = form["email"].data
226 if newEmail != current_user.email and newEmail.strip() != "":
227 token = randomString(32)
229 ver = UserEmailVerification()
230 ver.user = current_user
236 task = sendVerifyEmail.delay(newEmail, token)
237 return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
239 return redirect(url_for("user.login"))
241 flash("Passwords do not match", "danger")
243 return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
246 @bp.route("/users/verify/")
248 token = request.args.get("token")
249 ver = UserEmailVerification.query.filter_by(token=token).first()
251 flash("Unknown verification token!", "danger")
253 ver.user.email = ver.email
254 db.session.delete(ver)
257 if current_user.is_authenticated:
258 return redirect(url_for("users.profile", username=current_user.username))
260 return redirect(url_for("homepage.home"))