2 # Copyright (C) 2018 rubenwardy
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <https://www.gnu.org/licenses/>.
19 from flask_user import *
20 from flask_login import login_user, logout_user
21 from app import markdown
23 from app.models import *
24 from flask_wtf import FlaskForm
26 from wtforms.validators import *
27 from app.utils import randomString, loginUser, rank_required
28 from app.tasks.forumtasks import checkForumAccount
29 from app.tasks.emails import sendVerifyEmail, sendEmailRaw
30 from app.tasks.phpbbparser import getProfile
32 # Define the User profile form
33 class UserProfileForm(FlaskForm):
34 display_name = StringField("Display name", [Optional(), Length(2, 20)])
35 email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])
36 website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
37 donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
38 rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
39 submit = SubmitField("Save")
42 @bp.route("/users/", methods=["GET"])
44 users = User.query.order_by(db.desc(User.rank), db.asc(User.display_name)).all()
45 return render_template("users/list.html", users=users)
48 @bp.route("/users/<username>/", methods=["GET", "POST"])
49 def profile(username):
50 user = User.query.filter_by(username=username).first()
55 if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
56 user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
57 user.checkPerm(current_user, Permission.CHANGE_RANK):
59 form = UserProfileForm(formdata=request.form, obj=user)
62 if request.method=="POST" and form.validate():
63 # Copy form fields to user_profile fields
64 if user.checkPerm(current_user, Permission.CHANGE_DNAME):
65 user.display_name = form["display_name"].data
66 user.website_url = form["website_url"].data
67 user.donate_url = form["donate_url"].data
69 if user.checkPerm(current_user, Permission.CHANGE_RANK):
70 newRank = form["rank"].data
71 if current_user.rank.atLeast(newRank):
72 user.rank = form["rank"].data
74 flash("Can't promote a user to a rank higher than yourself!", "error")
76 if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
77 newEmail = form["email"].data
78 if newEmail != user.email and newEmail.strip() != "":
79 token = randomString(32)
81 ver = UserEmailVerification()
88 task = sendVerifyEmail.delay(newEmail, token)
89 return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))
94 # Redirect to home page
95 return redirect(url_for("users.profile", username=username))
97 packages = user.packages.filter_by(soft_deleted=False)
98 if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
99 packages = packages.filter_by(approved=True)
100 packages = packages.order_by(db.asc(Package.title))
103 if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR):
104 topics_to_add = ForumTopic.query \
105 .filter_by(author_id=user.id) \
106 .filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
107 .order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
110 # Process GET or invalid POST
111 return render_template("users/profile.html",
112 user=user, form=form, packages=packages, topics_to_add=topics_to_add)
115 @bp.route("/users/<username>/check/", methods=["POST"])
117 def user_check(username):
118 user = User.query.filter_by(username=username).first()
122 if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):
125 if user.forums_username is None:
128 task = checkForumAccount.delay(user.forums_username)
129 next_url = url_for("users.profile", username=username)
131 return redirect(url_for("tasks.check", id=task.id, r=next_url))
134 class SendEmailForm(FlaskForm):
135 subject = StringField("Subject", [InputRequired(), Length(1, 300)])
136 text = TextAreaField("Message", [InputRequired()])
137 submit = SubmitField("Send")
140 @bp.route("/users/<username>/email/", methods=["GET", "POST"])
141 @rank_required(UserRank.MODERATOR)
142 def send_email(username):
143 user = User.query.filter_by(username=username).first()
147 next_url = url_for("users.profile", username=user.username)
149 if user.email is None:
150 flash("User has no email address!", "error")
151 return redirect(next_url)
153 form = SendEmailForm(request.form)
154 if form.validate_on_submit():
155 text = form.text.data
156 html = markdown(text)
157 task = sendEmailRaw.delay([user.email], form.subject.data, text, html)
158 return redirect(url_for("tasks.check", id=task.id, r=next_url))
160 return render_template("users/send_email.html", form=form)
164 class SetPasswordForm(FlaskForm):
165 email = StringField("Email", [Optional(), Email()])
166 password = PasswordField("New password", [InputRequired(), Length(2, 100)])
167 password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])
168 submit = SubmitField("Save")
170 @bp.route("/user/set-password/", methods=["GET", "POST"])
173 if current_user.password is not None:
174 return redirect(url_for("user.change_password"))
176 form = SetPasswordForm(request.form)
177 if current_user.email == None:
178 form.email.validators = [InputRequired(), Email()]
180 if request.method == "POST" and form.validate():
181 one = form.password.data
182 two = form.password2.data
185 hashed_password = user_manager.hash_password(form.password.data)
188 user_manager.update_password(current_user, hashed_password)
190 # Send 'password_changed' email
191 if user_manager.enable_email and user_manager.send_password_changed_email and current_user.email:
192 emails.send_password_changed_email(current_user)
194 # Send password_changed signal
195 signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
197 # Prepare one-time system message
198 flash('Your password has been changed successfully.', 'success')
200 newEmail = form["email"].data
201 if newEmail != current_user.email and newEmail.strip() != "":
202 token = randomString(32)
204 ver = UserEmailVerification()
205 ver.user = current_user
211 task = sendVerifyEmail.delay(newEmail, token)
212 return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
214 return redirect(url_for("users.profile", username=current_user.username))
216 flash("Passwords do not match", "error")
218 return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
221 @bp.route("/user/claim/", methods=["GET", "POST"])
223 username = request.args.get("username")
227 method = request.args.get("method")
228 user = User.query.filter_by(forums_username=username).first()
229 if user and user.rank.atLeast(UserRank.NEW_MEMBER):
230 flash("User has already been claimed", "error")
231 return redirect(url_for("users.claim"))
232 elif user is None and method == "github":
233 flash("Unable to get Github username for user", "error")
234 return redirect(url_for("users.claim"))
236 flash("Unable to find that user", "error")
237 return redirect(url_for("users.claim"))
239 if user is not None and method == "github":
240 return redirect(url_for("users.github_signin"))
243 if "forum_token" in session:
244 token = session["forum_token"]
246 token = randomString(32)
247 session["forum_token"] = token
249 if request.method == "POST":
250 ctype = request.form.get("claim_type")
251 username = request.form.get("username")
253 if username is None or len(username.strip()) < 2:
254 flash("Invalid username", "error")
255 elif ctype == "github":
256 task = checkForumAccount.delay(username)
257 return redirect(url_for("tasks.check", id=task.id, r=url_for("users.claim", username=username, method="github")))
258 elif ctype == "forum":
259 user = User.query.filter_by(forums_username=username).first()
260 if user is not None and user.rank.atLeast(UserRank.NEW_MEMBER):
261 flash("That user has already been claimed!", "error")
262 return redirect(url_for("users.claim"))
267 profile = getProfile("https://forum.minetest.net", username)
268 sig = profile.signature
270 flash("Unable to get forum signature - does the user exist?", "error")
271 return redirect(url_for("users.claim", username=username))
276 user = User(username)
277 user.forums_username = username
282 return redirect(url_for("users.set_password"))
284 flash("Unable to login as user", "error")
285 return redirect(url_for("users.claim", username=username))
288 flash("Could not find the key in your signature!", "error")
289 return redirect(url_for("users.claim", username=username))
291 flash("Unknown claim type", "error")
293 return render_template("users/claim.html", username=username, key=token)
295 @bp.route("/users/verify/")
297 token = request.args.get("token")
298 ver = UserEmailVerification.query.filter_by(token=token).first()
300 flash("Unknown verification token!", "error")
302 ver.user.email = ver.email
303 db.session.delete(ver)
306 if current_user.is_authenticated:
307 return redirect(url_for("users.profile", username=current_user.username))
309 return redirect(url_for("home_page"))