app/blueprints/users/profile.py

   1 # Content DB
   2 # Copyright (C) 2018  rubenwardy
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16
  17
  18 from flask import *
  19 from flask_user import *
  20 from flask_login import login_user, logout_user
  21 from app import markdown
  22 from . import bp
  23 from app.models import *
  24 from flask_wtf import FlaskForm
  25 from wtforms import *
  26 from wtforms.validators import *
  27 from app.utils import randomString, loginUser, rank_required
  28 from app.tasks.forumtasks import checkForumAccount
  29 from app.tasks.emails import sendVerifyEmail, sendEmailRaw
  30 from app.tasks.phpbbparser import getProfile
  31
  32 # Define the User profile form
  33 class UserProfileForm(FlaskForm):
  34         display_name = StringField("Display name", [Optional(), Length(2, 20)])
  35         email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])
  36         website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
  37         donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
  38         rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
  39         submit = SubmitField("Save")
  40
  41
  42 @bp.route("/users/", methods=["GET"])
  43 def list_all():
  44         users = User.query.order_by(db.desc(User.rank), db.asc(User.display_name)).all()
  45         return render_template("users/list.html", users=users)
  46
  47
  48 @bp.route("/users/<username>/", methods=["GET", "POST"])
  49 def profile(username):
  50         user = User.query.filter_by(username=username).first()
  51         if not user:
  52                 abort(404)
  53
  54         form = None
  55         if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
  56                         user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
  57                         user.checkPerm(current_user, Permission.CHANGE_RANK):
  58                 # Initialize form
  59                 form = UserProfileForm(formdata=request.form, obj=user)
  60
  61                 # Process valid POST
  62                 if request.method=="POST" and form.validate():
  63                         # Copy form fields to user_profile fields
  64                         if user.checkPerm(current_user, Permission.CHANGE_DNAME):
  65                                 user.display_name = form["display_name"].data
  66                                 user.website_url  = form["website_url"].data
  67                                 user.donate_url   = form["donate_url"].data
  68
  69                         if user.checkPerm(current_user, Permission.CHANGE_RANK):
  70                                 newRank = form["rank"].data
  71                                 if current_user.rank.atLeast(newRank):
  72                                         user.rank = form["rank"].data
  73                                 else:
  74                                         flash("Can't promote a user to a rank higher than yourself!", "error")
  75
  76                         if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
  77                                 newEmail = form["email"].data
  78                                 if newEmail != user.email and newEmail.strip() != "":
  79                                         token = randomString(32)
  80
  81                                         ver = UserEmailVerification()
  82                                         ver.user  = user
  83                                         ver.token = token
  84                                         ver.email = newEmail
  85                                         db.session.add(ver)
  86                                         db.session.commit()
  87
  88                                         task = sendVerifyEmail.delay(newEmail, token)
  89                                         return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))
  90
  91                         # Save user_profile
  92                         db.session.commit()
  93
  94                         # Redirect to home page
  95                         return redirect(url_for("users.profile", username=username))
  96
  97         packages = user.packages.filter_by(soft_deleted=False)
  98         if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
  99                 packages = packages.filter_by(approved=True)
 100         packages = packages.order_by(db.asc(Package.title))
 101
 102         topics_to_add = None
 103         if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR):
 104                 topics_to_add = ForumTopic.query \
 105                                         .filter_by(author_id=user.id) \
 106                                         .filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
 107                                         .order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
 108                                         .all()
 109
 110         # Process GET or invalid POST
 111         return render_template("users/users.profile.html",
 112                         user=user, form=form, packages=packages, topics_to_add=topics_to_add)
 113
 114
 115 @bp.route("/users/<username>/check/", methods=["POST"])
 116 @login_required
 117 def user_check(username):
 118         user = User.query.filter_by(username=username).first()
 119         if user is None:
 120                 abort(404)
 121
 122         if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):
 123                 abort(403)
 124
 125         if user.forums_username is None:
 126                 abort(404)
 127
 128         task = checkForumAccount.delay(user.forums_username)
 129         next_url = url_for("users.profile", username=username)
 130
 131         return redirect(url_for("tasks.check", id=task.id, r=next_url))
 132
 133
 134 class SendEmailForm(FlaskForm):
 135         subject = StringField("Subject", [InputRequired(), Length(1, 300)])
 136         text    = TextAreaField("Message", [InputRequired()])
 137         submit  = SubmitField("Send")
 138
 139
 140 @bp.route("/users/<username>/email/", methods=["GET", "POST"])
 141 @rank_required(UserRank.MODERATOR)
 142 def send_email(username):
 143         user = User.query.filter_by(username=username).first()
 144         if user is None:
 145                 abort(404)
 146
 147         next_url = url_for("users.profile", username=user.username)
 148
 149         if user.email is None:
 150                 flash("User has no email address!", "error")
 151                 return redirect(next_url)
 152
 153         form = SendEmailForm(request.form)
 154         if form.validate_on_submit():
 155                 text = form.text.data
 156                 html = markdown(text)
 157                 task = sendEmailRaw.delay([user.email], form.subject.data, text, html)
 158                 return redirect(url_for("tasks.check", id=task.id, r=next_url))
 159
 160         return render_template("users/send_email.html", form=form)
 161
 162
 163
 164 class SetPasswordForm(FlaskForm):
 165         email = StringField("Email", [Optional(), Email()])
 166         password = PasswordField("New password", [InputRequired(), Length(2, 100)])
 167         password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])
 168         submit = SubmitField("Save")
 169
 170 @bp.route("/user/set-password/", methods=["GET", "POST"])
 171 @login_required
 172 def set_password():
 173         if current_user.password is not None:
 174                 return redirect(url_for("user.change_password"))
 175
 176         form = SetPasswordForm(request.form)
 177         if current_user.email == None:
 178                 form.email.validators = [InputRequired(), Email()]
 179
 180         if request.method == "POST" and form.validate():
 181                 one = form.password.data
 182                 two = form.password2.data
 183                 if one == two:
 184                         # Hash password
 185                         hashed_password = user_manager.hash_password(form.password.data)
 186
 187                         # Change password
 188                         user_manager.update_password(current_user, hashed_password)
 189
 190                         # Send 'password_changed' email
 191                         if user_manager.enable_email and user_manager.send_password_changed_email and current_user.email:
 192                                 emails.send_password_changed_email(current_user)
 193
 194                         # Send password_changed signal
 195                         signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
 196
 197                         # Prepare one-time system message
 198                         flash('Your password has been changed successfully.', 'success')
 199
 200                         newEmail = form["email"].data
 201                         if newEmail != current_user.email and newEmail.strip() != "":
 202                                 token = randomString(32)
 203
 204                                 ver = UserEmailVerification()
 205                                 ver.user = current_user
 206                                 ver.token = token
 207                                 ver.email = newEmail
 208                                 db.session.add(ver)
 209                                 db.session.commit()
 210
 211                                 task = sendVerifyEmail.delay(newEmail, token)
 212                                 return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
 213                         else:
 214                                 return redirect(url_for("users.profile", username=current_user.username))
 215                 else:
 216                         flash("Passwords do not match", "error")
 217
 218         return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
 219
 220
 221 @bp.route("/user/claim/", methods=["GET", "POST"])
 222 def claim():
 223         username = request.args.get("username")
 224         if username is None:
 225                 username = ""
 226         else:
 227                 method = request.args.get("method")
 228                 user = User.query.filter_by(forums_username=username).first()
 229                 if user and user.rank.atLeast(UserRank.NEW_MEMBER):
 230                         flash("User has already been claimed", "error")
 231                         return redirect(url_for("users.claim"))
 232                 elif user is None and method == "github":
 233                         flash("Unable to get Github username for user", "error")
 234                         return redirect(url_for("users.claim"))
 235                 elif user is None:
 236                         flash("Unable to find that user", "error")
 237                         return redirect(url_for("users.claim"))
 238
 239                 if user is not None and method == "github":
 240                         return redirect(url_for("users.github_signin"))
 241
 242         token = None
 243         if "forum_token" in session:
 244                 token = session["forum_token"]
 245         else:
 246                 token = randomString(32)
 247                 session["forum_token"] = token
 248
 249         if request.method == "POST":
 250                 ctype   = request.form.get("claim_type")
 251                 username = request.form.get("username")
 252
 253                 if username is None or len(username.strip()) < 2:
 254                         flash("Invalid username", "error")
 255                 elif ctype == "github":
 256                         task = checkForumAccount.delay(username)
 257                         return redirect(url_for("tasks.check", id=task.id, r=url_for("users.claim", username=username, method="github")))
 258                 elif ctype == "forum":
 259                         user = User.query.filter_by(forums_username=username).first()
 260                         if user is not None and user.rank.atLeast(UserRank.NEW_MEMBER):
 261                                 flash("That user has already been claimed!", "error")
 262                                 return redirect(url_for("users.claim"))
 263
 264                         # Get signature
 265                         sig = None
 266                         try:
 267                                 profile = getProfile("https://forum.minetest.net", username)
 268                                 sig = profile.signature
 269                         except IOError:
 270                                 flash("Unable to get forum signature - does the user exist?", "error")
 271                                 return redirect(url_for("users.claim", username=username))
 272
 273                         # Look for key
 274                         if token in sig:
 275                                 if user is None:
 276                                         user = User(username)
 277                                         user.forums_username = username
 278                                         db.session.add(user)
 279                                         db.session.commit()
 280
 281                                 if loginUser(user):
 282                                         return redirect(url_for("users.set_password"))
 283                                 else:
 284                                         flash("Unable to login as user", "error")
 285                                         return redirect(url_for("users.claim", username=username))
 286
 287                         else:
 288                                 flash("Could not find the key in your signature!", "error")
 289                                 return redirect(url_for("users.claim", username=username))
 290                 else:
 291                         flash("Unknown claim type", "error")
 292
 293         return render_template("users/claim.html", username=username, key=token)
 294
 295 @bp.route("/users/verify/")
 296 def verify_email():
 297         token = request.args.get("token")
 298         ver = UserEmailVerification.query.filter_by(token=token).first()
 299         if ver is None:
 300                 flash("Unknown verification token!", "error")
 301         else:
 302                 ver.user.email = ver.email
 303                 db.session.delete(ver)
 304                 db.session.commit()
 305
 306         if current_user.is_authenticated:
 307                 return redirect(url_for("users.profile", username=current_user.username))
 308         else:
 309                 return redirect(url_for("home_page"))