app/views/users.py

   1 # Content DB
   2 # Copyright (C) 2018  rubenwardy
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
  16
  17
  18 from flask import *
  19 from flask_user import *
  20 from flask_login import login_user, logout_user
  21 from flask.ext import menu
  22 from app import app
  23 from app.models import *
  24 from flask_wtf import FlaskForm
  25 from flask_user.forms import RegisterForm
  26 from wtforms import *
  27 from wtforms.validators import *
  28 from app.utils import rank_required, randomString
  29 from app.tasks.forumtasks import checkForumAccount
  30 from app.tasks.emails import sendVerifyEmail
  31
  32 # Define the User profile form
  33 class UserProfileForm(FlaskForm):
  34         display_name = StringField("Display name", [InputRequired(), Length(2, 20)])
  35         email = StringField("Email")
  36         rank = SelectField("Rank", [InputRequired()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
  37         submit = SubmitField("Save")
  38
  39 @app.route("/users/", methods=["GET"])
  40 @rank_required(UserRank.MODERATOR)
  41 def user_list_page():
  42         users = User.query.order_by(db.asc(User.rank), db.asc(User.display_name)).all()
  43         return render_template("users/list.html", users=users)
  44
  45
  46 @app.route("/users/<username>/", methods=["GET", "POST"])
  47 def user_profile_page(username):
  48         user = User.query.filter_by(username=username).first()
  49         if not user:
  50                 abort(404)
  51
  52         form = None
  53         if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
  54                         user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
  55                         user.checkPerm(current_user, Permission.CHANGE_RANK):
  56                 # Initialize form
  57                 form = UserProfileForm(formdata=request.form, obj=user)
  58
  59                 # Process valid POST
  60                 if request.method=="POST" and form.validate():
  61                         # Copy form fields to user_profile fields
  62                         if user.checkPerm(current_user, Permission.CHANGE_DNAME):
  63                                 user.display_name = form["display_name"].data
  64
  65                         if user.checkPerm(current_user, Permission.CHANGE_RANK):
  66                                 newRank = form["rank"].data
  67                                 if current_user.rank.atLeast(newRank):
  68                                         user.rank = form["rank"].data
  69                                 else:
  70                                         flash("Can't promote a user to a rank higher than yourself!", "error")
  71
  72                         if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
  73                                 newEmail = form["email"].data
  74                                 if newEmail != user.email and newEmail.strip() != "":
  75                                         token = randomString(32)
  76
  77                                         ver = UserEmailVerification()
  78                                         ver.user = user
  79                                         ver.token = token
  80                                         ver.email = newEmail
  81                                         db.session.add(ver)
  82                                         db.session.commit()
  83
  84                                         task = sendVerifyEmail.delay(newEmail, token)
  85                                         return redirect(url_for("check_task", id=task.id, r=url_for("user_profile_page", username=username)))
  86
  87                         # Save user_profile
  88                         db.session.commit()
  89
  90                         # Redirect to home page
  91                         return redirect(url_for("user_profile_page", username=username))
  92
  93         # Process GET or invalid POST
  94         return render_template("users/user_profile_page.html",
  95                         user=user, form=form)
  96
  97
  98 @app.route("/users/claim/", methods=["GET", "POST"])
  99 def user_claim_page():
 100         username = request.args.get("username")
 101         if username is None:
 102                 username = ""
 103         else:
 104                 method = request.args.get("method")
 105                 user = User.query.filter_by(forums_username=username).first()
 106                 if user and user.rank.atLeast(UserRank.NEW_MEMBER):
 107                         flash("User has already been claimed", "error")
 108                         return redirect(url_for("user_claim_page"))
 109                 elif user is None and method == "github":
 110                         flash("Unable to get Github username for user", "error")
 111                         return redirect(url_for("user_claim_page"))
 112                 elif user is None:
 113                         flash("Unable to find that user", "error")
 114                         return redirect(url_for("user_claim_page"))
 115
 116                 if user is not None and method == "github":
 117                         return redirect(url_for("github_signin_page"))
 118
 119         if request.method == "POST":
 120                 ctype    = request.form.get("claim_type")
 121                 username = request.form.get("username")
 122
 123                 if username is None or len(username.strip()) < 2:
 124                         flash("Invalid username", "error")
 125                 elif ctype == "github":
 126                         task = checkForumAccount.delay(username)
 127                         return redirect(url_for("check_task", id=task.id, r=url_for("user_claim_page", username=username, method="github")))
 128                 elif ctype == "forum":
 129                         token = request.form.get("token")
 130                         flash("Unimplemented", "error")
 131                 else:
 132                         flash("Unknown claim type", "error")
 133
 134         return render_template("users/claim.html", username=username, key=randomString(32))
 135
 136 @app.route("/users/verify/")
 137 def verify_email_page():
 138         token = request.args.get("token")
 139         ver = UserEmailVerification.query.filter_by(token=token).first()
 140         if ver is None:
 141                 flash("Unknown verification token!", "error")
 142         else:
 143                 ver.user.email = ver.email
 144                 db.session.delete(ver)
 145                 db.session.commit()
 146
 147         if current_user.is_authenticated:
 148                 return redirect(url_for("user_profile_page", username=current_user.username))
 149         else:
 150                 return redirect(url_for("home_page"))