Improve user authentication error handling

author rubenwardy <rw@rubenwardy.com>

Tue, 14 Apr 2020 13:39:49 +0000 (14:39 +0100)

committer rubenwardy <rw@rubenwardy.com>

Tue, 14 Apr 2020 13:39:59 +0000 (14:39 +0100)
author rubenwardy <rw@rubenwardy.com>
Tue, 14 Apr 2020 13:39:49 +0000 (14:39 +0100)
committer rubenwardy <rw@rubenwardy.com>
Tue, 14 Apr 2020 13:39:59 +0000 (14:39 +0100)
diff --git a/app/blueprints/users/claim.py b/app/blueprints/users/claim.py

index 7c6283d7bbce80b4b173c005eff00030d24f5e08..4e0f1ec576bf0c3bc5c873e6dd8662d4b4026561 100644 (file)
--- a/app/blueprints/users/claim.py
+++ b/app/blueprints/users/claim.py
@@ -34,15 +34,16 @@ def claim():
                 if user and user.rank.atLeast(UserRank.NEW_MEMBER):
                         flash("User has already been claimed", "danger")
                         return redirect(url_for("users.claim"))
-               elif user is None and method == "github":
-                       flash("Unable to get Github username for user", "danger")
-                       return redirect(url_for("users.claim"))
-               elif user is None:
-                       flash("Unable to find that user", "danger")
+               elif method == "github":
+                       if user is None or user.github_username is None:
+                               flash("Unable to get Github username for user", "danger")
+                               return redirect(url_for("users.claim"))
+                       else:
+                               return redirect(url_for("github.start"))
+               elif user is None and request.method == "POST":
+                       flash("Unable to find user", "danger")
                         return redirect(url_for("users.claim"))
  
-               if user is not None and method == "github":
-                       return redirect(url_for("github.start"))
  
         token = None
         if "forum_token" in session:
@@ -70,8 +71,17 @@ def claim():
                         sig = None
                         try:
                                 profile = getProfile("https://forum.minetest.net", username)
-                               sig = profile.signature
-                       except IOError:
+                               sig = profile.signature if profile else None
+                       except IOError as e:
+                               if hasattr(e, 'message'):
+                                       message = e.message
+                               else:
+                                       message = str(e)
+
+                               flash("Error whilst attempting to access forums: " + message, "danger")
+                               return redirect(url_for("users.claim", username=username))
+
+                       if profile is None:
                                 flash("Unable to get forum signature - does the user exist?", "danger")
                                 return redirect(url_for("users.claim", username=username))
  
diff --git a/app/blueprints/users/profile.py b/app/blueprints/users/profile.py

index 177eefef09865d2ad74c5bfd60f644bcaa346eff..f3c697d536cbc656c1e6e85cddbc3f1ea3792446 100644 (file)
--- a/app/blueprints/users/profile.py
+++ b/app/blueprints/users/profile.py
@@ -16,7 +16,7 @@
  
  
  from flask import *
-from flask_user import *
+from flask_user import signals, current_user, user_manager
  from flask_login import login_user, logout_user
  from app.markdown import render_markdown
  from . import bp
@@ -192,7 +192,7 @@ def set_password():
  
                         # Send 'password_changed' email
                         if user_manager.USER_ENABLE_EMAIL and current_user.email:
-                               emails.send_password_changed_email(current_user)
+                               user_manager.email_manager.send_password_changed_email(current_user)
  
                         # Send password_changed signal
                         signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
diff --git a/app/tasks/phpbbparser.py b/app/tasks/phpbbparser.py

index 3df8470989f938d5d0e9eadf03f59d721b265a94..752c7a612a22cd5203203d733296e8a1aea1a229 100644 (file)
--- a/app/tasks/phpbbparser.py
+++ b/app/tasks/phpbbparser.py
@@ -74,7 +74,14 @@ def __extract_signature(soup):
  def getProfile(url, username):
         url = url + "/memberlist.php?mode=viewprofile&un=" + urlEncodeNonAscii(username)
  
-       contents = urllib.request.urlopen(url).read().decode("utf-8")
+       req = urllib.request.urlopen(url, timeout=5)
+       if req.getcode() == 404:
+               return None
+
+       if req.getcode() != 200:
+               raise IOError(req.getcode())
+
+       contents = req.read().decode("utf-8")
         soup = BeautifulSoup(contents, "lxml")
         if soup is None:
                 return None
author	rubenwardy <rw@rubenwardy.com>
	Tue, 14 Apr 2020 13:39:49 +0000 (14:39 +0100)
committer	rubenwardy <rw@rubenwardy.com>
	Tue, 14 Apr 2020 13:39:59 +0000 (14:39 +0100)
app/blueprints/users/claim.py		patch \| blob \| history
app/blueprints/users/profile.py		patch \| blob \| history
app/tasks/phpbbparser.py		patch \| blob \| history