contentdb/app/blueprints/users/profile.py

# Content DB
# Copyright (C) 2018  rubenwardy
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.


from flask import *
from flask_user import *
from flask_login import login_user, logout_user
from app.markdown import render_markdown
from . import bp
from app.models import *
from flask_wtf import FlaskForm
from wtforms import *
from wtforms.validators import *
from app.utils import randomString, loginUser, rank_required
from app.tasks.forumtasks import checkForumAccount
from app.tasks.emails import sendVerifyEmail, sendEmailRaw
from app.tasks.phpbbparser import getProfile

# Define the User profile form
class UserProfileForm(FlaskForm):
	display_name = StringField("Display name", [Optional(), Length(2, 20)])
	email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])
	website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
	donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
	rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
	submit = SubmitField("Save")


@bp.route("/users/", methods=["GET"])
def list_all():
	users = User.query.order_by(db.desc(User.rank), db.asc(User.display_name)).all()
	return render_template("users/list.html", users=users)


@bp.route("/users/<username>/", methods=["GET", "POST"])
def profile(username):
	user = User.query.filter_by(username=username).first()
	if not user:
		abort(404)

	form = None
	if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \
			user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
			user.checkPerm(current_user, Permission.CHANGE_RANK):
		# Initialize form
		form = UserProfileForm(formdata=request.form, obj=user)

		# Process valid POST
		if request.method=="POST" and form.validate():
			# Copy form fields to user_profile fields
			if user.checkPerm(current_user, Permission.CHANGE_DNAME):
				user.display_name = form["display_name"].data

			if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
				user.website_url  = form["website_url"].data
				user.donate_url   = form["donate_url"].data

			if user.checkPerm(current_user, Permission.CHANGE_RANK):
				newRank = form["rank"].data
				if current_user.rank.atLeast(newRank):
					user.rank = form["rank"].data
				else:
					flash("Can't promote a user to a rank higher than yourself!", "danger")

			if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
				newEmail = form["email"].data
				if newEmail != user.email and newEmail.strip() != "":
					token = randomString(32)

					ver = UserEmailVerification()
					ver.user  = user
					ver.token = token
					ver.email = newEmail
					db.session.add(ver)
					db.session.commit()

					task = sendVerifyEmail.delay(newEmail, token)
					return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))

			# Save user_profile
			db.session.commit()

			# Redirect to home page
			return redirect(url_for("users.profile", username=username))

	packages = user.packages.filter_by(soft_deleted=False)
	if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
		packages = packages.filter_by(approved=True)
	packages = packages.order_by(db.asc(Package.title))

	topics_to_add = None
	if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR):
		topics_to_add = ForumTopic.query \
					.filter_by(author_id=user.id) \
					.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
					.order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
					.all()

	# Process GET or invalid POST
	return render_template("users/profile.html",
			user=user, form=form, packages=packages, topics_to_add=topics_to_add)


@bp.route("/users/<username>/check/", methods=["POST"])
@login_required
def user_check(username):
	user = User.query.filter_by(username=username).first()
	if user is None:
		abort(404)

	if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):
		abort(403)

	if user.forums_username is None:
		abort(404)

	task = checkForumAccount.delay(user.forums_username)
	next_url = url_for("users.profile", username=username)

	return redirect(url_for("tasks.check", id=task.id, r=next_url))


class SendEmailForm(FlaskForm):
	subject = StringField("Subject", [InputRequired(), Length(1, 300)])
	text    = TextAreaField("Message", [InputRequired()])
	submit  = SubmitField("Send")


@bp.route("/users/<username>/email/", methods=["GET", "POST"])
@rank_required(UserRank.MODERATOR)
def send_email(username):
	user = User.query.filter_by(username=username).first()
	if user is None:
		abort(404)

	next_url = url_for("users.profile", username=user.username)

	if user.email is None:
		flash("User has no email address!", "danger")
		return redirect(next_url)

	form = SendEmailForm(request.form)
	if form.validate_on_submit():
		text = form.text.data
		html = render_markdown(text)
		task = sendEmailRaw.delay([user.email], form.subject.data, text, html)
		return redirect(url_for("tasks.check", id=task.id, r=next_url))

	return render_template("users/send_email.html", form=form)


class SetPasswordForm(FlaskForm):
	email = StringField("Email", [Optional(), Email()])
	password = PasswordField("New password", [InputRequired(), Length(2, 100)])
	password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])
	submit = SubmitField("Save")

@bp.route("/user/set-password/", methods=["GET", "POST"])
@login_required
def set_password():
	if current_user.hasPassword():
		return redirect(url_for("user.change_password"))

	form = SetPasswordForm(request.form)
	if current_user.email == None:
		form.email.validators = [InputRequired(), Email()]

	if request.method == "POST" and form.validate():
		one = form.password.data
		two = form.password2.data
		if one == two:
			# Hash password
			hashed_password = user_manager.hash_password(form.password.data)

			# Change password
			current_user.password = hashed_password
			db.session.commit()

			# Send 'password_changed' email
			if user_manager.USER_ENABLE_EMAIL and current_user.email:
				emails.send_password_changed_email(current_user)

			# Send password_changed signal
			signals.user_changed_password.send(current_app._get_current_object(), user=current_user)

			# Prepare one-time system message
			flash('Your password has been changed successfully.', 'success')

			newEmail = form["email"].data
			if newEmail != current_user.email and newEmail.strip() != "":
				token = randomString(32)

				ver = UserEmailVerification()
				ver.user = current_user
				ver.token = token
				ver.email = newEmail
				db.session.add(ver)
				db.session.commit()

				task = sendVerifyEmail.delay(newEmail, token)
				return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
			else:
				return redirect(url_for("user.login"))
		else:
			flash("Passwords do not match", "danger")

	return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))


@bp.route("/users/verify/")
def verify_email():
	token = request.args.get("token")
	ver = UserEmailVerification.query.filter_by(token=token).first()
	if ver is None:
		flash("Unknown verification token!", "danger")
	else:
		ver.user.email = ver.email
		db.session.delete(ver)
		db.session.commit()

	if current_user.is_authenticated:
		return redirect(url_for("users.profile", username=current_user.username))
	else:
		return redirect(url_for("homepage.home"))
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`# Content DB`
			`# Copyright (C) 2018 rubenwardy`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`


Add Github login 2018-03-18 19:05:53 +01:00			`from flask import *`
			`from flask_user import *`
			`from flask_login import login_user, logout_user`
Improve markdown escaping Fixes #118 2020-01-22 23:10:02 +01:00			`from app.markdown import render_markdown`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`from . import bp`
Add Github login 2018-03-18 19:05:53 +01:00			`from app.models import *`
			`from flask_wtf import FlaskForm`
Add user rank changing Fixes #14 2018-03-24 20:37:33 +01:00			`from wtforms import *`
			`from wtforms.validators import *`
Add manual email support 2019-01-04 18:57:00 +01:00			`from app.utils import randomString, loginUser, rank_required`
Add user account claiming 2018-05-14 00:31:42 +02:00			`from app.tasks.forumtasks import checkForumAccount`
Add manual email support 2019-01-04 18:57:00 +01:00			`from app.tasks.emails import sendVerifyEmail, sendEmailRaw`
Add github-less claim method 2018-05-29 18:42:27 +02:00			`from app.tasks.phpbbparser import getProfile`
Add user rank changing Fixes #14 2018-03-24 20:37:33 +01:00
Add Github login 2018-03-18 19:05:53 +01:00			`# Define the User profile form`
			`class UserProfileForm(FlaskForm):`
Fix changing email not working due to validation issue 2018-05-28 16:25:45 +02:00			`display_name = StringField("Display name", [Optional(), Length(2, 20)])`
Fix wtfforms setting fields to empty string instead of None 2019-08-30 22:11:38 +02:00			`email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])`
			`website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])`
			`donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])`
Fix changing email not working due to validation issue 2018-05-28 16:25:45 +02:00			`rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)`
Use consistent quotes 2018-03-21 23:03:37 +01:00			`submit = SubmitField("Save")`
Add Github login 2018-03-18 19:05:53 +01:00
Make user list public 2019-06-10 01:11:57 +02:00
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/users/", methods=["GET"])`
			`def list_all():`
Fix user list sort order 2018-05-23 21:59:59 +02:00			`users = User.query.order_by(db.desc(User.rank), db.asc(User.display_name)).all()`
Add user list 2018-03-24 20:24:34 +01:00			`return render_template("users/list.html", users=users)`
Add redirect to full user URL 2018-03-20 20:07:20 +01:00
Add user list 2018-03-24 20:24:34 +01:00
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/users/<username>/", methods=["GET", "POST"])`
			`def profile(username):`
Add redirect to full user URL 2018-03-20 20:07:20 +01:00			`user = User.query.filter_by(username=username).first()`
			`if not user:`
			`abort(404)`
Add Github login 2018-03-18 19:05:53 +01:00
Add redirect to full user URL 2018-03-20 20:07:20 +01:00			`form = None`
Restrict changing display name to moderator and above 2018-05-21 23:31:50 +02:00			`if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \`
			`user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \`
			`user.checkPerm(current_user, Permission.CHANGE_RANK):`
Add Github login 2018-03-18 19:05:53 +01:00			`# Initialize form`
Add user rank changing Fixes #14 2018-03-24 20:37:33 +01:00			`form = UserProfileForm(formdata=request.form, obj=user)`
Add Github login 2018-03-18 19:05:53 +01:00
			`# Process valid POST`
Use consistent quotes 2018-03-21 23:03:37 +01:00			`if request.method=="POST" and form.validate():`
Add Github login 2018-03-18 19:05:53 +01:00			`# Copy form fields to user_profile fields`
Restrict changing display name to moderator and above 2018-05-21 23:31:50 +02:00			`if user.checkPerm(current_user, Permission.CHANGE_DNAME):`
Add user rank changing Fixes #14 2018-03-24 20:37:33 +01:00			`user.display_name = form["display_name"].data`
Fix non-admin users not being able to set profile URLs 2020-02-23 21:12:32 +01:00
			`if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):`
Add website and donation support 2019-07-02 01:45:04 +02:00			`user.website_url = form["website_url"].data`
			`user.donate_url = form["donate_url"].data`
Add user rank changing Fixes #14 2018-03-24 20:37:33 +01:00
			`if user.checkPerm(current_user, Permission.CHANGE_RANK):`
			`newRank = form["rank"].data`
			`if current_user.rank.atLeast(newRank):`
			`user.rank = form["rank"].data`
			`else:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("Can't promote a user to a rank higher than yourself!", "danger")`
Add Github login 2018-03-18 19:05:53 +01:00
Add email support 2018-05-14 01:40:34 +02:00			`if user.checkPerm(current_user, Permission.CHANGE_EMAIL):`
			`newEmail = form["email"].data`
Fix crash on no email provided to edit user 2018-05-14 02:35:18 +02:00			`if newEmail != user.email and newEmail.strip() != "":`
Add email support 2018-05-14 01:40:34 +02:00			`token = randomString(32)`

			`ver = UserEmailVerification()`
Add website and donation support 2019-07-02 01:45:04 +02:00			`ver.user = user`
Add email support 2018-05-14 01:40:34 +02:00			`ver.token = token`
			`ver.email = newEmail`
			`db.session.add(ver)`
			`db.session.commit()`

			`task = sendVerifyEmail.delay(newEmail, token)`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))`
Add email support 2018-05-14 01:40:34 +02:00
Add Github login 2018-03-18 19:05:53 +01:00			`# Save user_profile`
			`db.session.commit()`

			`# Redirect to home page`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("users.profile", username=username))`
Add Github login 2018-03-18 19:05:53 +01:00
Add topics todo list based on forum parser 2018-06-02 19:22:57 +02:00			`packages = user.packages.filter_by(soft_deleted=False)`
			`if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):`
			`packages = packages.filter_by(approved=True)`
			`packages = packages.order_by(db.asc(Package.title))`

			`topics_to_add = None`
			`if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR):`
Implement forum parser to increase accuracy 2018-07-04 01:14:37 +02:00			`topics_to_add = ForumTopic.query \`
Add topics todo list based on forum parser 2018-06-02 19:22:57 +02:00			`.filter_by(author_id=user.id) \`
Implement forum parser to increase accuracy 2018-07-04 01:14:37 +02:00			`.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \`
			`.order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \`
Add topics todo list based on forum parser 2018-06-02 19:22:57 +02:00			`.all()`

Add Github login 2018-03-18 19:05:53 +01:00			`# Process GET or invalid POST`
Fix user profile after blueprints commit 2019-11-16 01:05:59 +01:00			`return render_template("users/profile.html",`
Add topics todo list based on forum parser 2018-06-02 19:22:57 +02:00			`user=user, form=form, packages=packages, topics_to_add=topics_to_add)`
Add user account claiming 2018-05-14 00:31:42 +02:00
Add support for using forum profile pictures 2018-12-25 20:28:32 +01:00
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/users/<username>/check/", methods=["POST"])`
Add support for using forum profile pictures 2018-12-25 20:28:32 +01:00			`@login_required`
			`def user_check(username):`
			`user = User.query.filter_by(username=username).first()`
			`if user is None:`
			`abort(404)`

			`if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):`
			`abort(403)`

			`if user.forums_username is None:`
			`abort(404)`

			`task = checkForumAccount.delay(user.forums_username)`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`next_url = url_for("users.profile", username=username)`
Add support for using forum profile pictures 2018-12-25 20:28:32 +01:00
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("tasks.check", id=task.id, r=next_url))`
Add support for using forum profile pictures 2018-12-25 20:28:32 +01:00

Add manual email support 2019-01-04 18:57:00 +01:00			`class SendEmailForm(FlaskForm):`
			`subject = StringField("Subject", [InputRequired(), Length(1, 300)])`
			`text = TextAreaField("Message", [InputRequired()])`
			`submit = SubmitField("Send")`


Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/users/<username>/email/", methods=["GET", "POST"])`
Add manual email support 2019-01-04 18:57:00 +01:00			`@rank_required(UserRank.MODERATOR)`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`def send_email(username):`
Add manual email support 2019-01-04 18:57:00 +01:00			`user = User.query.filter_by(username=username).first()`
			`if user is None:`
			`abort(404)`

Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`next_url = url_for("users.profile", username=user.username)`
Add manual email support 2019-01-04 18:57:00 +01:00
			`if user.email is None:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("User has no email address!", "danger")`
Add manual email support 2019-01-04 18:57:00 +01:00			`return redirect(next_url)`

			`form = SendEmailForm(request.form)`
			`if form.validate_on_submit():`
			`text = form.text.data`
Improve markdown escaping Fixes #118 2020-01-22 23:10:02 +01:00			`html = render_markdown(text)`
Add manual email support 2019-01-04 18:57:00 +01:00			`task = sendEmailRaw.delay([user.email], form.subject.data, text, html)`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("tasks.check", id=task.id, r=next_url))`
Add manual email support 2019-01-04 18:57:00 +01:00
			`return render_template("users/send_email.html", form=form)`



Add set password form 2018-05-29 19:07:23 +02:00			`class SetPasswordForm(FlaskForm):`
Require email in set password 2018-06-04 19:34:04 +02:00			`email = StringField("Email", [Optional(), Email()])`
Fix accidental limit on password length 2019-08-12 15:10:28 +02:00			`password = PasswordField("New password", [InputRequired(), Length(2, 100)])`
			`password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])`
Add set password form 2018-05-29 19:07:23 +02:00			`submit = SubmitField("Save")`

Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/user/set-password/", methods=["GET", "POST"])`
Add set password form 2018-05-29 19:07:23 +02:00			`@login_required`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`def set_password():`
Fix password issues caused by Flask-User migration 2020-01-19 20:48:41 +01:00			`if current_user.hasPassword():`
Add set password form 2018-05-29 19:07:23 +02:00			`return redirect(url_for("user.change_password"))`

			`form = SetPasswordForm(request.form)`
Require email in set password 2018-06-04 19:34:04 +02:00			`if current_user.email == None:`
			`form.email.validators = [InputRequired(), Email()]`

Add set password form 2018-05-29 19:07:23 +02:00			`if request.method == "POST" and form.validate():`
			`one = form.password.data`
			`two = form.password2.data`
			`if one == two:`
			`# Hash password`
			`hashed_password = user_manager.hash_password(form.password.data)`

			`# Change password`
Fix password issues caused by Flask-User migration 2020-01-19 20:48:41 +01:00			`current_user.password = hashed_password`
			`db.session.commit()`
Add set password form 2018-05-29 19:07:23 +02:00
			`# Send 'password_changed' email`
Fix password issues caused by Flask-User migration 2020-01-19 20:48:41 +01:00			`if user_manager.USER_ENABLE_EMAIL and current_user.email:`
Add set password form 2018-05-29 19:07:23 +02:00			`emails.send_password_changed_email(current_user)`

			`# Send password_changed signal`
			`signals.user_changed_password.send(current_app._get_current_object(), user=current_user)`

			`# Prepare one-time system message`
			`flash('Your password has been changed successfully.', 'success')`

			`newEmail = form["email"].data`
			`if newEmail != current_user.email and newEmail.strip() != "":`
			`token = randomString(32)`

			`ver = UserEmailVerification()`
			`ver.user = current_user`
			`ver.token = token`
			`ver.email = newEmail`
			`db.session.add(ver)`
			`db.session.commit()`

			`task = sendVerifyEmail.delay(newEmail, token)`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))`
Add set password form 2018-05-29 19:07:23 +02:00			`else:`
Fix password issues caused by Flask-User migration 2020-01-19 20:48:41 +01:00			`return redirect(url_for("user.login"))`
Add set password form 2018-05-29 19:07:23 +02:00			`else:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("Passwords do not match", "danger")`
Add set password form 2018-05-29 19:07:23 +02:00
Add redirection to set password after login if not set 2018-06-04 19:49:42 +02:00			`return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))`
Add set password form 2018-05-29 19:07:23 +02:00
Add user account claiming 2018-05-14 00:31:42 +02:00
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`@bp.route("/users/verify/")`
			`def verify_email():`
Add email support 2018-05-14 01:40:34 +02:00			`token = request.args.get("token")`
			`ver = UserEmailVerification.query.filter_by(token=token).first()`
			`if ver is None:`
Split up users blueprint 2020-01-24 19:15:09 +01:00			`flash("Unknown verification token!", "danger")`
Add email support 2018-05-14 01:40:34 +02:00			`else:`
			`ver.user.email = ver.email`
			`db.session.delete(ver)`
			`db.session.commit()`

			`if current_user.is_authenticated:`
Refactor endpoints to use blueprints instead 2019-11-16 00:51:42 +01:00			`return redirect(url_for("users.profile", username=current_user.username))`
Add email support 2018-05-14 01:40:34 +02:00			`else:`
Fix url_for crash on "home_page" 2019-11-21 20:38:26 +01:00			`return redirect(url_for("homepage.home"))`