2020-12-05 19:39:50 +01:00
|
|
|
from flask import *
|
2020-12-09 20:33:31 +01:00
|
|
|
from flask_login import current_user, login_required, logout_user
|
2020-12-05 19:39:50 +01:00
|
|
|
from flask_wtf import FlaskForm
|
2021-02-26 00:25:33 +01:00
|
|
|
from sqlalchemy import or_
|
2020-12-05 19:39:50 +01:00
|
|
|
from wtforms import *
|
|
|
|
from wtforms.validators import *
|
|
|
|
|
|
|
|
from app.models import *
|
2020-12-09 20:33:31 +01:00
|
|
|
from app.utils import nonEmptyOrNone, addAuditLog, randomString, rank_required
|
2020-12-06 16:02:02 +01:00
|
|
|
from app.tasks.emails import send_verify_email
|
2020-12-05 19:39:50 +01:00
|
|
|
from . import bp
|
|
|
|
|
|
|
|
|
|
|
|
def get_setting_tabs(user):
|
|
|
|
return [
|
|
|
|
{
|
|
|
|
"id": "edit_profile",
|
|
|
|
"title": "Edit Profile",
|
|
|
|
"url": url_for("users.profile_edit", username=user.username)
|
|
|
|
},
|
2020-12-09 20:50:11 +01:00
|
|
|
{
|
|
|
|
"id": "account",
|
|
|
|
"title": "Account and Security",
|
|
|
|
"url": url_for("users.account", username=user.username)
|
|
|
|
},
|
2020-12-05 19:39:50 +01:00
|
|
|
{
|
|
|
|
"id": "notifications",
|
|
|
|
"title": "Email and Notifications",
|
|
|
|
"url": url_for("users.email_notifications", username=user.username)
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"id": "api_tokens",
|
|
|
|
"title": "API Tokens",
|
|
|
|
"url": url_for("api.list_tokens", username=user.username)
|
|
|
|
},
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
class UserProfileForm(FlaskForm):
|
2021-02-26 00:25:33 +01:00
|
|
|
display_name = StringField("Display Name", [Optional(), Length(1, 20)], filters=[lambda x: nonEmptyOrNone(x)])
|
2020-12-05 19:39:50 +01:00
|
|
|
website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
|
|
|
|
donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
|
|
|
|
submit = SubmitField("Save")
|
|
|
|
|
|
|
|
|
2021-02-26 00:25:33 +01:00
|
|
|
def handle_profile_edit(form, user, username):
|
|
|
|
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
|
|
|
|
addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name),
|
|
|
|
url_for("users.profile", username=username))
|
|
|
|
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_DISPLAY_NAME) and \
|
|
|
|
user.display_name != form.display_name.data:
|
2021-02-26 00:31:29 +01:00
|
|
|
if User.query.filter(User.id != user.id,
|
2021-02-26 00:25:33 +01:00
|
|
|
or_(User.username == form.display_name.data,
|
|
|
|
User.display_name.ilike(form.display_name.data))).count() > 0:
|
|
|
|
flash("A user already has that name", "danger")
|
|
|
|
return None
|
|
|
|
|
2021-07-24 03:30:43 +02:00
|
|
|
alias_by_name = PackageAlias.query.filter(or_(
|
|
|
|
PackageAlias.author == form.display_name.data)).first()
|
|
|
|
if alias_by_name:
|
|
|
|
flash("A user already has that name", "danger")
|
|
|
|
return
|
|
|
|
|
2021-02-26 00:25:33 +01:00
|
|
|
user.display_name = form.display_name.data
|
2021-02-26 00:29:27 +01:00
|
|
|
|
|
|
|
severity = AuditSeverity.USER if current_user == user else AuditSeverity.MODERATION
|
2021-02-26 00:25:33 +01:00
|
|
|
addAuditLog(severity, current_user, "Changed display name of {} to {}"
|
|
|
|
.format(user.username, user.display_name),
|
|
|
|
url_for("users.profile", username=username))
|
|
|
|
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
|
|
|
|
user.website_url = form["website_url"].data
|
|
|
|
user.donate_url = form["donate_url"].data
|
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
return redirect(url_for("users.profile", username=username))
|
|
|
|
|
|
|
|
|
2020-12-05 19:39:50 +01:00
|
|
|
@bp.route("/users/<username>/settings/profile/", methods=["GET", "POST"])
|
|
|
|
@login_required
|
|
|
|
def profile_edit(username):
|
|
|
|
user : User = User.query.filter_by(username=username).first()
|
|
|
|
if not user:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
if not user.can_see_edit_profile(current_user):
|
|
|
|
flash("Permission denied", "danger")
|
|
|
|
return redirect(url_for("users.profile", username=username))
|
|
|
|
|
2021-01-01 18:02:08 +01:00
|
|
|
form = UserProfileForm(obj=user)
|
|
|
|
if form.validate_on_submit():
|
2021-02-26 00:25:33 +01:00
|
|
|
ret = handle_profile_edit(form, user, username)
|
|
|
|
if ret:
|
|
|
|
return ret
|
2020-12-05 19:39:50 +01:00
|
|
|
|
|
|
|
# Process GET or invalid POST
|
|
|
|
return render_template("users/profile_edit.html", user=user, form=form, tabs=get_setting_tabs(user), current_tab="edit_profile")
|
|
|
|
|
|
|
|
|
|
|
|
def make_settings_form():
|
|
|
|
attrs = {
|
|
|
|
"email": StringField("Email", [Optional(), Email()]),
|
|
|
|
"submit": SubmitField("Save")
|
|
|
|
}
|
|
|
|
|
|
|
|
for notificationType in NotificationType:
|
|
|
|
key = "pref_" + notificationType.toName()
|
|
|
|
attrs[key] = BooleanField("")
|
2020-12-05 22:59:02 +01:00
|
|
|
attrs[key + "_digest"] = BooleanField("")
|
2020-12-05 19:39:50 +01:00
|
|
|
|
|
|
|
return type("SettingsForm", (FlaskForm,), attrs)
|
|
|
|
|
|
|
|
SettingsForm = make_settings_form()
|
|
|
|
|
|
|
|
|
2020-12-05 22:59:02 +01:00
|
|
|
def handle_email_notifications(user, prefs: UserNotificationPreferences, is_new, form):
|
2020-12-05 22:23:41 +01:00
|
|
|
for notificationType in NotificationType:
|
2020-12-05 22:59:02 +01:00
|
|
|
field_email = getattr(form, "pref_" + notificationType.toName()).data
|
|
|
|
field_digest = getattr(form, "pref_" + notificationType.toName() + "_digest").data or field_email
|
|
|
|
prefs.set_can_email(notificationType, field_email)
|
|
|
|
prefs.set_can_digest(notificationType, field_digest)
|
2020-12-05 22:23:41 +01:00
|
|
|
|
|
|
|
if is_new:
|
|
|
|
db.session.add(prefs)
|
|
|
|
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
|
|
|
newEmail = form.email.data
|
|
|
|
if newEmail and newEmail != user.email and newEmail.strip() != "":
|
|
|
|
if EmailSubscription.query.filter_by(email=form.email.data, blacklisted=True).count() > 0:
|
|
|
|
flash("That email address has been unsubscribed/blacklisted, and cannot be used", "danger")
|
|
|
|
return
|
|
|
|
|
|
|
|
token = randomString(32)
|
|
|
|
|
|
|
|
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
|
|
|
|
|
|
|
|
msg = "Changed email of {}".format(user.display_name)
|
|
|
|
addAuditLog(severity, current_user, msg, url_for("users.profile", username=user.username))
|
|
|
|
|
|
|
|
ver = UserEmailVerification()
|
|
|
|
ver.user = user
|
|
|
|
ver.token = token
|
|
|
|
ver.email = newEmail
|
|
|
|
db.session.add(ver)
|
|
|
|
db.session.commit()
|
|
|
|
|
2020-12-05 22:30:36 +01:00
|
|
|
flash("Check your email to confirm it", "success")
|
|
|
|
|
2020-12-06 16:02:02 +01:00
|
|
|
send_verify_email.delay(newEmail, token)
|
2021-01-24 14:25:17 +01:00
|
|
|
return redirect(url_for("users.email_notifications", username=user.username))
|
2020-12-05 22:23:41 +01:00
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
return redirect(url_for("users.email_notifications", username=user.username))
|
|
|
|
|
|
|
|
|
2020-12-05 22:43:30 +01:00
|
|
|
@bp.route("/user/settings/email/")
|
2020-12-05 19:39:50 +01:00
|
|
|
@bp.route("/users/<username>/settings/email/", methods=["GET", "POST"])
|
|
|
|
@login_required
|
2020-12-05 22:43:30 +01:00
|
|
|
def email_notifications(username=None):
|
|
|
|
if username is None:
|
|
|
|
return redirect(url_for("users.email_notifications", username=current_user.username))
|
|
|
|
|
2020-12-05 19:39:50 +01:00
|
|
|
user: User = User.query.filter_by(username=username).first()
|
|
|
|
if not user:
|
|
|
|
abort(404)
|
|
|
|
|
2020-12-05 23:24:21 +01:00
|
|
|
if not user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
|
|
|
abort(403)
|
|
|
|
|
2020-12-05 19:39:50 +01:00
|
|
|
is_new = False
|
|
|
|
prefs = user.notification_preferences
|
|
|
|
if prefs is None:
|
|
|
|
is_new = True
|
|
|
|
prefs = UserNotificationPreferences(user)
|
|
|
|
|
|
|
|
data = {}
|
|
|
|
types = []
|
|
|
|
for notificationType in NotificationType:
|
|
|
|
types.append(notificationType)
|
|
|
|
data["pref_" + notificationType.toName()] = prefs.get_can_email(notificationType)
|
2020-12-05 22:59:02 +01:00
|
|
|
data["pref_" + notificationType.toName() + "_digest"] = prefs.get_can_digest(notificationType)
|
2020-12-05 19:39:50 +01:00
|
|
|
|
|
|
|
data["email"] = user.email
|
|
|
|
|
|
|
|
form = SettingsForm(data=data)
|
|
|
|
if form.validate_on_submit():
|
2020-12-05 22:23:41 +01:00
|
|
|
ret = handle_email_notifications(user, prefs, is_new, form)
|
|
|
|
if ret:
|
|
|
|
return ret
|
2020-12-05 19:39:50 +01:00
|
|
|
|
|
|
|
return render_template("users/settings_email.html",
|
|
|
|
form=form, user=user, types=types, is_new=is_new,
|
2020-12-05 23:20:43 +01:00
|
|
|
tabs=get_setting_tabs(user), current_tab="notifications")
|
2020-12-09 20:33:31 +01:00
|
|
|
|
|
|
|
|
2021-01-01 18:02:08 +01:00
|
|
|
class UserAccountForm(FlaskForm):
|
2021-07-24 03:30:43 +02:00
|
|
|
username = StringField("Username", [Optional(), Length(1, 50)])
|
2021-01-01 18:02:08 +01:00
|
|
|
display_name = StringField("Display name", [Optional(), Length(2, 100)])
|
|
|
|
forums_username = StringField("Forums Username", [Optional(), Length(2, 50)])
|
|
|
|
github_username = StringField("GitHub Username", [Optional(), Length(2, 50)])
|
|
|
|
rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce,
|
|
|
|
default=UserRank.NEW_MEMBER)
|
|
|
|
submit = SubmitField("Save")
|
|
|
|
|
|
|
|
|
|
|
|
@bp.route("/users/<username>/settings/account/", methods=["GET", "POST"])
|
2020-12-09 20:50:11 +01:00
|
|
|
@login_required
|
|
|
|
def account(username):
|
|
|
|
user : User = User.query.filter_by(username=username).first()
|
|
|
|
if not user:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
if not user.can_see_edit_profile(current_user):
|
|
|
|
flash("Permission denied", "danger")
|
|
|
|
return redirect(url_for("users.profile", username=username))
|
|
|
|
|
2021-01-01 18:02:08 +01:00
|
|
|
can_edit_account_settings = user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \
|
|
|
|
user.checkPerm(current_user, Permission.CHANGE_RANK)
|
|
|
|
form = UserAccountForm(obj=user) if can_edit_account_settings else None
|
|
|
|
if form and form.validate_on_submit():
|
|
|
|
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
|
|
|
|
addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name),
|
|
|
|
url_for("users.profile", username=username))
|
|
|
|
|
|
|
|
# Copy form fields to user_profile fields
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES):
|
2021-07-24 03:30:43 +02:00
|
|
|
if user.username != form.username.data:
|
|
|
|
for package in user.packages:
|
|
|
|
alias = PackageAlias(user.username, package.name)
|
|
|
|
package.aliases.append(alias)
|
|
|
|
db.session.add(alias)
|
|
|
|
|
|
|
|
user.username = form.username.data
|
|
|
|
|
2021-01-01 18:02:08 +01:00
|
|
|
user.display_name = form.display_name.data
|
|
|
|
user.forums_username = nonEmptyOrNone(form.forums_username.data)
|
|
|
|
user.github_username = nonEmptyOrNone(form.github_username.data)
|
|
|
|
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_RANK):
|
|
|
|
newRank = form["rank"].data
|
|
|
|
if current_user.rank.atLeast(newRank):
|
|
|
|
if newRank != user.rank:
|
|
|
|
user.rank = form["rank"].data
|
|
|
|
msg = "Set rank of {} to {}".format(user.display_name, user.rank.getTitle())
|
|
|
|
addAuditLog(AuditSeverity.MODERATION, current_user, msg,
|
|
|
|
url_for("users.profile", username=username))
|
|
|
|
else:
|
|
|
|
flash("Can't promote a user to a rank higher than yourself!", "danger")
|
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
return redirect(url_for("users.account", username=username))
|
|
|
|
|
2020-12-09 20:50:11 +01:00
|
|
|
return render_template("users/account.html", user=user, form=form, tabs=get_setting_tabs(user), current_tab="account")
|
|
|
|
|
|
|
|
|
2020-12-09 20:33:31 +01:00
|
|
|
@bp.route("/users/<username>/delete/", methods=["GET", "POST"])
|
|
|
|
@rank_required(UserRank.ADMIN)
|
|
|
|
def delete(username):
|
|
|
|
user: User = User.query.filter_by(username=username).first()
|
|
|
|
if not user:
|
|
|
|
abort(404)
|
|
|
|
|
2021-01-01 17:53:14 +01:00
|
|
|
if user.rank.atLeast(UserRank.MODERATOR):
|
|
|
|
flash("Users with moderator rank or above cannot be deleted", "danger")
|
|
|
|
return redirect(url_for("users.account", username=username))
|
|
|
|
|
2020-12-09 20:33:31 +01:00
|
|
|
if request.method == "GET":
|
|
|
|
return render_template("users/delete.html", user=user, can_delete=user.can_delete())
|
|
|
|
|
2021-08-04 22:50:35 +02:00
|
|
|
if "delete" in request.form and (user.can_delete() or current_user.rank.atLeast(UserRank.ADMIN)):
|
2020-12-09 20:33:31 +01:00
|
|
|
msg = "Deleted user {}".format(user.username)
|
|
|
|
flash(msg, "success")
|
|
|
|
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
|
|
|
|
2021-08-04 22:50:35 +02:00
|
|
|
if current_user.rank.atLeast(UserRank.ADMIN):
|
|
|
|
for pkg in user.packages.all():
|
|
|
|
pkg.review_thread = None
|
|
|
|
db.session.delete(pkg)
|
|
|
|
|
2020-12-09 20:33:31 +01:00
|
|
|
db.session.delete(user)
|
2021-08-04 22:50:35 +02:00
|
|
|
elif "deactivate" in request.form:
|
2020-12-09 20:33:31 +01:00
|
|
|
user.replies.delete()
|
|
|
|
for thread in user.threads.all():
|
|
|
|
db.session.delete(thread)
|
|
|
|
user.email = None
|
|
|
|
user.rank = UserRank.NOT_JOINED
|
|
|
|
|
|
|
|
msg = "Deactivated user {}".format(user.username)
|
|
|
|
flash(msg, "success")
|
|
|
|
addAuditLog(AuditSeverity.MODERATION, current_user, msg, None)
|
2021-08-04 22:50:35 +02:00
|
|
|
else:
|
|
|
|
assert False
|
2020-12-09 20:33:31 +01:00
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
if user == current_user:
|
|
|
|
logout_user()
|
|
|
|
|
|
|
|
return redirect(url_for("homepage.home"))
|