2020-07-12 17:34:25 +02:00
|
|
|
# ContentDB
|
2018-05-17 16:18:20 +02:00
|
|
|
# Copyright (C) 2018 rubenwardy
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
2018-03-18 19:05:53 +01:00
|
|
|
from flask import *
|
2020-04-14 15:39:49 +02:00
|
|
|
from flask_user import signals, current_user, user_manager
|
2018-03-18 19:05:53 +01:00
|
|
|
from flask_login import login_user, logout_user
|
2020-01-22 23:10:02 +01:00
|
|
|
from app.markdown import render_markdown
|
2019-11-16 00:51:42 +01:00
|
|
|
from . import bp
|
2018-03-18 19:05:53 +01:00
|
|
|
from app.models import *
|
|
|
|
from flask_wtf import FlaskForm
|
2018-03-24 20:37:33 +01:00
|
|
|
from wtforms import *
|
|
|
|
from wtforms.validators import *
|
2020-07-11 03:32:17 +02:00
|
|
|
from app.utils import randomString, loginUser, rank_required, nonEmptyOrNone, addAuditLog
|
2018-05-14 00:31:42 +02:00
|
|
|
from app.tasks.forumtasks import checkForumAccount
|
2019-01-04 18:57:00 +01:00
|
|
|
from app.tasks.emails import sendVerifyEmail, sendEmailRaw
|
2018-05-29 18:42:27 +02:00
|
|
|
from app.tasks.phpbbparser import getProfile
|
2020-07-12 21:59:06 +02:00
|
|
|
from sqlalchemy import func
|
2018-03-24 20:37:33 +01:00
|
|
|
|
2018-03-18 19:05:53 +01:00
|
|
|
# Define the User profile form
|
|
|
|
class UserProfileForm(FlaskForm):
|
2020-07-10 23:59:41 +02:00
|
|
|
display_name = StringField("Display name", [Optional(), Length(2, 100)])
|
|
|
|
forums_username = StringField("Forums Username", [Optional(), Length(2, 50)])
|
|
|
|
github_username = StringField("GitHub Username", [Optional(), Length(2, 50)])
|
2019-08-30 22:11:38 +02:00
|
|
|
email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])
|
|
|
|
website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
|
|
|
|
donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
|
2018-05-28 16:25:45 +02:00
|
|
|
rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
|
2018-03-21 23:03:37 +01:00
|
|
|
submit = SubmitField("Save")
|
2018-03-18 19:05:53 +01:00
|
|
|
|
2019-06-10 01:11:57 +02:00
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
@bp.route("/users/", methods=["GET"])
|
|
|
|
def list_all():
|
2020-07-12 21:59:06 +02:00
|
|
|
users = db.session.query(User, func.count(Package.id)) \
|
|
|
|
.select_from(User).outerjoin(Package) \
|
|
|
|
.order_by(db.desc(User.rank), db.asc(User.display_name)) \
|
|
|
|
.group_by(User.id).all()
|
|
|
|
|
2018-03-24 20:24:34 +01:00
|
|
|
return render_template("users/list.html", users=users)
|
2018-03-20 20:07:20 +01:00
|
|
|
|
2018-03-24 20:24:34 +01:00
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
@bp.route("/users/<username>/", methods=["GET", "POST"])
|
|
|
|
def profile(username):
|
2018-03-20 20:07:20 +01:00
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if not user:
|
|
|
|
abort(404)
|
2018-03-18 19:05:53 +01:00
|
|
|
|
2018-03-20 20:07:20 +01:00
|
|
|
form = None
|
2020-07-10 23:59:41 +02:00
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \
|
2018-05-21 23:31:50 +02:00
|
|
|
user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \
|
|
|
|
user.checkPerm(current_user, Permission.CHANGE_RANK):
|
2018-03-18 19:05:53 +01:00
|
|
|
# Initialize form
|
2018-03-24 20:37:33 +01:00
|
|
|
form = UserProfileForm(formdata=request.form, obj=user)
|
2018-03-18 19:05:53 +01:00
|
|
|
|
|
|
|
# Process valid POST
|
2018-03-21 23:03:37 +01:00
|
|
|
if request.method=="POST" and form.validate():
|
2020-07-11 03:32:17 +02:00
|
|
|
severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION
|
|
|
|
addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name),
|
|
|
|
url_for("users.profile", username=username))
|
|
|
|
|
2018-03-18 19:05:53 +01:00
|
|
|
# Copy form fields to user_profile fields
|
2020-07-10 23:59:41 +02:00
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_USERNAMES):
|
|
|
|
user.display_name = form.display_name.data
|
|
|
|
user.forums_username = nonEmptyOrNone(form.forums_username.data)
|
|
|
|
user.github_username = nonEmptyOrNone(form.github_username.data)
|
2020-02-23 21:12:32 +01:00
|
|
|
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS):
|
2019-07-02 01:45:04 +02:00
|
|
|
user.website_url = form["website_url"].data
|
|
|
|
user.donate_url = form["donate_url"].data
|
2018-03-24 20:37:33 +01:00
|
|
|
|
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_RANK):
|
|
|
|
newRank = form["rank"].data
|
|
|
|
if current_user.rank.atLeast(newRank):
|
2020-07-11 03:32:17 +02:00
|
|
|
if newRank != user.rank:
|
|
|
|
user.rank = form["rank"].data
|
|
|
|
msg = "Set rank of {} to {}".format(user.display_name, user.rank.getTitle())
|
|
|
|
addAuditLog(AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username))
|
2018-03-24 20:37:33 +01:00
|
|
|
else:
|
2020-01-24 19:15:09 +01:00
|
|
|
flash("Can't promote a user to a rank higher than yourself!", "danger")
|
2018-03-18 19:05:53 +01:00
|
|
|
|
2018-05-14 01:40:34 +02:00
|
|
|
if user.checkPerm(current_user, Permission.CHANGE_EMAIL):
|
|
|
|
newEmail = form["email"].data
|
2018-05-14 02:35:18 +02:00
|
|
|
if newEmail != user.email and newEmail.strip() != "":
|
2018-05-14 01:40:34 +02:00
|
|
|
token = randomString(32)
|
|
|
|
|
2020-07-11 03:32:17 +02:00
|
|
|
msg = "Changed email of {}".format(user.display_name)
|
|
|
|
addAuditLog(severity, current_user, msg, url_for("users.profile", username=username))
|
|
|
|
|
2018-05-14 01:40:34 +02:00
|
|
|
ver = UserEmailVerification()
|
2019-07-02 01:45:04 +02:00
|
|
|
ver.user = user
|
2018-05-14 01:40:34 +02:00
|
|
|
ver.token = token
|
|
|
|
ver.email = newEmail
|
|
|
|
db.session.add(ver)
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
task = sendVerifyEmail.delay(newEmail, token)
|
2019-11-16 00:51:42 +01:00
|
|
|
return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))
|
2018-05-14 01:40:34 +02:00
|
|
|
|
2018-03-18 19:05:53 +01:00
|
|
|
# Save user_profile
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
# Redirect to home page
|
2019-11-16 00:51:42 +01:00
|
|
|
return redirect(url_for("users.profile", username=username))
|
2018-03-18 19:05:53 +01:00
|
|
|
|
2018-06-02 19:22:57 +02:00
|
|
|
packages = user.packages.filter_by(soft_deleted=False)
|
|
|
|
if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
|
|
|
|
packages = packages.filter_by(approved=True)
|
|
|
|
packages = packages.order_by(db.asc(Package.title))
|
|
|
|
|
|
|
|
topics_to_add = None
|
|
|
|
if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR):
|
2018-07-04 01:14:37 +02:00
|
|
|
topics_to_add = ForumTopic.query \
|
2018-06-02 19:22:57 +02:00
|
|
|
.filter_by(author_id=user.id) \
|
2018-07-04 01:14:37 +02:00
|
|
|
.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
|
|
|
|
.order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
|
2018-06-02 19:22:57 +02:00
|
|
|
.all()
|
|
|
|
|
2018-03-18 19:05:53 +01:00
|
|
|
# Process GET or invalid POST
|
2019-11-16 01:05:59 +01:00
|
|
|
return render_template("users/profile.html",
|
2018-06-02 19:22:57 +02:00
|
|
|
user=user, form=form, packages=packages, topics_to_add=topics_to_add)
|
2018-05-14 00:31:42 +02:00
|
|
|
|
2018-12-25 20:28:32 +01:00
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
@bp.route("/users/<username>/check/", methods=["POST"])
|
2018-12-25 20:28:32 +01:00
|
|
|
@login_required
|
|
|
|
def user_check(username):
|
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if user is None:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):
|
|
|
|
abort(403)
|
|
|
|
|
|
|
|
if user.forums_username is None:
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
task = checkForumAccount.delay(user.forums_username)
|
2019-11-16 00:51:42 +01:00
|
|
|
next_url = url_for("users.profile", username=username)
|
2018-12-25 20:28:32 +01:00
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
return redirect(url_for("tasks.check", id=task.id, r=next_url))
|
2018-12-25 20:28:32 +01:00
|
|
|
|
|
|
|
|
2019-01-04 18:57:00 +01:00
|
|
|
class SendEmailForm(FlaskForm):
|
|
|
|
subject = StringField("Subject", [InputRequired(), Length(1, 300)])
|
|
|
|
text = TextAreaField("Message", [InputRequired()])
|
|
|
|
submit = SubmitField("Send")
|
|
|
|
|
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
@bp.route("/users/<username>/email/", methods=["GET", "POST"])
|
2019-01-04 18:57:00 +01:00
|
|
|
@rank_required(UserRank.MODERATOR)
|
2019-11-16 00:51:42 +01:00
|
|
|
def send_email(username):
|
2019-01-04 18:57:00 +01:00
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if user is None:
|
|
|
|
abort(404)
|
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
next_url = url_for("users.profile", username=user.username)
|
2019-01-04 18:57:00 +01:00
|
|
|
|
|
|
|
if user.email is None:
|
2020-01-24 19:15:09 +01:00
|
|
|
flash("User has no email address!", "danger")
|
2019-01-04 18:57:00 +01:00
|
|
|
return redirect(next_url)
|
|
|
|
|
|
|
|
form = SendEmailForm(request.form)
|
|
|
|
if form.validate_on_submit():
|
2020-07-11 03:32:17 +02:00
|
|
|
addAuditLog(AuditSeverity.MODERATION, current_user,
|
|
|
|
"Sent email to {}".format(user.display_name), url_for("users.profile", username=username))
|
|
|
|
|
2019-01-04 18:57:00 +01:00
|
|
|
text = form.text.data
|
2020-01-22 23:10:02 +01:00
|
|
|
html = render_markdown(text)
|
2019-01-04 18:57:00 +01:00
|
|
|
task = sendEmailRaw.delay([user.email], form.subject.data, text, html)
|
2019-11-16 00:51:42 +01:00
|
|
|
return redirect(url_for("tasks.check", id=task.id, r=next_url))
|
2019-01-04 18:57:00 +01:00
|
|
|
|
|
|
|
return render_template("users/send_email.html", form=form)
|
|
|
|
|
|
|
|
|
|
|
|
|
2018-05-29 19:07:23 +02:00
|
|
|
class SetPasswordForm(FlaskForm):
|
2018-06-04 19:34:04 +02:00
|
|
|
email = StringField("Email", [Optional(), Email()])
|
2019-08-12 15:10:28 +02:00
|
|
|
password = PasswordField("New password", [InputRequired(), Length(2, 100)])
|
|
|
|
password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])
|
2018-05-29 19:07:23 +02:00
|
|
|
submit = SubmitField("Save")
|
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
@bp.route("/user/set-password/", methods=["GET", "POST"])
|
2018-05-29 19:07:23 +02:00
|
|
|
@login_required
|
2019-11-16 00:51:42 +01:00
|
|
|
def set_password():
|
2020-01-19 20:48:41 +01:00
|
|
|
if current_user.hasPassword():
|
2018-05-29 19:07:23 +02:00
|
|
|
return redirect(url_for("user.change_password"))
|
|
|
|
|
|
|
|
form = SetPasswordForm(request.form)
|
2018-06-04 19:34:04 +02:00
|
|
|
if current_user.email == None:
|
|
|
|
form.email.validators = [InputRequired(), Email()]
|
|
|
|
|
2018-05-29 19:07:23 +02:00
|
|
|
if request.method == "POST" and form.validate():
|
|
|
|
one = form.password.data
|
|
|
|
two = form.password2.data
|
|
|
|
if one == two:
|
|
|
|
# Hash password
|
|
|
|
hashed_password = user_manager.hash_password(form.password.data)
|
|
|
|
|
|
|
|
# Change password
|
2020-01-19 20:48:41 +01:00
|
|
|
current_user.password = hashed_password
|
|
|
|
db.session.commit()
|
2018-05-29 19:07:23 +02:00
|
|
|
|
|
|
|
# Send 'password_changed' email
|
2020-01-19 20:48:41 +01:00
|
|
|
if user_manager.USER_ENABLE_EMAIL and current_user.email:
|
2020-04-14 15:39:49 +02:00
|
|
|
user_manager.email_manager.send_password_changed_email(current_user)
|
2018-05-29 19:07:23 +02:00
|
|
|
|
|
|
|
# Send password_changed signal
|
|
|
|
signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
|
|
|
|
|
|
|
|
# Prepare one-time system message
|
|
|
|
flash('Your password has been changed successfully.', 'success')
|
|
|
|
|
|
|
|
newEmail = form["email"].data
|
|
|
|
if newEmail != current_user.email and newEmail.strip() != "":
|
|
|
|
token = randomString(32)
|
|
|
|
|
|
|
|
ver = UserEmailVerification()
|
|
|
|
ver.user = current_user
|
|
|
|
ver.token = token
|
|
|
|
ver.email = newEmail
|
|
|
|
db.session.add(ver)
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
task = sendVerifyEmail.delay(newEmail, token)
|
2019-11-16 00:51:42 +01:00
|
|
|
return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
|
2018-05-29 19:07:23 +02:00
|
|
|
else:
|
2020-01-19 20:48:41 +01:00
|
|
|
return redirect(url_for("user.login"))
|
2018-05-29 19:07:23 +02:00
|
|
|
else:
|
2020-01-24 19:15:09 +01:00
|
|
|
flash("Passwords do not match", "danger")
|
2018-05-29 19:07:23 +02:00
|
|
|
|
2018-06-04 19:49:42 +02:00
|
|
|
return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
|
2018-05-29 19:07:23 +02:00
|
|
|
|
2018-05-14 00:31:42 +02:00
|
|
|
|
2019-11-16 00:51:42 +01:00
|
|
|
@bp.route("/users/verify/")
|
|
|
|
def verify_email():
|
2018-05-14 01:40:34 +02:00
|
|
|
token = request.args.get("token")
|
|
|
|
ver = UserEmailVerification.query.filter_by(token=token).first()
|
|
|
|
if ver is None:
|
2020-01-24 19:15:09 +01:00
|
|
|
flash("Unknown verification token!", "danger")
|
2018-05-14 01:40:34 +02:00
|
|
|
else:
|
|
|
|
ver.user.email = ver.email
|
|
|
|
db.session.delete(ver)
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
if current_user.is_authenticated:
|
2019-11-16 00:51:42 +01:00
|
|
|
return redirect(url_for("users.profile", username=current_user.username))
|
2018-05-14 01:40:34 +02:00
|
|
|
else:
|
2019-11-21 20:38:26 +01:00
|
|
|
return redirect(url_for("homepage.home"))
|