From dadfe72b480f05d6d31aaf575afaa34e53c450ab Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Tue, 14 Apr 2020 14:39:49 +0100 Subject: [PATCH] Improve user authentication error handling --- app/blueprints/users/claim.py | 28 +++++++++++++++++++--------- app/blueprints/users/profile.py | 4 ++-- app/tasks/phpbbparser.py | 9 ++++++++- 3 files changed, 29 insertions(+), 12 deletions(-) diff --git a/app/blueprints/users/claim.py b/app/blueprints/users/claim.py index 7c6283d7..4e0f1ec5 100644 --- a/app/blueprints/users/claim.py +++ b/app/blueprints/users/claim.py @@ -34,15 +34,16 @@ def claim(): if user and user.rank.atLeast(UserRank.NEW_MEMBER): flash("User has already been claimed", "danger") return redirect(url_for("users.claim")) - elif user is None and method == "github": - flash("Unable to get Github username for user", "danger") - return redirect(url_for("users.claim")) - elif user is None: - flash("Unable to find that user", "danger") + elif method == "github": + if user is None or user.github_username is None: + flash("Unable to get Github username for user", "danger") + return redirect(url_for("users.claim")) + else: + return redirect(url_for("github.start")) + elif user is None and request.method == "POST": + flash("Unable to find user", "danger") return redirect(url_for("users.claim")) - if user is not None and method == "github": - return redirect(url_for("github.start")) token = None if "forum_token" in session: @@ -70,8 +71,17 @@ def claim(): sig = None try: profile = getProfile("https://forum.minetest.net", username) - sig = profile.signature - except IOError: + sig = profile.signature if profile else None + except IOError as e: + if hasattr(e, 'message'): + message = e.message + else: + message = str(e) + + flash("Error whilst attempting to access forums: " + message, "danger") + return redirect(url_for("users.claim", username=username)) + + if profile is None: flash("Unable to get forum signature - does the user exist?", "danger") return redirect(url_for("users.claim", username=username)) diff --git a/app/blueprints/users/profile.py b/app/blueprints/users/profile.py index 177eefef..f3c697d5 100644 --- a/app/blueprints/users/profile.py +++ b/app/blueprints/users/profile.py @@ -16,7 +16,7 @@ from flask import * -from flask_user import * +from flask_user import signals, current_user, user_manager from flask_login import login_user, logout_user from app.markdown import render_markdown from . import bp @@ -192,7 +192,7 @@ def set_password(): # Send 'password_changed' email if user_manager.USER_ENABLE_EMAIL and current_user.email: - emails.send_password_changed_email(current_user) + user_manager.email_manager.send_password_changed_email(current_user) # Send password_changed signal signals.user_changed_password.send(current_app._get_current_object(), user=current_user) diff --git a/app/tasks/phpbbparser.py b/app/tasks/phpbbparser.py index 3df84709..752c7a61 100644 --- a/app/tasks/phpbbparser.py +++ b/app/tasks/phpbbparser.py @@ -74,7 +74,14 @@ def __extract_signature(soup): def getProfile(url, username): url = url + "/memberlist.php?mode=viewprofile&un=" + urlEncodeNonAscii(username) - contents = urllib.request.urlopen(url).read().decode("utf-8") + req = urllib.request.urlopen(url, timeout=5) + if req.getcode() == 404: + return None + + if req.getcode() != 200: + raise IOError(req.getcode()) + + contents = req.read().decode("utf-8") soup = BeautifulSoup(contents, "lxml") if soup is None: return None