def account(username): user: User = User.query.filter_by(username=username).first() if not user: abort(404) if not user.can_see_edit_profile(current_user): flash("Permission denied", "danger") return redirect(url_for("users.profile", username=username)) can_edit_account_settings = user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \ user.checkPerm(current_user, Permission.CHANGE_RANK) form = UserAccountForm(obj=user) if can_edit_account_settings else None if form and form.validate_on_submit(): severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name), url_for("users.profile", username=username)) # Copy form fields to user_profile fields if user.checkPerm(current_user, Permission.CHANGE_USERNAMES): if user.username != form.username.data: for package in user.packages: alias = PackageAlias(user.username, package.name) package.aliases.append(alias) db.session.add(alias) user.username = form.username.data user.display_name = form.display_name.data user.forums_username = nonEmptyOrNone(form.forums_username.data) user.github_username = nonEmptyOrNone(form.github_username.data) if user.checkPerm(current_user, Permission.CHANGE_RANK): newRank = form["rank"].data if current_user.rank.atLeast(newRank): if newRank != user.rank: user.rank = form["rank"].data msg = "Set rank of {} to {}".format( user.display_name, user.rank.getTitle()) addAuditLog(AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username)) else: flash("Can't promote a user to a rank higher than yourself!", "danger") db.session.commit() return redirect(url_for("users.account", username=username)) return render_template("users/account.html", user=user, form=form, tabs=get_setting_tabs(user), current_tab="account")
def handle_set_password(form): one = form.password.data two = form.password2.data if one != two: flash("Passwords do not much", "danger") return addAuditLog(AuditSeverity.USER, current_user, "Changed their password", url_for("users.profile", username=current_user.username)) current_user.password = make_flask_login_password(form.password.data) if hasattr(form, "email"): newEmail = nonEmptyOrNone(form.email.data) if newEmail and newEmail != current_user.email: if EmailSubscription.query.filter_by(email=form.email.data, blacklisted=True).count() > 0: flash( "That email address has been unsubscribed/blacklisted, and cannot be used", "danger") return token = randomString(32) ver = UserEmailVerification() ver.user = current_user ver.token = token ver.email = newEmail db.session.add(ver) db.session.commit() flash("Your password has been changed successfully.", "success") return redirect(url_for("homepage.home"))
def do_create_vcs_release(user: User, package: Package, title: str, ref: str, min_v: MinetestRelease = None, max_v: MinetestRelease = None, reason: str = None): check_can_create_release(user, package) rel = PackageRelease() rel.package = package rel.title = title rel.url = "" rel.task_id = uuid() rel.min_rel = min_v rel.max_rel = max_v db.session.add(rel) if reason is None: msg = "Created release {}".format(rel.title) else: msg = "Created release {} ({})".format(rel.title, reason) addAuditLog(AuditSeverity.NORMAL, user, msg, package.getURL("packages.view"), package) db.session.commit() makeVCSRelease.apply_async((rel.id, nonEmptyOrNone(ref)), task_id=rel.task_id) return rel
def profile_edit(username): user : User = User.query.filter_by(username=username).first() if not user: abort(404) if not user.can_see_edit_profile(current_user): flash("Permission denied", "danger") return redirect(url_for("users.profile", username=username)) form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method=="POST" and form.validate(): severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name), url_for("users.profile", username=username)) # Copy form fields to user_profile fields if user.checkPerm(current_user, Permission.CHANGE_USERNAMES): user.display_name = form.display_name.data user.forums_username = nonEmptyOrNone(form.forums_username.data) user.github_username = nonEmptyOrNone(form.github_username.data) if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS): user.website_url = form["website_url"].data user.donate_url = form["donate_url"].data if user.checkPerm(current_user, Permission.CHANGE_RANK): newRank = form["rank"].data if current_user.rank.atLeast(newRank): if newRank != user.rank: user.rank = form["rank"].data msg = "Set rank of {} to {}".format(user.display_name, user.rank.getTitle()) addAuditLog(AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username)) else: flash("Can't promote a user to a rank higher than yourself!", "danger") # Save user_profile db.session.commit() return redirect(url_for("users.profile", username=username)) # Process GET or invalid POST return render_template("users/profile_edit.html", user=user, form=form, tabs=get_setting_tabs(user), current_tab="edit_profile")
class UserProfileForm(FlaskForm): display_name = StringField("Display Name", [Optional(), Length(1, 20)], filters=[lambda x: nonEmptyOrNone(x)]) website_url = StringField("Website URL", [Optional(), URL()], filters=[lambda x: x or None]) donate_url = StringField("Donation URL", [Optional(), URL()], filters=[lambda x: x or None]) submit = SubmitField("Save")
class RegisterForm(FlaskForm): display_name = StringField("Display Name", [Optional(), Length(1, 20)], filters=[lambda x: nonEmptyOrNone(x)]) username = StringField("Username", [ InputRequired(), Regexp("^[a-zA-Z0-9._-]+$", message="Only a-zA-Z0-9._ allowed") ]) email = StringField("Email", [InputRequired(), Email()]) password = PasswordField("Password", [InputRequired(), Length(6, 100)]) agree = BooleanField("I agree", [Required()]) submit = SubmitField("Register")
def profile(username): user = User.query.filter_by(username=username).first() if not user: abort(404) form = None if user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \ user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \ user.checkPerm(current_user, Permission.CHANGE_RANK): # Initialize form form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method == "POST" and form.validate(): severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name), url_for("users.profile", username=username)) # Copy form fields to user_profile fields if user.checkPerm(current_user, Permission.CHANGE_USERNAMES): user.display_name = form.display_name.data user.forums_username = nonEmptyOrNone( form.forums_username.data) user.github_username = nonEmptyOrNone( form.github_username.data) if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS): user.website_url = form["website_url"].data user.donate_url = form["donate_url"].data if user.checkPerm(current_user, Permission.CHANGE_RANK): newRank = form["rank"].data if current_user.rank.atLeast(newRank): if newRank != user.rank: user.rank = form["rank"].data msg = "Set rank of {} to {}".format( user.display_name, user.rank.getTitle()) addAuditLog( AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username)) else: flash( "Can't promote a user to a rank higher than yourself!", "danger") if user.checkPerm(current_user, Permission.CHANGE_EMAIL): newEmail = form["email"].data if newEmail != user.email and newEmail.strip() != "": token = randomString(32) msg = "Changed email of {}".format(user.display_name) addAuditLog(severity, current_user, msg, url_for("users.profile", username=username)) ver = UserEmailVerification() ver.user = user ver.token = token ver.email = newEmail db.session.add(ver) db.session.commit() task = sendVerifyEmail.delay(newEmail, token) return redirect( url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username))) # Save user_profile db.session.commit() # Redirect to home page return redirect(url_for("users.profile", username=username)) packages = user.packages.filter(Package.state != PackageState.DELETED) if not current_user.is_authenticated or ( user != current_user and not current_user.canAccessTodoList()): packages = packages.filter_by(state=PackageState.APPROVED) packages = packages.order_by(db.asc(Package.title)) topics_to_add = None if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR): topics_to_add = ForumTopic.query \ .filter_by(author_id=user.id) \ .filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \ .order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \ .all() # Process GET or invalid POST return render_template("users/profile.html", user=user, form=form, packages=packages, topics_to_add=topics_to_add)