def show_profile(user_id):
"""Show individual user profile"""
if not g.user:
flash("Access unauthorized. Please login to view profile!", "danger")
return redirect("/")
user = User.query.get_or_404(user_id)
saved_recipes = User.get_user_fav_recipes(user_id)
form = UserAddForm()
delete_form = DeleteAccountForm()
if form.validate_on_submit():
User.update_user(user, form)
db.session.commit()
return redirect(f'/users/{user_id}')
if delete_form.validate_on_submit():
valid = User.authenticate(user.username, delete_form.password.data)
if (valid):
User.remove_user(user_id)
db.session.commit()
do_logout()
return redirect("/")
return render_template('/users/profile.html',
saved_recipes=saved_recipes,
user=user,
form=form,
delete_form=delete_form)
def user_delete():
form_delete = DeleteAccountForm(request.form,user_id=str(current_user.id))
if form_delete.validate_on_submit():
try:
for reserva in current_user.reservas:
reserva.delete_instance()
current_user.delete_instance()
logout_user()
except:
None
return redirect(url_for('index'))
def settings():
loggedin_user = get_user()
user, allplayers, leaders = get_leaderboard(loggedin_user)
form = PasswordResetForm(request.form)
deleteform = DeleteAccountForm(request.form)
title = "{}'s account settings".format(user.name)
if request.method == 'POST' and form.validate():
if form.old_password.data == user.password:
flash("Your password has been reset.")
user.password = form.new_password.data
db.session.commit()
password_reset_email(user)
return redirect(url_for('user'))
else:
flash("Your old password was incorrect. Please try again.")
return redirect(url_for('settings'))
elif request.method == 'POST' and not form.validate():
flash("Something went wrong; please try again.")
return redirect(url_for('settings'))
else:
return render_template('settings.html',
title=title,
loggedin_user=loggedin_user,
user=user,
form=form,
deleteform=deleteform)
def delete_account():
deleteform = DeleteAccountForm(request.form)
loggedin_user = get_user()
user, allplayers, leaders = get_leaderboard(loggedin_user)
if request.method == "POST" and deleteform.validate():
if deleteform.confirm.data.upper() == "DELETE":
db.session.delete(user)
db.session.commit()
flash("Your account has been deleted.")
return redirect(url_for("logout"))
else:
flash(
'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.'
)
return redirect(url_for("settings"))
elif request.method == "POST" and not deleteform.validate():
flash(
'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.'
)
return redirect(url_for("settings"))
def delete_account():
deleteform = DeleteAccountForm(request.form)
loggedin_user = get_user()
user, allplayers, leaders = get_leaderboard(loggedin_user)
if request.method == 'POST' and deleteform.validate():
if deleteform.confirm.data.upper() == 'DELETE':
db.session.delete(user)
db.session.commit()
flash("Your account has been deleted.")
return redirect(url_for('logout'))
else:
flash(
'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.'
)
return redirect(url_for('settings'))
elif request.method == 'POST' and not deleteform.validate():
flash(
'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.'
)
return redirect(url_for('settings'))
def deleteAccount():
"""
The '/deleteAccount' route directs a user to a form where they can request the superuser
to delete their account.
"""
if 'username' not in session:
return redirect(url_for('login'))
if session['type_of_user'] == 'superuser':
return redirect(url_for('dashboard_superuser'))
if session['type_of_user'] == 'applicant':
return redirect(url_for('dashboard_applicant'))
form = DeleteAccountForm()
if request.method == 'GET':
return render_template("deleteAccount.html", form=form)
elif request.method == 'POST':
if form.delete.data:
DeleteRequest(session['username'])
return redirect(url_for('dashboard'))
elif form.cancel.data:
return redirect(url_for('dashboard'))
def profile(request):
'''The profile page containing
* password change form;
* forms to associate and dissociate OpenID's;
* a button to delete account.
**Authentication restrictions**
If a user that is not logged in tries to visit this page, he will
be redirected to the login page. If he successfully logs in there,
he'll be redirected back here.
**Templates**
`"authentication/profile/profile.html"`
Page template.
**Context**
``form_change_password``
A :class:`django.contrib.auth.forms.SetPasswordForm`.
``form_add_openid_msg``
Form errors for ``form_add_openid`` (see below).
``form_add_openid``
An :class:`django_authopenid.forms.AssociateOpenID`.
``form_delete_openid``
An :class:`authentication.forms.DeleteOpenidForm`.
``form_delete``
An :class:`authentication.forms.DeleteAccountForm`.
`"authentication/profile/password_changed.html"`
Templates rendered after the change password form was submitted and user's
password was successfull changed.
**Context**
``next``
The link for previous page tracking or ``''`` if it is unknown
(i.e., was not passed);
'''
from django.contrib.auth.forms import SetPasswordForm
from django_authopenid.forms import AssociateOpenID
from forms import DeleteOpenidForm, DeleteAccountForm
redirect_to = next = request.GET.get('next')
if not redirect_to or '://' in redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
next = ''
form_change_password = SetPasswordForm(request.user)
form_add_openid_msg = ''
form_add_openid = AssociateOpenID(request.user)
form_delete_openid = DeleteOpenidForm.new(request.user)
form_delete = DeleteAccountForm()
if request.method == 'POST':
if 'new_password1' in request.POST.keys():
form_change_password = SetPasswordForm(request.user, request.POST)
if form_change_password.is_valid():
request.user.set_password(form_change_password.cleaned_data['new_password1'])
request.user.save()
return render_to_response2(request, 'authentication/profile/password_changed.html', {'next': next})
elif 'openid_url' in request.POST.keys():
form_add_openid = AssociateOpenID(request.user, request.POST)
if form_add_openid.is_valid():
openid_url = form_add_openid.cleaned_data['openid_url']
redirect_url = "%s?%s" % (
request.build_absolute_uri(request.path),
urllib.urlencode({'next': redirect_to, 'openid_url': openid_url})
)
try:
return Overrides.Authopenid.ask_openid(request, openid_url, redirect_url)
except Overrides.Authopenid.OpenidError, e:
form_add_openid_msg = unicode(e)
elif 'openid_url_to_delete' in request.POST.keys():
form_delete_openid = DeleteOpenidForm.process(request.user, request.POST)
else:
form_delete = DeleteAccountForm(request.POST)
if form_delete.is_valid():
request.user.delete()
auth.logout(request)
return HttpResponseRedirect(redirect_to)