def set_password_page(): if current_user.password is not None: return redirect(url_for("user.change_password")) form = SetPasswordForm(request.form) if current_user.email == None: form.email.validators = [InputRequired(), Email()] if request.method == "POST" and form.validate(): one = form.password.data two = form.password2.data if one == two: # Hash password hashed_password = user_manager.hash_password(form.password.data) # Change password user_manager.update_password(current_user, hashed_password) # Send 'password_changed' email if user_manager.enable_email and user_manager.send_password_changed_email and current_user.email: emails.send_password_changed_email(current_user) # Send password_changed signal signals.user_changed_password.send( current_app._get_current_object(), user=current_user) # Prepare one-time system message flash('Your password has been changed successfully.', 'success') newEmail = form["email"].data if newEmail != current_user.email and newEmail.strip() != "": token = randomString(32) ver = UserEmailVerification() ver.user = current_user ver.token = token ver.email = newEmail db.session.add(ver) db.session.commit() task = sendVerifyEmail.delay(newEmail, token) return redirect( url_for("check_task", id=task.id, r=url_for("user_profile_page", username=current_user.username))) else: return redirect( url_for("user_profile_page", username=current_user.username)) else: flash("Passwords do not match", "error") return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
def user_profile_page(username): user = User.query.filter_by(username=username).first() if not user: abort(404) form = None if user.checkPerm(current_user, Permission.CHANGE_DNAME) or \ user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \ user.checkPerm(current_user, Permission.CHANGE_RANK): # Initialize form form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method == "POST" and form.validate(): # Copy form fields to user_profile fields if user.checkPerm(current_user, Permission.CHANGE_DNAME): user.display_name = form["display_name"].data user.website_url = form["website_url"].data user.donate_url = form["donate_url"].data if user.checkPerm(current_user, Permission.CHANGE_RANK): newRank = form["rank"].data if current_user.rank.atLeast(newRank): user.rank = form["rank"].data else: flash( "Can't promote a user to a rank higher than yourself!", "error") if user.checkPerm(current_user, Permission.CHANGE_EMAIL): newEmail = form["email"].data if newEmail != user.email and newEmail.strip() != "": token = randomString(32) ver = UserEmailVerification() ver.user = user ver.token = token ver.email = newEmail db.session.add(ver) db.session.commit() task = sendVerifyEmail.delay(newEmail, token) return redirect( url_for("check_task", id=task.id, r=url_for("user_profile_page", username=username))) # Save user_profile db.session.commit() # Redirect to home page return redirect(url_for("user_profile_page", username=username)) packages = user.packages.filter_by(soft_deleted=False) if not current_user.is_authenticated or ( user != current_user and not current_user.canAccessTodoList()): packages = packages.filter_by(approved=True) packages = packages.order_by(db.asc(Package.title)) topics_to_add = None if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR): topics_to_add = ForumTopic.query \ .filter_by(author_id=user.id) \ .filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \ .order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \ .all() # Process GET or invalid POST return render_template("users/user_profile_page.html", user=user, form=form, packages=packages, topics_to_add=topics_to_add)
def profile(username): user = User.query.filter_by(username=username).first() if not user: abort(404) form = None if user.checkPerm(current_user, Permission.CHANGE_USERNAMES) or \ user.checkPerm(current_user, Permission.CHANGE_EMAIL) or \ user.checkPerm(current_user, Permission.CHANGE_RANK): # Initialize form form = UserProfileForm(formdata=request.form, obj=user) # Process valid POST if request.method == "POST" and form.validate(): severity = AuditSeverity.NORMAL if current_user == user else AuditSeverity.MODERATION addAuditLog(severity, current_user, "Edited {}'s profile".format(user.display_name), url_for("users.profile", username=username)) # Copy form fields to user_profile fields if user.checkPerm(current_user, Permission.CHANGE_USERNAMES): user.display_name = form.display_name.data user.forums_username = nonEmptyOrNone( form.forums_username.data) user.github_username = nonEmptyOrNone( form.github_username.data) if user.checkPerm(current_user, Permission.CHANGE_PROFILE_URLS): user.website_url = form["website_url"].data user.donate_url = form["donate_url"].data if user.checkPerm(current_user, Permission.CHANGE_RANK): newRank = form["rank"].data if current_user.rank.atLeast(newRank): if newRank != user.rank: user.rank = form["rank"].data msg = "Set rank of {} to {}".format( user.display_name, user.rank.getTitle()) addAuditLog( AuditSeverity.MODERATION, current_user, msg, url_for("users.profile", username=username)) else: flash( "Can't promote a user to a rank higher than yourself!", "danger") if user.checkPerm(current_user, Permission.CHANGE_EMAIL): newEmail = form["email"].data if newEmail != user.email and newEmail.strip() != "": token = randomString(32) msg = "Changed email of {}".format(user.display_name) addAuditLog(severity, current_user, msg, url_for("users.profile", username=username)) ver = UserEmailVerification() ver.user = user ver.token = token ver.email = newEmail db.session.add(ver) db.session.commit() task = sendVerifyEmail.delay(newEmail, token) return redirect( url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username))) # Save user_profile db.session.commit() # Redirect to home page return redirect(url_for("users.profile", username=username)) packages = user.packages.filter(Package.state != PackageState.DELETED) if not current_user.is_authenticated or ( user != current_user and not current_user.canAccessTodoList()): packages = packages.filter_by(state=PackageState.APPROVED) packages = packages.order_by(db.asc(Package.title)) topics_to_add = None if current_user == user or user.checkPerm(current_user, Permission.CHANGE_AUTHOR): topics_to_add = ForumTopic.query \ .filter_by(author_id=user.id) \ .filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \ .order_by(db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \ .all() # Process GET or invalid POST return render_template("users/profile.html", user=user, form=form, packages=packages, topics_to_add=topics_to_add)