from flask import redirect, url_for, request, flash, abort from flask_login import login_required, current_user, logout_user from app import app, db from app.forms.account import UpdateAccountForm, RegistrationForm, \ DeleteAccountForm, AskResetPasswordForm, ResetPasswordForm from app.models.user import Guest, Member from app.models.trophy import Title from app.utils.render import render from app.utils.send_mail import send_validation_mail, send_reset_password_mail from app.utils.priv_required import guest_only from app.utils.glados import say, BOLD import app.utils.ldap as ldap import app.utils.validators as vd from itsdangerous import URLSafeTimedSerializer from config import V5Config @app.route('/compte', methods=['GET', 'POST']) @login_required def edit_account(): form = UpdateAccountForm() titles = [(t.id, t.name) for t in current_user.trophies if isinstance(t, Title)] titles.insert(0, (-1, "Membre")) form.title.choices = titles extra_vd = { "email": [vd.password.old_password], "password": [vd.password.old_password], "title": [vd.own_title], } if form.submit.data: if form.is_submitted() and form.validate(extra_validators=extra_vd): old_username = current_user.norm current_user.update( avatar=form.avatar.data or None, email=form.email.data or None, password=form.password.data or None, birthday=form.birthday.data, signature=form.signature.data, bio=form.biography.data, title=form.title.data, newsletter=form.newsletter.data, theme=form.theme.data ) ldap.edit(old_username, current_user) current_user.update(password=form.password.data or None) db.session.merge(current_user) db.session.commit() current_user.update_trophies("on-profile-update") flash('Modifications effectuées', 'ok') app.v5logger.info(f"<{current_user.name}> has edited their account") return redirect(request.url) else: flash('Erreur lors de la modification', 'error') else: form.theme.data = current_user.theme or 'default_theme' return render('account/account.html', scripts=["+scripts/entropy.js"], form=form) @app.route('/compte/reinitialiser', methods=['GET', 'POST']) @guest_only def ask_reset_password(): form = AskResetPasswordForm() if form.submit.data: m = Member.query.filter_by(email=form.email.data).first() if m is not None: send_reset_password_mail(m.name, m.email) app.v5logger.info(f"<{m.name}> has asked a password reset token") flash('Un email a été envoyé à l\'adresse renseignée', 'ok') return redirect(url_for('login')) elif request.method == "POST": flash('Une erreur est survenue', 'error') return render('account/ask_reset_password.html', form=form) @app.route('/compte/reinitialiser/', methods=['GET', 'POST']) @guest_only def reset_password(token): try: ts = URLSafeTimedSerializer(app.config["SECRET_KEY"]) email = ts.loads(token, salt="email-confirm-key", max_age=86400) except Exception as e: print(f"Error: {e}") abort(404) form = ResetPasswordForm() if form.submit.data: if form.validate_on_submit(): m = Member.query.filter_by(email=email).first_or_404() m.set_password(form.password.data) db.session.merge(m) db.session.commit() flash('Modifications effectuées', 'ok') app.v5logger.info(f"<{m.name}> has reset their password") return redirect(url_for('login')) else: flash('Erreur lors de la modification', 'error') return render('account/reset_password.html', scripts=["+scripts/entropy.js"], form=form) @app.route('/compte/supprimer', methods=['GET', 'POST']) @login_required def delete_account(): del_form = DeleteAccountForm() if del_form.submit.data: if del_form.validate_on_submit(): name = current_user.name if del_form.transfer.data: guest = Guest(current_user.generate_guest_name()) db.session.add(guest) db.session.commit() current_user.transfer_posts(guest) db.session.commit() else: current_user.delete_posts() db.session.commit() if (V5Config.USE_LDAP): ldap.delete_member(current_user) current_user.delete() logout_user() db.session.commit() flash('Compte supprimé', 'ok') app.v5logger.info(f"<{name}> has deleted their account ({'with' if del_form.transfer.data else 'without'} guest transfer)") return redirect(url_for('index')) else: flash('Erreur lors de la suppression du compte', 'error') del_form.delete.data = False # Force to tick to delete the account return render('account/delete_account.html', del_form=del_form) @app.route('/inscription', methods=['GET', 'POST']) @guest_only def register(): form = RegistrationForm() if form.validate_on_submit(): member = Member(form.username.data, form.email.data, form.password.data) member.newsletter = form.newsletter.data db.session.add(member) db.session.commit() # Workflow with LDAP is User → Postgresql → LDAP → Change password if V5Config.USE_LDAP: ldap.add_member(member) ldap.set_password(member, form.password.data) flash('Inscription réussie', 'ok') # Email validation message send_validation_mail(member.name, member.email) app.v5logger.info(f"<{member.name}> registered") return redirect(url_for('validation') + "?email=" + form.email.data) return render('account/register.html', title='Register', scripts=["+scripts/entropy.js"], form=form) @app.route('/inscription/validation', methods=['GET']) @guest_only def validation(): try: mail = request.args['email'] except Exception as e: print(f"Error: {e}") abort(404) if current_user.is_authenticated: return redirect(url_for('index')) return render('account/validation.html', mail=mail) @app.route('/inscription/validation/', methods=['GET']) @guest_only def activate_account(token): try: ts = URLSafeTimedSerializer(app.config["SECRET_KEY"]) email = ts.loads(token, salt="email-confirm-key", max_age=86400) except Exception as e: # TODO: add proper login print(f"Error: {e}") abort(404) m = Member.query.filter_by(email=email).first_or_404() m.email_confirmed = True db.session.add(m) db.session.commit() flash("L'email a bien été confirmé", "ok") app.v5logger.info(f"<{m.name}> has activated their account") say(f"Un nouveau membre s’est inscrit ! Il s’agit de {BOLD}{m.name}{BOLD}.") say(url_for('user', username=m.name, _external=True)) return redirect(url_for('login'))