1
0
Fork 0
mirror of https://gitlab.com/SIGBUS/nyaa.git synced 2024-12-22 14:49:59 +00:00

Move account routes into blueprint (#292)

and update templates,
and remove unused imports

Routes:
* /login
* /logout
* /register
* /profile
This commit is contained in:
Kfir Hadas 2017-07-20 21:01:25 +03:00
parent 911fbc317f
commit f316353176
4 changed files with 168 additions and 158 deletions

View file

@ -2,12 +2,8 @@ import json
import math import math
import os.path import os.path
import re import re
import smtplib
from datetime import datetime, timedelta from datetime import datetime, timedelta
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.utils import formatdate from email.utils import formatdate
from ipaddress import ip_address
from urllib.parse import quote from urllib.parse import quote
import flask import flask
@ -15,7 +11,6 @@ from flask_paginate import Pagination
from werkzeug import url_encode from werkzeug import url_encode
from werkzeug.datastructures import CombinedMultiDict from werkzeug.datastructures import CombinedMultiDict
import config
from itsdangerous import BadSignature, URLSafeSerializer from itsdangerous import BadSignature, URLSafeSerializer
from sqlalchemy.orm import joinedload from sqlalchemy.orm import joinedload
@ -34,15 +29,6 @@ SERACH_PAGINATE_DISPLAY_MSG = ('Displaying results {start}-{end} out of {total}
_static_cache = {} _static_cache = {}
def redirect_url():
url = flask.request.args.get('next') or \
flask.request.referrer or \
'/'
if url == flask.request.url:
return '/'
return url
@app.template_global() @app.template_global()
def static_cachebuster(filename): def static_cachebuster(filename):
''' Adds a ?t=<mtime> cachebuster to the given path, if the file exists. ''' Adds a ?t=<mtime> cachebuster to the given path, if the file exists.
@ -101,7 +87,7 @@ def before_request():
if 'user_id' in flask.session: if 'user_id' in flask.session:
user = models.User.by_id(flask.session['user_id']) user = models.User.by_id(flask.session['user_id'])
if not user: if not user:
return logout() return views.account.logout()
flask.g.user = user flask.g.user = user
@ -452,121 +438,6 @@ def render_rss(label, query, use_elastic, magnet_links=False):
return response return response
@app.route('/login', methods=['GET', 'POST'])
def login():
if flask.g.user:
return flask.redirect(redirect_url())
form = forms.LoginForm(flask.request.form)
if flask.request.method == 'POST' and form.validate():
username = form.username.data.strip()
password = form.password.data
user = models.User.by_username(username)
if not user:
user = models.User.by_email(username)
if (not user or password != user.password_hash
or user.status == models.UserStatusType.INACTIVE):
flask.flash(flask.Markup(
'<strong>Login failed!</strong> Incorrect username or password.'), 'danger')
return flask.redirect(flask.url_for('login'))
user.last_login_date = datetime.utcnow()
user.last_login_ip = ip_address(flask.request.remote_addr).packed
db.session.add(user)
db.session.commit()
flask.g.user = user
flask.session['user_id'] = user.id
flask.session.permanent = True
flask.session.modified = True
return flask.redirect(redirect_url())
return flask.render_template('login.html', form=form)
@app.route('/logout')
def logout():
flask.g.user = None
flask.session.permanent = False
flask.session.modified = False
response = flask.make_response(flask.redirect(redirect_url()))
response.set_cookie(app.session_cookie_name, expires=0)
return response
@app.route('/register', methods=['GET', 'POST'])
def register():
if flask.g.user:
return flask.redirect(redirect_url())
form = forms.RegisterForm(flask.request.form)
if flask.request.method == 'POST' and form.validate():
user = models.User(username=form.username.data.strip(),
email=form.email.data.strip(), password=form.password.data)
user.last_login_ip = ip_address(flask.request.remote_addr).packed
db.session.add(user)
db.session.commit()
if config.USE_EMAIL_VERIFICATION: # force verification, enable email
activ_link = get_activation_link(user)
send_verification_email(user.email, activ_link)
return flask.render_template('waiting.html')
else: # disable verification, set user as active and auto log in
user.status = models.UserStatusType.ACTIVE
db.session.add(user)
db.session.commit()
flask.g.user = user
flask.session['user_id'] = user.id
flask.session.permanent = True
flask.session.modified = True
return flask.redirect(redirect_url())
return flask.render_template('register.html', form=form)
@app.route('/profile', methods=['GET', 'POST'])
def profile():
if not flask.g.user:
return flask.redirect('/') # so we dont get stuck in infinite loop when signing out
form = forms.ProfileForm(flask.request.form)
if flask.request.method == 'POST' and form.validate():
user = flask.g.user
new_email = form.email.data.strip()
new_password = form.new_password.data
if new_email:
# enforce password check on email change too
if form.current_password.data != user.password_hash:
flask.flash(flask.Markup(
'<strong>Email change failed!</strong> Incorrect password.'), 'danger')
return flask.redirect('/profile')
user.email = form.email.data
flask.flash(flask.Markup(
'<strong>Email successfully changed!</strong>'), 'success')
if new_password:
if form.current_password.data != user.password_hash:
flask.flash(flask.Markup(
'<strong>Password change failed!</strong> Incorrect password.'), 'danger')
return flask.redirect('/profile')
user.password_hash = form.new_password.data
flask.flash(flask.Markup(
'<strong>Password successfully changed!</strong>'), 'success')
db.session.add(user)
db.session.commit()
flask.g.user = user
return flask.redirect('/profile')
return flask.render_template('profile.html', form=form)
@app.route('/user/activate/<payload>') @app.route('/user/activate/<payload>')
def activate_user(payload): def activate_user(payload):
s = get_serializer() s = get_serializer()
@ -928,30 +799,6 @@ def get_activation_link(user):
return flask.url_for('activate_user', payload=payload, _external=True) return flask.url_for('activate_user', payload=payload, _external=True)
def send_verification_email(to_address, activ_link):
''' this is until we have our own mail server, obviously.
This can be greatly cut down if on same machine.
probably can get rid of all but msg formatting/building,
init line and sendmail line if local SMTP server '''
msg_body = 'Please click on: ' + activ_link + ' to activate your account.\n\n\nUnsubscribe:'
msg = MIMEMultipart()
msg['Subject'] = 'Verification Link'
msg['From'] = config.MAIL_FROM_ADDRESS
msg['To'] = to_address
msg.attach(MIMEText(msg_body, 'plain'))
server = smtplib.SMTP(config.SMTP_SERVER, config.SMTP_PORT)
server.set_debuglevel(1)
server.ehlo()
server.starttls()
server.ehlo()
server.login(config.SMTP_USERNAME, config.SMTP_PASSWORD)
server.sendmail(config.SMTP_USERNAME, to_address, msg.as_string())
server.quit()
def _create_user_class_choices(user): def _create_user_class_choices(user):
choices = [('regular', 'Regular')] choices = [('regular', 'Regular')]
default = 'regular' default = 'regular'
@ -1010,6 +857,7 @@ def register_blueprints(flask_app):
# API routes # API routes
flask_app.register_blueprint(api_handler.api_blueprint, url_prefix='/api') flask_app.register_blueprint(api_handler.api_blueprint, url_prefix='/api')
# Site routes # Site routes
flask_app.register_blueprint(views.account_bp)
flask_app.register_blueprint(views.site_bp) flask_app.register_blueprint(views.site_bp)

View file

@ -128,13 +128,13 @@
</a> </a>
</li> </li>
<li> <li>
<a href="{{ url_for('profile') }}"> <a href="{{ url_for('account.profile') }}">
<i class="fa fa-gear fa-fw"></i> <i class="fa fa-gear fa-fw"></i>
Profile Profile
</a> </a>
</li> </li>
<li> <li>
<a href="{{ url_for('logout') }}"> <a href="{{ url_for('account.logout') }}">
<i class="fa fa-times fa-fw"></i> <i class="fa fa-times fa-fw"></i>
Logout Logout
</a> </a>
@ -154,13 +154,13 @@
</a> </a>
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<li> <li>
<a href="{{ url_for('login') }}"> <a href="{{ url_for('account.login') }}">
<i class="fa fa-sign-in fa-fw"></i> <i class="fa fa-sign-in fa-fw"></i>
Login Login
</a> </a>
</li> </li>
<li> <li>
<a href="{{ url_for('register') }}"> <a href="{{ url_for('account.register') }}">
<i class="fa fa-pencil fa-fw"></i> <i class="fa fa-pencil fa-fw"></i>
Register Register
</a> </a>

View file

@ -1,5 +1,7 @@
from nyaa.views import ( from nyaa.views import (
account,
site, site,
) )
account_bp = account.bp
site_bp = site.bp site_bp = site.bp

160
nyaa/views/account.py Normal file
View file

@ -0,0 +1,160 @@
import smtplib
from datetime import datetime
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from ipaddress import ip_address
import flask
# Importing nyaa.routes for get_activation_link
from nyaa import app, db, forms, models, routes
bp = flask.Blueprint('account', __name__)
@bp.route('/login', methods=['GET', 'POST'])
def login():
if flask.g.user:
return flask.redirect(redirect_url())
form = forms.LoginForm(flask.request.form)
if flask.request.method == 'POST' and form.validate():
username = form.username.data.strip()
password = form.password.data
user = models.User.by_username(username)
if not user:
user = models.User.by_email(username)
if (not user or password != user.password_hash or
user.status == models.UserStatusType.INACTIVE):
flask.flash(flask.Markup(
'<strong>Login failed!</strong> Incorrect username or password.'), 'danger')
return flask.redirect(flask.url_for('account.login'))
user.last_login_date = datetime.utcnow()
user.last_login_ip = ip_address(flask.request.remote_addr).packed
db.session.add(user)
db.session.commit()
flask.g.user = user
flask.session['user_id'] = user.id
flask.session.permanent = True
flask.session.modified = True
return flask.redirect(redirect_url())
return flask.render_template('login.html', form=form)
@bp.route('/logout')
def logout():
flask.g.user = None
flask.session.permanent = False
flask.session.modified = False
response = flask.make_response(flask.redirect(redirect_url()))
response.set_cookie(app.session_cookie_name, expires=0)
return response
@bp.route('/register', methods=['GET', 'POST'])
def register():
if flask.g.user:
return flask.redirect(redirect_url())
form = forms.RegisterForm(flask.request.form)
if flask.request.method == 'POST' and form.validate():
user = models.User(username=form.username.data.strip(),
email=form.email.data.strip(), password=form.password.data)
user.last_login_ip = ip_address(flask.request.remote_addr).packed
db.session.add(user)
db.session.commit()
if app.config['USE_EMAIL_VERIFICATION']: # force verification, enable email
activ_link = routes.get_activation_link(user)
send_verification_email(user.email, activ_link)
return flask.render_template('waiting.html')
else: # disable verification, set user as active and auto log in
user.status = models.UserStatusType.ACTIVE
db.session.add(user)
db.session.commit()
flask.g.user = user
flask.session['user_id'] = user.id
flask.session.permanent = True
flask.session.modified = True
return flask.redirect(redirect_url())
return flask.render_template('register.html', form=form)
@bp.route('/profile', methods=['GET', 'POST'])
def profile():
if not flask.g.user:
return flask.redirect('/') # so we dont get stuck in infinite loop when signing out
form = forms.ProfileForm(flask.request.form)
if flask.request.method == 'POST' and form.validate():
user = flask.g.user
new_email = form.email.data.strip()
new_password = form.new_password.data
if new_email:
# enforce password check on email change too
if form.current_password.data != user.password_hash:
flask.flash(flask.Markup(
'<strong>Email change failed!</strong> Incorrect password.'), 'danger')
return flask.redirect('/profile')
user.email = form.email.data
flask.flash(flask.Markup(
'<strong>Email successfully changed!</strong>'), 'success')
if new_password:
if form.current_password.data != user.password_hash:
flask.flash(flask.Markup(
'<strong>Password change failed!</strong> Incorrect password.'), 'danger')
return flask.redirect('/profile')
user.password_hash = form.new_password.data
flask.flash(flask.Markup(
'<strong>Password successfully changed!</strong>'), 'success')
db.session.add(user)
db.session.commit()
flask.g.user = user
return flask.redirect('/profile')
return flask.render_template('profile.html', form=form)
def redirect_url():
url = flask.request.args.get('next') or \
flask.request.referrer or \
'/'
if url == flask.request.url:
return '/'
return url
def send_verification_email(to_address, activ_link):
''' this is until we have our own mail server, obviously.
This can be greatly cut down if on same machine.
probably can get rid of all but msg formatting/building,
init line and sendmail line if local SMTP server '''
msg_body = 'Please click on: ' + activ_link + ' to activate your account.\n\n\nUnsubscribe:'
msg = MIMEMultipart()
msg['Subject'] = 'Verification Link'
msg['From'] = app.config['MAIL_FROM_ADDRESS']
msg['To'] = to_address
msg.attach(MIMEText(msg_body, 'plain'))
server = smtplib.SMTP(app.config['SMTP_SERVER'], app.config['SMTP_PORT'])
server.set_debuglevel(1)
server.ehlo()
server.starttls()
server.ehlo()
server.login(app.config['SMTP_USERNAME'], app.config['SMTP_PASSWORD'])
server.sendmail(app.config['SMTP_USERNAME'], to_address, msg.as_string())
server.quit()