Move account routes into blueprint (#292)

and update templates, and remove unused imports Routes: * /login * /logout * /register * /profile
2024-12-22 10:29:59 +00:00 · 2017-07-20 21:01:25 +03:00 · 2017-07-20 21:01:25 +03:00 · f316353176
parent 911fbc317f
commit f316353176
4 changed files with 168 additions and 158 deletions
--- a/nyaa/routes.py
+++ b/nyaa/routes.py
@ -2,12 +2,8 @@ import json
 import math
 import os.path
 import re
 import smtplib
 from datetime import datetime, timedelta
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 from email.utils import formatdate
 from ipaddress import ip_address
 from urllib.parse import quote
 import flask
@ -15,7 +11,6 @@ from flask_paginate import Pagination
 from werkzeug import url_encode
 from werkzeug.datastructures import CombinedMultiDict
 import config
 from itsdangerous import BadSignature, URLSafeSerializer
 from sqlalchemy.orm import joinedload
@ -34,15 +29,6 @@ SERACH_PAGINATE_DISPLAY_MSG = ('Displaying results {start}-{end} out of {total}
 _static_cache = {}
 def redirect_url():
    url = flask.request.args.get('next') or \
        flask.request.referrer or \
        '/'
    if url == flask.request.url:
        return '/'
    return url
@app.template_global()
 def static_cachebuster(filename):
    ''' Adds a ?t=<mtime> cachebuster to the given path, if the file exists.
@ -101,7 +87,7 @@ def before_request():
    if 'user_id' in flask.session:
        user = models.User.by_id(flask.session['user_id'])
        if not user:
-            return logout()
+            return views.account.logout()
        flask.g.user = user
@ -452,121 +438,6 @@ def render_rss(label, query, use_elastic, magnet_links=False):
    return response
@app.route('/login', methods=['GET', 'POST'])
 def login():
    if flask.g.user:
        return flask.redirect(redirect_url())
    form = forms.LoginForm(flask.request.form)
    if flask.request.method == 'POST' and form.validate():
        username = form.username.data.strip()
        password = form.password.data
        user = models.User.by_username(username)
        if not user:
            user = models.User.by_email(username)
        if (not user or password != user.password_hash
                or user.status == models.UserStatusType.INACTIVE):
            flask.flash(flask.Markup(
                '<strong>Login failed!</strong> Incorrect username or password.'), 'danger')
            return flask.redirect(flask.url_for('login'))
        user.last_login_date = datetime.utcnow()
        user.last_login_ip = ip_address(flask.request.remote_addr).packed
        db.session.add(user)
        db.session.commit()
        flask.g.user = user
        flask.session['user_id'] = user.id
        flask.session.permanent = True
        flask.session.modified = True
        return flask.redirect(redirect_url())
    return flask.render_template('login.html', form=form)
@app.route('/logout')
 def logout():
    flask.g.user = None
    flask.session.permanent = False
    flask.session.modified = False
    response = flask.make_response(flask.redirect(redirect_url()))
    response.set_cookie(app.session_cookie_name, expires=0)
    return response
@app.route('/register', methods=['GET', 'POST'])
 def register():
    if flask.g.user:
        return flask.redirect(redirect_url())
    form = forms.RegisterForm(flask.request.form)
    if flask.request.method == 'POST' and form.validate():
        user = models.User(username=form.username.data.strip(),
                           email=form.email.data.strip(), password=form.password.data)
        user.last_login_ip = ip_address(flask.request.remote_addr).packed
        db.session.add(user)
        db.session.commit()
        if config.USE_EMAIL_VERIFICATION:  # force verification, enable email
            activ_link = get_activation_link(user)
            send_verification_email(user.email, activ_link)
            return flask.render_template('waiting.html')
        else:  # disable verification, set user as active and auto log in
            user.status = models.UserStatusType.ACTIVE
            db.session.add(user)
            db.session.commit()
            flask.g.user = user
            flask.session['user_id'] = user.id
            flask.session.permanent = True
            flask.session.modified = True
            return flask.redirect(redirect_url())
    return flask.render_template('register.html', form=form)
@app.route('/profile', methods=['GET', 'POST'])
 def profile():
    if not flask.g.user:
        return flask.redirect('/')  # so we dont get stuck in infinite loop when signing out
    form = forms.ProfileForm(flask.request.form)
    if flask.request.method == 'POST' and form.validate():
        user = flask.g.user
        new_email = form.email.data.strip()
        new_password = form.new_password.data
        if new_email:
            # enforce password check on email change too
            if form.current_password.data != user.password_hash:
                flask.flash(flask.Markup(
                    '<strong>Email change failed!</strong> Incorrect password.'), 'danger')
                return flask.redirect('/profile')
            user.email = form.email.data
            flask.flash(flask.Markup(
                '<strong>Email successfully changed!</strong>'), 'success')
        if new_password:
            if form.current_password.data != user.password_hash:
                flask.flash(flask.Markup(
                    '<strong>Password change failed!</strong> Incorrect password.'), 'danger')
                return flask.redirect('/profile')
            user.password_hash = form.new_password.data
            flask.flash(flask.Markup(
                '<strong>Password successfully changed!</strong>'), 'success')
        db.session.add(user)
        db.session.commit()
        flask.g.user = user
        return flask.redirect('/profile')
    return flask.render_template('profile.html', form=form)
@app.route('/user/activate/<payload>')
 def activate_user(payload):
    s = get_serializer()
@ -928,30 +799,6 @@ def get_activation_link(user):
    return flask.url_for('activate_user', payload=payload, _external=True)
 def send_verification_email(to_address, activ_link):
    ''' this is until we have our own mail server, obviously.
     This can be greatly cut down if on same machine.
     probably can get rid of all but msg formatting/building,
     init line and sendmail line if local SMTP server '''
    msg_body = 'Please click on: ' + activ_link + ' to activate your account.\n\n\nUnsubscribe:'
    msg = MIMEMultipart()
    msg['Subject'] = 'Verification Link'
    msg['From'] = config.MAIL_FROM_ADDRESS
    msg['To'] = to_address
    msg.attach(MIMEText(msg_body, 'plain'))
    server = smtplib.SMTP(config.SMTP_SERVER, config.SMTP_PORT)
    server.set_debuglevel(1)
    server.ehlo()
    server.starttls()
    server.ehlo()
    server.login(config.SMTP_USERNAME, config.SMTP_PASSWORD)
    server.sendmail(config.SMTP_USERNAME, to_address, msg.as_string())
    server.quit()
 def _create_user_class_choices(user):
    choices = [('regular', 'Regular')]
    default = 'regular'
@ -1010,6 +857,7 @@ def register_blueprints(flask_app):
    # API routes
    flask_app.register_blueprint(api_handler.api_blueprint, url_prefix='/api')
    # Site routes
    flask_app.register_blueprint(views.account_bp)
    flask_app.register_blueprint(views.site_bp)
--- a/nyaa/templates/layout.html
+++ b/nyaa/templates/layout.html
@ -128,13 +128,13 @@
 									</a>
 								</li>
 								<li>
-									<a href="{{ url_for('profile') }}">
+									<a href="{{ url_for('account.profile') }}">
 										<i class="fa fa-gear fa-fw"></i>
 										Profile
 									</a>
 								</li>
 								<li>
-									<a href="{{ url_for('logout') }}">
+									<a href="{{ url_for('account.logout') }}">
 										<i class="fa fa-times fa-fw"></i>
 										Logout
 									</a>
@ -154,13 +154,13 @@
 							</a>
 							<ul class="dropdown-menu">
 								<li>
-									<a href="{{ url_for('login') }}">
+									<a href="{{ url_for('account.login') }}">
 										<i class="fa fa-sign-in fa-fw"></i>
 										Login
 									</a>
 								</li>
 								<li>
-									<a href="{{ url_for('register') }}">
+									<a href="{{ url_for('account.register') }}">
 										<i class="fa fa-pencil fa-fw"></i>
 										Register
 									</a>
--- a/nyaa/views/init.py
+++ b/nyaa/views/init.py
@ -1,5 +1,7 @@
 from nyaa.views import (
    account,
    site,
 )
 account_bp = account.bp
 site_bp = site.bp
--- a/nyaa/views/account.py
+++ b/nyaa/views/account.py
@ -0,0 +1,160 @@
 import smtplib
 from datetime import datetime
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 from ipaddress import ip_address
 import flask
 # Importing nyaa.routes for get_activation_link
 from nyaa import app, db, forms, models, routes
 bp = flask.Blueprint('account', __name__)
@bp.route('/login', methods=['GET', 'POST'])
 def login():
    if flask.g.user:
        return flask.redirect(redirect_url())
    form = forms.LoginForm(flask.request.form)
    if flask.request.method == 'POST' and form.validate():
        username = form.username.data.strip()
        password = form.password.data
        user = models.User.by_username(username)
        if not user:
            user = models.User.by_email(username)
        if (not user or password != user.password_hash or
                user.status == models.UserStatusType.INACTIVE):
            flask.flash(flask.Markup(
                '<strong>Login failed!</strong> Incorrect username or password.'), 'danger')
            return flask.redirect(flask.url_for('account.login'))
        user.last_login_date = datetime.utcnow()
        user.last_login_ip = ip_address(flask.request.remote_addr).packed
        db.session.add(user)
        db.session.commit()
        flask.g.user = user
        flask.session['user_id'] = user.id
        flask.session.permanent = True
        flask.session.modified = True
        return flask.redirect(redirect_url())
    return flask.render_template('login.html', form=form)
@bp.route('/logout')
 def logout():
    flask.g.user = None
    flask.session.permanent = False
    flask.session.modified = False
    response = flask.make_response(flask.redirect(redirect_url()))
    response.set_cookie(app.session_cookie_name, expires=0)
    return response
@bp.route('/register', methods=['GET', 'POST'])
 def register():
    if flask.g.user:
        return flask.redirect(redirect_url())
    form = forms.RegisterForm(flask.request.form)
    if flask.request.method == 'POST' and form.validate():
        user = models.User(username=form.username.data.strip(),
                           email=form.email.data.strip(), password=form.password.data)
        user.last_login_ip = ip_address(flask.request.remote_addr).packed
        db.session.add(user)
        db.session.commit()
        if app.config['USE_EMAIL_VERIFICATION']:  # force verification, enable email
            activ_link = routes.get_activation_link(user)
            send_verification_email(user.email, activ_link)
            return flask.render_template('waiting.html')
        else:  # disable verification, set user as active and auto log in
            user.status = models.UserStatusType.ACTIVE
            db.session.add(user)
            db.session.commit()
            flask.g.user = user
            flask.session['user_id'] = user.id
            flask.session.permanent = True
            flask.session.modified = True
            return flask.redirect(redirect_url())
    return flask.render_template('register.html', form=form)
@bp.route('/profile', methods=['GET', 'POST'])
 def profile():
    if not flask.g.user:
        return flask.redirect('/')  # so we dont get stuck in infinite loop when signing out
    form = forms.ProfileForm(flask.request.form)
    if flask.request.method == 'POST' and form.validate():
        user = flask.g.user
        new_email = form.email.data.strip()
        new_password = form.new_password.data
        if new_email:
            # enforce password check on email change too
            if form.current_password.data != user.password_hash:
                flask.flash(flask.Markup(
                    '<strong>Email change failed!</strong> Incorrect password.'), 'danger')
                return flask.redirect('/profile')
            user.email = form.email.data
            flask.flash(flask.Markup(
                '<strong>Email successfully changed!</strong>'), 'success')
        if new_password:
            if form.current_password.data != user.password_hash:
                flask.flash(flask.Markup(
                    '<strong>Password change failed!</strong> Incorrect password.'), 'danger')
                return flask.redirect('/profile')
            user.password_hash = form.new_password.data
            flask.flash(flask.Markup(
                '<strong>Password successfully changed!</strong>'), 'success')
        db.session.add(user)
        db.session.commit()
        flask.g.user = user
        return flask.redirect('/profile')
    return flask.render_template('profile.html', form=form)
 def redirect_url():
    url = flask.request.args.get('next') or \
        flask.request.referrer or \
        '/'
    if url == flask.request.url:
        return '/'
    return url
 def send_verification_email(to_address, activ_link):
    ''' this is until we have our own mail server, obviously.
     This can be greatly cut down if on same machine.
     probably can get rid of all but msg formatting/building,
     init line and sendmail line if local SMTP server '''
    msg_body = 'Please click on: ' + activ_link + ' to activate your account.\n\n\nUnsubscribe:'
    msg = MIMEMultipart()
    msg['Subject'] = 'Verification Link'
    msg['From'] = app.config['MAIL_FROM_ADDRESS']
    msg['To'] = to_address
    msg.attach(MIMEText(msg_body, 'plain'))
    server = smtplib.SMTP(app.config['SMTP_SERVER'], app.config['SMTP_PORT'])
    server.set_debuglevel(1)
    server.ehlo()
    server.starttls()
    server.ehlo()
    server.login(app.config['SMTP_USERNAME'], app.config['SMTP_PASSWORD'])
    server.sendmail(app.config['SMTP_USERNAME'], to_address, msg.as_string())
    server.quit()