diff options
author | B. Stack <bgstack15@gmail.com> | 2023-06-17 21:13:43 -0400 |
---|---|---|
committer | B. Stack <bgstack15@gmail.com> | 2023-06-24 08:22:59 -0400 |
commit | 623e49870608ba3344d3f391901e56285617277e (patch) | |
tree | 36d454bb7e03d6f6f406208668989dcad508e080 | |
parent | use attribute external_auth (diff) | |
download | newspipe-623e49870608ba3344d3f391901e56285617277e.tar.gz newspipe-623e49870608ba3344d3f391901e56285617277e.tar.bz2 newspipe-623e49870608ba3344d3f391901e56285617277e.zip |
disallow ext-auth user to change nickname
-rw-r--r-- | newspipe/templates/profile.html | 2 | ||||
-rw-r--r-- | newspipe/web/forms.py | 5 | ||||
-rw-r--r-- | newspipe/web/views/user.py | 6 |
3 files changed, 9 insertions, 4 deletions
diff --git a/newspipe/templates/profile.html b/newspipe/templates/profile.html index 68ecab11..f5ae6992 100644 --- a/newspipe/templates/profile.html +++ b/newspipe/templates/profile.html @@ -21,7 +21,7 @@ <div class="col"> {{ form.nickname.label }} - {{ form.nickname(class_="form-control") }} {% for error in form.nickname.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} + {% if nick_disabled %}{{ form.nickname(class_="form-control", disabled=True) }}{% else %}{{ form.nickname(class_="form-control") }}{% endif %} {% for error in form.nickname.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} {% if not user.external_auth %}{{ form.password.label }} {{ form.password(class_="form-control") }} {% for error in form.password.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py index 7a245b94..0f6200f8 100644 --- a/newspipe/web/forms.py +++ b/newspipe/web/forms.py @@ -239,7 +239,8 @@ class ProfileForm(FlaskForm): nickname = TextField( lazy_gettext("Nickname"), - [validators.Required(lazy_gettext("Please enter your nickname."))], + #[validators.Required(lazy_gettext("Please enter your nickname."))], + [validators.Optional()], ) password = PasswordField(lazy_gettext("Password")) password_conf = PasswordField(lazy_gettext("Password")) @@ -264,7 +265,7 @@ class ProfileForm(FlaskForm): ) self.password.errors.append(message) validated = False - if self.nickname.data != User.make_valid_nickname(self.nickname.data): + if self.nickname.data and (self.nickname.data != User.make_valid_nickname(self.nickname.data)): self.nickname.errors.append( lazy_gettext( "This nickname has " diff --git a/newspipe/web/views/user.py b/newspipe/web/views/user.py index b8d01967..7bb6e6b1 100644 --- a/newspipe/web/views/user.py +++ b/newspipe/web/views/user.py @@ -9,6 +9,7 @@ from flask_login import current_user from flask_login import login_required from flask_paginate import get_page_args from flask_paginate import Pagination +from werkzeug.exceptions import BadRequest from newspipe.bootstrap import application from newspipe.controllers import ArticleController @@ -165,6 +166,9 @@ def profile(): if request.method == "POST": if form.validate(): try: + # for external user, just force the exact same username. + if user.external_auth or not form.nickname.data: + form.nickname.data = user.nickname user_contr.update( {"id": current_user.id}, { @@ -195,7 +199,7 @@ def profile(): if request.method == "GET": form = ProfileForm(obj=user) - return render_template("profile.html", user=user, form=form) + return render_template("profile.html", user=user, form=form, nick_disabled=bool(user.external_auth)) @user_bp.route("/delete_account", methods=["GET"]) |