diff options
Diffstat (limited to 'src/web')
-rw-r--r-- | src/web/forms.py | 29 | ||||
-rw-r--r-- | src/web/lib/user_utils.py | 8 | ||||
-rw-r--r-- | src/web/models/user.py | 7 | ||||
-rw-r--r-- | src/web/templates/admin/create_user.html | 3 | ||||
-rw-r--r-- | src/web/templates/admin/dashboard.html | 2 | ||||
-rw-r--r-- | src/web/templates/login.html | 6 | ||||
-rw-r--r-- | src/web/templates/opml.xml | 1 | ||||
-rw-r--r-- | src/web/templates/profile.html | 3 | ||||
-rw-r--r-- | src/web/views/admin.py | 2 | ||||
-rw-r--r-- | src/web/views/user.py | 77 |
10 files changed, 56 insertions, 82 deletions
diff --git a/src/web/forms.py b/src/web/forms.py index 49f879ec..90e90584 100644 --- a/src/web/forms.py +++ b/src/web/forms.py @@ -48,7 +48,7 @@ class SignupForm(Form): email = EmailField(lazy_gettext("Email"), [validators.Length(min=6, max=35), validators.Required( - lazy_gettext("Please enter your email address."))]) + lazy_gettext("Please enter your email address (for account activation, won't be stored)."))]) password = PasswordField(lazy_gettext("Password"), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)]) @@ -60,9 +60,6 @@ class SignupForm(Form): if ucontr.read(nickname=self.nickname.data).count(): self.nickname.errors.append('Nickname already taken') validated = False - if ucontr.read(email=self.email.data).count(): - self.email.errors.append('Email already taken') - validated = False return validated @@ -88,10 +85,10 @@ class SigninForm(RedirectForm): """ Sign in form (connection to newspipe). """ - email_or_nickmane = TextField("Email or nickname", - [validators.Length(min=3, max=35), - validators.Required( - lazy_gettext("Please enter your email address or nickname."))]) + nickmane = TextField("Nickname", + [validators.Length(min=3, max=35), + validators.Required( + lazy_gettext("Please enter your nickname."))]) password = PasswordField(lazy_gettext('Password'), [validators.Required(lazy_gettext("Please enter a password.")), validators.Length(min=6, max=100)]) @@ -105,16 +102,14 @@ class SigninForm(RedirectForm): validated = super().validate() ucontr = UserController() try: - user = ucontr.get(**{'__or__': - {'email': self.email_or_nickmane.data, - 'nickname': self.email_or_nickmane.data}}) + user = ucontr.get(nickname=self.nickmane.data) except NotFound: - self.email_or_nickmane.errors.append( - 'Wrong email address or nickname') + self.nickmane.errors.append( + 'Wrong nickname') validated = False else: if not user.is_active: - self.email_or_nickmane.errors.append('Account not active') + self.nickmane.errors.append('Account not active') validated = False if not ucontr.check_password(user, self.password.data): self.password.errors.append('Wrong password') @@ -129,9 +124,6 @@ class UserForm(Form): """ nickname = TextField(lazy_gettext("Nickname"), [validators.Required(lazy_gettext("Please enter your nickname."))]) - email = EmailField(lazy_gettext("Email"), - [validators.Length(min=6, max=35), - validators.Required(lazy_gettext("Please enter your email."))]) password = PasswordField(lazy_gettext("Password")) automatic_crawling = BooleanField(lazy_gettext("Automatic crawling"), default=True) @@ -153,9 +145,6 @@ class ProfileForm(Form): """ nickname = TextField(lazy_gettext("Nickname"), [validators.Required(lazy_gettext("Please enter your nickname."))]) - email = EmailField(lazy_gettext("Email"), - [validators.Length(min=6, max=35), - validators.Required(lazy_gettext("Please enter your email."))]) password = PasswordField(lazy_gettext("Password")) password_conf = PasswordField(lazy_gettext("Password Confirmation")) automatic_crawling = BooleanField(lazy_gettext("Automatic crawling"), diff --git a/src/web/lib/user_utils.py b/src/web/lib/user_utils.py index dfeb8dfa..f78a6ed6 100644 --- a/src/web/lib/user_utils.py +++ b/src/web/lib/user_utils.py @@ -5,19 +5,19 @@ import conf from bootstrap import application -def generate_confirmation_token(email): +def generate_confirmation_token(nickname): serializer = URLSafeTimedSerializer(application.config['SECRET_KEY']) - return serializer.dumps(email, salt=application.config['SECURITY_PASSWORD_SALT']) + return serializer.dumps(nickname, salt=application.config['SECURITY_PASSWORD_SALT']) def confirm_token(token): serializer = URLSafeTimedSerializer(application.config['SECRET_KEY']) try: - email = serializer.loads( + nickname = serializer.loads( token, salt=application.config['SECURITY_PASSWORD_SALT'], max_age=conf.TOKEN_VALIDITY_PERIOD ) except: return False - return email + return nickname diff --git a/src/web/models/user.py b/src/web/models/user.py index 460958e0..e0f86328 100644 --- a/src/web/models/user.py +++ b/src/web/models/user.py @@ -2,9 +2,9 @@ # -*- coding: utf-8 -*- # newspipe - A Web based news aggregator. -# Copyright (C) 2010-2016 Cédric Bonhomme - https://www.cedricbonhomme.org +# Copyright (C) 2010-2018 Cédric Bonhomme - https://www.cedricbonhomme.org # -# For more information : https://github.com/Newspipe/Newspipe +# For more information : https://github.com/newspipe/newspipe # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as @@ -46,7 +46,6 @@ class User(db.Model, UserMixin, RightMixin): """ id = db.Column(db.Integer, primary_key=True) nickname = db.Column(db.String(), unique=True) - email = db.Column(db.String(254), index=True, unique=True) pwdhash = db.Column(db.String()) automatic_crawling = db.Column(db.Boolean(), default=True) @@ -74,7 +73,7 @@ class User(db.Model, UserMixin, RightMixin): @staticmethod def _fields_base_write(): - return {'login', 'password', 'email'} + return {'login', 'password'} @staticmethod def _fields_base_read(): diff --git a/src/web/templates/admin/create_user.html b/src/web/templates/admin/create_user.html index 5afa22b2..40aad468 100644 --- a/src/web/templates/admin/create_user.html +++ b/src/web/templates/admin/create_user.html @@ -12,9 +12,6 @@ {{ form.nickname.label }} {{ form.nickname(class_="form-control") }} {% for error in form.nickname.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} - {{ form.email.label }} - {{ form.email(class_="form-control") }} {% for error in form.email.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} - {{ form.password.label }} {{ form.password(class_="form-control") }} {% for error in form.password.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} diff --git a/src/web/templates/admin/dashboard.html b/src/web/templates/admin/dashboard.html index 19c67b8e..a710e1be 100644 --- a/src/web/templates/admin/dashboard.html +++ b/src/web/templates/admin/dashboard.html @@ -10,7 +10,6 @@ <tr> <th>#</th> <th>{{ _('Nickname') }}</th> - <th>{{ _('Email') }}</th> <th>{{ _('Member since') }}</th> <th>{{ _('Last seen') }}</th> <th>{{ _('Actions') }}</th> @@ -28,7 +27,6 @@ {% endif %} {% if user.id == current_user.id %} (It's you!){% endif %} </td> - <td><a href="mailto:{{ user.email }}">{{ user.email }}</a></td> <td class="date">{{ user.date_created | datetime }}</td> <td class="date">{{ user.last_seen | datetime }}</td> <td> diff --git a/src/web/templates/login.html b/src/web/templates/login.html index 4bbb28f9..d2724ac3 100644 --- a/src/web/templates/login.html +++ b/src/web/templates/login.html @@ -7,9 +7,9 @@ {{ form.hidden_tag() }} <div class="form-group"> - {{ form.email_or_nickmane(class_="form-control", placeholder=_('Your email or nickname')) }} + {{ form.nickmane(class_="form-control", placeholder=_('Your nickname')) }} </div> - {% for message in form.email_or_nickmane.errors %} + {% for message in form.nickmane.errors %} <div class="alert alert-warning" role="alert">{{ message }}</div> {% endfor %} @@ -24,7 +24,5 @@ </form> </div> <a href="/signup" class="btn btn-default">{{ _('Sign up') }}</a> - - <a href="{{ url_for('user.recover') }}" class="btn btn-default">{{ _('Forgot password') }}</a> </div><!-- /.container --> {% endblock %} diff --git a/src/web/templates/opml.xml b/src/web/templates/opml.xml index 5f65329e..3862772d 100644 --- a/src/web/templates/opml.xml +++ b/src/web/templates/opml.xml @@ -6,7 +6,6 @@ <dateCreated>{{ now | datetime }}</dateCreated> <dateModified>{{ now | datetime }}</dateModified> <ownerName>{{ user.nickname }}</ownerName> - <ownerEmail>{{ user.email }}</ownerEmail> </head> <body> {% for feed in user.feeds %} <outline title="{{ feed.title|escape }}" text="{{ feed.title|escape }}" description="{{ feed.description|escape }}" {% if feed.category_id != None %}category="/{{ categories[feed.category_id].name }}"{% endif %} xmlUrl="{{ feed.link|escape }}" htmlUrl="{{ feed.site_link|escape }}" /> diff --git a/src/web/templates/profile.html b/src/web/templates/profile.html index 58d907ef..523e7c3c 100644 --- a/src/web/templates/profile.html +++ b/src/web/templates/profile.html @@ -22,9 +22,6 @@ {{ form.nickname.label }} {{ form.nickname(class_="form-control") }} {% for error in form.nickname.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} - {{ form.email.label }} - {{ form.email(class_="form-control") }} {% for error in form.email.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} - {{ form.password.label }} {{ form.password(class_="form-control") }} {% for error in form.password.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %} diff --git a/src/web/views/admin.py b/src/web/views/admin.py index c9aa0977..07c4f974 100644 --- a/src/web/views/admin.py +++ b/src/web/views/admin.py @@ -61,7 +61,6 @@ def process_user_form(user_id=None): # Edit a user user_contr.update({'id': user_id}, {'nickname': form.nickname.data, - 'email': form.email.data, 'password': form.password.data, 'automatic_crawling': form.automatic_crawling.data}) user = user_contr.get(id=user_id) @@ -70,7 +69,6 @@ def process_user_form(user_id=None): else: # Create a new user (by the admin) user = user_contr.create(nickname=form.nickname.data, - email=form.email.data, pwdhash=generate_password_hash(form.password.data), automatic_crawling=form.automatic_crawling.data, is_admin=False, diff --git a/src/web/views/user.py b/src/web/views/user.py index 6890b0e4..fdcde238 100644 --- a/src/web/views/user.py +++ b/src/web/views/user.py @@ -60,9 +60,9 @@ def management(): flash(gettext('File not allowed.'), 'danger') else: try: - nb = import_opml(current_user.email, data.read()) + nb = import_opml(current_user.nickname, data.read()) if conf.CRAWLING_METHOD == "classic": - misc_utils.fetch(current_user.email, None) + misc_utils.fetch(current_user.id, None) flash(str(nb) + ' ' + gettext('feeds imported.'), "success") flash(gettext("Downloading articles..."), 'info') @@ -76,7 +76,7 @@ def management(): flash(gettext('File not allowed.'), 'danger') else: try: - nb = import_json(current_user.email, data.read()) + nb = import_json(current_user.nickname, data.read()) flash(gettext('Account imported.'), "success") except: flash(gettext("Impossible to import the account."), @@ -112,7 +112,6 @@ def profile(): try: user_contr.update({'id': current_user.id}, {'nickname': form.nickname.data, - 'email': form.email.data, 'password': form.password.data, 'automatic_crawling': form.automatic_crawling.data, 'is_public_profile': form.is_public_profile.data, @@ -151,11 +150,11 @@ def confirm_account(token=None): Confirm the account of a user. """ user_contr = UserController() - user, email = None, None + user, nickname = None, None if token != "": - email = confirm_token(token) - if email: - user = user_contr.read(email=email).first() + nickname = confirm_token(token) + if nickname: + user = user_contr.read(nickname=nickname).first() if user is not None: user_contr.update({'id': user.id}, {'is_active': True}) flash(gettext('Your account has been confirmed.'), 'success') @@ -164,34 +163,34 @@ def confirm_account(token=None): return redirect(url_for('login')) -@user_bp.route('/recover', methods=['GET', 'POST']) -def recover(): - """ - Enables the user to recover its account when he has forgotten - its password. - """ - form = RecoverPasswordForm() - user_contr = UserController() - - if request.method == 'POST': - if form.validate(): - user = user_contr.get(email=form.email.data) - characters = string.ascii_letters + string.digits - password = "".join(random.choice(characters) - for x in range(random.randint(8, 16))) - user.set_password(password) - user_contr.update({'id': user.id}, {'password': password}) - - # Send the confirmation email - try: - notifications.new_password_notification(user, password) - flash(gettext('New password sent to your address.'), 'success') - except Exception as error: - flash(gettext('Problem while sending your new password: ' - '%(error)s', error=error), 'danger') - - return redirect(url_for('login')) - return render_template('recover.html', form=form) - - if request.method == 'GET': - return render_template('recover.html', form=form) +# @user_bp.route('/recover', methods=['GET', 'POST']) +# def recover(): +# """ +# Enables the user to recover its account when he has forgotten +# its password. +# """ +# form = RecoverPasswordForm() +# user_contr = UserController() +# +# if request.method == 'POST': +# if form.validate(): +# user = user_contr.get(email=form.email.data) +# characters = string.ascii_letters + string.digits +# password = "".join(random.choice(characters) +# for x in range(random.randint(8, 16))) +# user.set_password(password) +# user_contr.update({'id': user.id}, {'password': password}) +# +# # Send the confirmation email +# try: +# notifications.new_password_notification(user, password) +# flash(gettext('New password sent to your address.'), 'success') +# except Exception as error: +# flash(gettext('Problem while sending your new password: ' +# '%(error)s', error=error), 'danger') +# +# return redirect(url_for('login')) +# return render_template('recover.html', form=form) +# +# if request.method == 'GET': +# return render_template('recover.html', form=form) |