From 623e49870608ba3344d3f391901e56285617277e Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Sat, 17 Jun 2023 21:13:43 -0400 Subject: disallow ext-auth user to change nickname --- newspipe/templates/profile.html | 2 +- newspipe/web/forms.py | 5 +++-- newspipe/web/views/user.py | 6 +++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/newspipe/templates/profile.html b/newspipe/templates/profile.html index 68ecab11..f5ae6992 100644 --- a/newspipe/templates/profile.html +++ b/newspipe/templates/profile.html @@ -21,7 +21,7 @@
{{ form.nickname.label }} - {{ form.nickname(class_="form-control") }} {% for error in form.nickname.errors %} {{ error }}
{% endfor %} + {% if nick_disabled %}{{ form.nickname(class_="form-control", disabled=True) }}{% else %}{{ form.nickname(class_="form-control") }}{% endif %} {% for error in form.nickname.errors %} {{ error }}
{% endfor %} {% if not user.external_auth %}{{ form.password.label }} {{ form.password(class_="form-control") }} {% for error in form.password.errors %} {{ error }}
{% endfor %} diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py index 7a245b94..0f6200f8 100644 --- a/newspipe/web/forms.py +++ b/newspipe/web/forms.py @@ -239,7 +239,8 @@ class ProfileForm(FlaskForm): nickname = TextField( lazy_gettext("Nickname"), - [validators.Required(lazy_gettext("Please enter your nickname."))], + #[validators.Required(lazy_gettext("Please enter your nickname."))], + [validators.Optional()], ) password = PasswordField(lazy_gettext("Password")) password_conf = PasswordField(lazy_gettext("Password")) @@ -264,7 +265,7 @@ class ProfileForm(FlaskForm): ) self.password.errors.append(message) validated = False - if self.nickname.data != User.make_valid_nickname(self.nickname.data): + if self.nickname.data and (self.nickname.data != User.make_valid_nickname(self.nickname.data)): self.nickname.errors.append( lazy_gettext( "This nickname has " diff --git a/newspipe/web/views/user.py b/newspipe/web/views/user.py index b8d01967..7bb6e6b1 100644 --- a/newspipe/web/views/user.py +++ b/newspipe/web/views/user.py @@ -9,6 +9,7 @@ from flask_login import current_user from flask_login import login_required from flask_paginate import get_page_args from flask_paginate import Pagination +from werkzeug.exceptions import BadRequest from newspipe.bootstrap import application from newspipe.controllers import ArticleController @@ -165,6 +166,9 @@ def profile(): if request.method == "POST": if form.validate(): try: + # for external user, just force the exact same username. + if user.external_auth or not form.nickname.data: + form.nickname.data = user.nickname user_contr.update( {"id": current_user.id}, { @@ -195,7 +199,7 @@ def profile(): if request.method == "GET": form = ProfileForm(obj=user) - return render_template("profile.html", user=user, form=form) + return render_template("profile.html", user=user, form=form, nick_disabled=bool(user.external_auth)) @user_bp.route("/delete_account", methods=["GET"]) -- cgit