From 623e49870608ba3344d3f391901e56285617277e Mon Sep 17 00:00:00 2001
From: "B. Stack" <bgstack15@gmail.com>
Date: Sat, 17 Jun 2023 21:13:43 -0400
Subject: disallow ext-auth user to change nickname

---
 newspipe/templates/profile.html | 2 +-
 newspipe/web/forms.py           | 5 +++--
 newspipe/web/views/user.py      | 6 +++++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/newspipe/templates/profile.html b/newspipe/templates/profile.html
index 68ecab11..f5ae6992 100644
--- a/newspipe/templates/profile.html
+++ b/newspipe/templates/profile.html
@@ -21,7 +21,7 @@
 
                     <div class="col">
                         {{ form.nickname.label }}
-                        {{ form.nickname(class_="form-control") }} {% for error in form.nickname.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %}
+                        {% if nick_disabled %}{{ form.nickname(class_="form-control", disabled=True) }}{% else %}{{ form.nickname(class_="form-control") }}{% endif %} {% for error in form.nickname.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %}
 
                         {% if not user.external_auth %}{{ form.password.label }}
                         {{ form.password(class_="form-control") }} {% for error in form.password.errors %} <span style="color: red;">{{ error }}<br /></span>{% endfor %}
diff --git a/newspipe/web/forms.py b/newspipe/web/forms.py
index 7a245b94..0f6200f8 100644
--- a/newspipe/web/forms.py
+++ b/newspipe/web/forms.py
@@ -239,7 +239,8 @@ class ProfileForm(FlaskForm):
 
     nickname = TextField(
         lazy_gettext("Nickname"),
-        [validators.Required(lazy_gettext("Please enter your nickname."))],
+        #[validators.Required(lazy_gettext("Please enter your nickname."))],
+        [validators.Optional()],
     )
     password = PasswordField(lazy_gettext("Password"))
     password_conf = PasswordField(lazy_gettext("Password"))
@@ -264,7 +265,7 @@ class ProfileForm(FlaskForm):
                 )
                 self.password.errors.append(message)
                 validated = False
-        if self.nickname.data != User.make_valid_nickname(self.nickname.data):
+        if self.nickname.data and (self.nickname.data != User.make_valid_nickname(self.nickname.data)):
             self.nickname.errors.append(
                 lazy_gettext(
                     "This nickname has "
diff --git a/newspipe/web/views/user.py b/newspipe/web/views/user.py
index b8d01967..7bb6e6b1 100644
--- a/newspipe/web/views/user.py
+++ b/newspipe/web/views/user.py
@@ -9,6 +9,7 @@ from flask_login import current_user
 from flask_login import login_required
 from flask_paginate import get_page_args
 from flask_paginate import Pagination
+from werkzeug.exceptions import BadRequest
 
 from newspipe.bootstrap import application
 from newspipe.controllers import ArticleController
@@ -165,6 +166,9 @@ def profile():
     if request.method == "POST":
         if form.validate():
             try:
+                # for external user, just force the exact same username.
+                if user.external_auth or not form.nickname.data:
+                    form.nickname.data = user.nickname
                 user_contr.update(
                     {"id": current_user.id},
                     {
@@ -195,7 +199,7 @@ def profile():
 
     if request.method == "GET":
         form = ProfileForm(obj=user)
-        return render_template("profile.html", user=user, form=form)
+        return render_template("profile.html", user=user, form=form, nick_disabled=bool(user.external_auth))
 
 
 @user_bp.route("/delete_account", methods=["GET"])
-- 
cgit