From e9ef0d139122a880bc6332decc26c41ceb027206 Mon Sep 17 00:00:00 2001
From: Stephan Porada <sporada@uni-bielefeld.de>
Date: Wed, 30 Oct 2019 15:16:37 +0100
Subject: [PATCH] Add new profile forms and views (error prone)

---
 app/profile/forms.py                |  4 +-
 app/profile/views.py                | 75 ++++++++++++++++++-----------
 app/templates/profile/index.html.j2 | 16 +++---
 3 files changed, 57 insertions(+), 38 deletions(-)

diff --git a/app/profile/forms.py b/app/profile/forms.py
index 93fe5d30..6bf4e996 100644
--- a/app/profile/forms.py
+++ b/app/profile/forms.py
@@ -1,7 +1,7 @@
 from flask_wtf import FlaskForm
 from wtforms import (PasswordField, StringField, SubmitField,
                      ValidationError, BooleanField)
-from wtforms.validators import DataRequired, EqualTo, Length
+from wtforms.validators import DataRequired, EqualTo, Length, Email
 from ..models import User
 import logging
 
@@ -26,7 +26,7 @@ class ChangePasswordForm(FlaskForm):
 
 class EditProfileForm(FlaskForm):
     email = StringField('Change Email',
-                        validators=[Length(0, 254), DataRequired()])
+                        validators=[Email(), DataRequired()])
     submit = SubmitField('Change Email')
 
     def __init__(self, user, *args, **kwargs):
diff --git a/app/profile/views.py b/app/profile/views.py
index f65666e9..a7832681 100644
--- a/app/profile/views.py
+++ b/app/profile/views.py
@@ -1,5 +1,5 @@
 from app.utils import background_delete_user
-from flask import current_app, flash, redirect, render_template, url_for
+from flask import abort, current_app, flash, redirect, render_template, url_for
 from flask_login import current_user, login_required, logout_user
 from . import profile
 from .forms import ChangePasswordForm, EditProfileForm, EditUserSettingsForm
@@ -16,44 +16,63 @@ def index():
     """
     View where loged in User can change own User information like Password etc.
     """
-    change_password_form = ChangePasswordForm()
-    if change_password_form.validate_on_submit():
-        if current_user.verify_password(change_password_form.old_password.data):
-            current_user.password = change_password_form.new_password.data
-            db.session.add(current_user)
-            db.session.commit()
-            flash('Your password has been updated.')
-            return redirect(url_for('profile.index'))
-        else:
-            flash('Invalid password.')
+    edit_user_info_form = EditProfileForm(user=current_user)
+    edit_user_info_form.email.data = current_user.email
+    return render_template('profile/index.html.j2',
+                           change_password_form=ChangePasswordForm(),
+                           edit_user_info_form=edit_user_info_form,
+                           edit_user_settings_form=EditUserSettingsForm(),
+                           title='Profile')
 
-    change_profile_form = EditProfileForm(user=current_user)
-    if change_profile_form.validate_on_submit():
-        current_user.email = change_profile_form.email.data
-        db.session.add(current_user._get_current_object())
-        db.session.commit()
-        flash('Your email has been updated.')
-    change_profile_form.email.data = current_user.email
 
-    edit_user_settings_form = EditUserSettingsForm()
-    if edit_user_settings_form.validate_on_submit():
-        current_user.is_dark = edit_user_settings_form.is_dark.data
-        logger.warning('Form data: {}'.format(current_user.is_dark))
+@profile.route('/change_password', methods=['POST'])
+@login_required
+def profile_change_password():
+    change_password_form = ChangePasswordForm()
+    if not change_password_form.validate_on_submit():
+        abort(400)
+    if current_user.verify_password(change_password_form.old_password.data):
+        current_user.password = change_password_form.new_password.data
         db.session.add(current_user)
         db.session.commit()
+        flash('Your password has been updated.')
+    else:
+        flash('Invalid password.')
+    return redirect(url_for('profile.index'))
 
-    return render_template('profile/index.html.j2',
-                           change_password_form=change_password_form,
-                           change_profile_form=change_profile_form,
-                           edit_user_settings_form=edit_user_settings_form,
-                           title='Profile')
+
+@profile.route('/edit_user_info', methods=['POST'])
+@login_required
+def profile_edit_user_info():
+    edit_user_info_form = EditProfileForm(user=current_user)
+    if not edit_user_info_form.validate_on_submit():
+        abort(400)
+    current_user.email = edit_user_info_form.email.data
+    db.session.add(current_user._get_current_object())
+    db.session.commit()
+    flash('Your email has been updated.')
+    edit_user_info_form.email.data = current_user.email
+    return redirect(url_for('profile.index'))
+
+
+@profile.route('/edit_user_settings', methods=['POST'])
+@login_required
+def profile_edit_user_settings():
+    edit_user_settings_form = EditUserSettingsForm()
+    if not edit_user_settings_form.validate_on_submit():
+        abort(400)
+    current_user.is_dark = edit_user_settings_form.is_dark.data
+    logger.warning('Form data: {}'.format(current_user.is_dark))
+    db.session.add(current_user)
+    db.session.commit()
+    return redirect(url_for('profile.index'))
 
 
 @profile.route('/delete_self', methods=['GET', 'POST'])
 @login_required
 def delete_self():
     """
-    Vie to delete yourslef and all associated data.
+    View to delete yourslef and all associated data.
     """
     delete_thread = threading.Thread(
         target=background_delete_user,
diff --git a/app/templates/profile/index.html.j2 b/app/templates/profile/index.html.j2
index 0f09b4ca..e022e293 100644
--- a/app/templates/profile/index.html.j2
+++ b/app/templates/profile/index.html.j2
@@ -8,7 +8,7 @@
 <div class="col s12 m8">
   <div class="card">
     <div class="card-content">
-      <form method="POST">
+      <form action="{{ url_for('profile.profile_edit_user_settings') }}" method="POST">
         {{ edit_user_settings_form.hidden_tag() }}
         <div class="switch">
           <i class="material-icons prefix">brightness_3</i>
@@ -38,7 +38,7 @@
 </div>
 <div class="col s12 m8">
   <div class="card">
-    <form method="POST">
+    <form action="{{ url_for('profile.profile_change_password') }}" method="POST">
       <div class="card-content">
         {{ change_password_form.hidden_tag() }}
         <div class="input-field ">
@@ -79,20 +79,20 @@
 </div>
 <div class="col s12 m8">
   <div class="card">
-    <form method="POST">
+    <form action="{{ url_for('profile.profile_edit_user_info')}}" method="POST">
       <div class="card-content">
-        {{ change_profile_form.hidden_tag() }}
+        {{ edit_user_info_form.hidden_tag() }}
         <div class="input-field">
           <i class="material-icons prefix">mail</i>
-          {{ change_profile_form.email() }}
-          {{ change_profile_form.email.label }}
-          {% for error in change_profile_form.email.errors %}
+          {{ edit_user_info_form.email() }}
+          {{ edit_user_info_form.email.label }}
+          {% for error in edit_user_info_form.email.errors %}
             <span class="helper-text red-text">{{ error }}</span>
           {% endfor %}
         </div>
       </div>
       <div class="card-action right-align">
-        {{ change_profile_form.submit(class='btn') }}
+        {{ edit_user_info_form.submit(class='btn') }}
       </div>
     </form>
   </div>
-- 
GitLab