From 735802d88e79cb0dec05b6d73a54b0a72a4e4477 Mon Sep 17 00:00:00 2001
From: Patrick Jentsch <p.jentsch@uni-bielefeld.de>
Date: Fri, 12 Jul 2019 17:23:11 +0200
Subject: [PATCH] Remove options to change username and email.

---
 app/auth/forms.py | 62 ++++++++++++++++++++++++++---------------------
 app/auth/views.py | 34 ++++++++++++--------------
 app/main/views.py |  7 +++++-
 3 files changed, 56 insertions(+), 47 deletions(-)

diff --git a/app/auth/forms.py b/app/auth/forms.py
index 576c4b00..841dfc5f 100644
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -1,6 +1,6 @@
 from flask_wtf import FlaskForm
 from wtforms import StringField, PasswordField, BooleanField, SubmitField
-from wtforms.validators import DataRequired, Length, Email, Regexp, EqualTo, Optional
+from wtforms.validators import DataRequired, Length, Email, Regexp, EqualTo
 from wtforms import ValidationError
 from ..models import User
 
@@ -13,8 +13,7 @@ class LoginForm(FlaskForm):
 
 
 class RegistrationForm(FlaskForm):
-    email = StringField('Email', validators=[DataRequired(), Length(1, 64),
-                                             Email()])
+    email = StringField('Email', validators=[DataRequired(), Email()])
     username = StringField('Username', validators=[
         DataRequired(), Length(1, 64),
         Regexp('^[A-Za-z][A-Za-z0-9_.]*$', 0,
@@ -35,39 +34,46 @@ class RegistrationForm(FlaskForm):
 
 
 class PasswordResetForm(FlaskForm):
-    password = PasswordField('New Password', validators=[
-        DataRequired(), EqualTo('password2', message='Passwords must match')])
-    password2 = PasswordField('Confirm password', validators=[DataRequired()])
+    password = PasswordField(
+        'New Password',
+        validators=[
+            DataRequired(),
+            EqualTo('password2', message='Passwords must match')
+        ]
+    )
+    password2 = PasswordField(
+        'Confirm password',
+        validators=[
+            DataRequired(),
+            EqualTo('password', message='Passwords must match.')
+        ]
+    )
     submit = SubmitField('Reset Password')
 
 
 class PasswordResetRequestForm(FlaskForm):
-    email = StringField('Email', validators=[DataRequired(), Length(1, 64),
-                                             Email()])
+    email = StringField('Email', validators=[DataRequired(), Email()])
     submit = SubmitField('Reset Password')
 
 
-class ChangeAccountForm(FlaskForm):
+class ChangePasswordForm(FlaskForm):
     """
     Form to change information of currently logged in User. User can change
     informations about him on his own.
     """
-    email = StringField('Email', validators=[Optional(), Length(1, 64),
-                                             Email()])
-    username = StringField('Username', validators=[
-        Optional(), Length(1, 64),
-        Regexp('^[A-Za-z][A-Za-z0-9_.]*$', 0,
-               'Usernames must have only letters, numbers, dots or '
-               'underscores')])
-    password = PasswordField('Password', validators=[
-        Optional(), EqualTo('password2', message='Passwords must match.')])
-    password2 = PasswordField('Confirm password', validators=[Optional()])
-    submit = SubmitField('Submit')
-
-    def validate_email(self, field):
-        if User.query.filter_by(email=field.data.lower()).first():
-            raise ValidationError('Email already registered.')
-
-    def validate_username(self, field):
-        if User.query.filter_by(username=field.data).first():
-            raise ValidationError('Username already in use.')
+    old_password = PasswordField('Old password', validators=[DataRequired()])
+    new_password = PasswordField(
+        'New password',
+        validators=[
+            DataRequired(),
+            EqualTo('new_password2', message='Passwords must match.')
+        ]
+    )
+    new_password2 = PasswordField(
+        'Confirm new password',
+        validators=[
+            DataRequired(),
+            EqualTo('new_password', message='Passwords must match.')
+        ]
+    )
+    submit = SubmitField('Update Password')
diff --git a/app/auth/views.py b/app/auth/views.py
index c8154cd4..0e8859a9 100644
--- a/app/auth/views.py
+++ b/app/auth/views.py
@@ -2,7 +2,7 @@ from flask import flash, redirect, render_template, request, url_for
 from flask_login import current_user, login_required, login_user, logout_user
 from . import auth
 from .. import db
-from .forms import ChangeAccountForm, LoginForm, PasswordResetForm, PasswordResetRequestForm, RegistrationForm
+from .forms import ChangePasswordForm, LoginForm, PasswordResetForm, PasswordResetRequestForm, RegistrationForm
 from ..email import send_email
 from ..models import User
 
@@ -20,7 +20,7 @@ def login():
             if next is None or not next.startswith('/'):
                 next = url_for('main.index')
             return redirect(next)
-        flash('<span class="red-text">Invalid username or password.</span>')
+        flash('Invalid username or password.')
     return render_template('auth/login.html.j2', form=form, title='Log in')
 
 
@@ -135,20 +135,18 @@ def settings():
     """
     View where loged in User can change own User information like Password etc.
     """
-    form = ChangeAccountForm()
-    if form.validate_on_submit():
-        flash('It is just a test, nothing changed.')
-        if form.username.data:
-            current_user.username = form.username.data
+    change_password_form = ChangePasswordForm()
+    if change_password_form.validate_on_submit():
+        if current_user.verify_password(change_password_form.old_password.data):
+            current_user.password = change_password_form.new_password.data
             db.session.add(current_user)
-        if form.email.data:
-            current_user.email = form.email.data
-            current_user.confirmed = False
-            db.session.add(current_user)
-            resend_confirmation()
-        if form.password.data:
-            current_user.password = form.password.data
-        db.session.commit()
-        return redirect(url_for('auth.settings'))
-    return render_template('auth/settings.html.j2', form=form,
-                           title='Settings')
+            db.session.commit()
+            flash('Your password has been updated.')
+            return redirect(url_for('auth.settings'))
+        else:
+            flash('Invalid password.')
+    return render_template(
+        'auth/settings.html.j2',
+        form=change_password_form,
+        title='Settings'
+    )
diff --git a/app/main/views.py b/app/main/views.py
index 64d36be4..2f7fce7a 100644
--- a/app/main/views.py
+++ b/app/main/views.py
@@ -11,6 +11,11 @@ def index():
     return render_template('main/index.html.j2', title='Portal')
 
 
+@main.route('/about')
+def about():
+    return render_template('main/about.html.j2', title='About')
+
+
 @main.route('/admin')
 @login_required
 @admin_required
@@ -21,5 +26,5 @@ def for_admins_only():
     users = User.query.order_by(User.username).all()
     items = [AdminUserItem(u.username, u.email, u.role_id, u.confirmed) for u in users]
     table = AdminUserTable(items)
-    return render_template('main/admin.html.j2', title='Administration Tools',
+    return render_template('main/admin.html.j2', title='Administration tools',
                            table=table.__html__())