diff --git a/src/coriplus/__init__.py b/src/coriplus/__init__.py index 98b4d85..9543c60 100644 --- a/src/coriplus/__init__.py +++ b/src/coriplus/__init__.py @@ -24,7 +24,7 @@ from flask_wtf import CSRFProtect import dotenv import logging -__version__ = '0.10.0-dev44' +__version__ = '0.10.0-dev45' # we want to support Python 3.10+ only. # Python 2 has too many caveats. diff --git a/src/coriplus/admin.py b/src/coriplus/admin.py index a78cf1b..d8c8fb0 100644 --- a/src/coriplus/admin.py +++ b/src/coriplus/admin.py @@ -13,17 +13,16 @@ from functools import wraps bp = Blueprint('admin', __name__, url_prefix='/admin') -def _check_auth(username, password) -> bool: +def _check_auth(username) -> bool: try: - return User.select().where((User.username == username) & (User.password == pwdhash(password)) & (User.is_admin) - ).exists() + return User.get((User.username == username)).is_admin except User.DoesNotExist: return False def admin_required(f): @wraps(f) def wrapped_view(**kwargs): - if not _check_auth(current_user.username, current_user.password): + if not _check_auth(current_user.username): abort(403) return f(**kwargs) return wrapped_view diff --git a/src/coriplus/static/style.css b/src/coriplus/static/style.css index c238285..cb05c09 100644 --- a/src/coriplus/static/style.css +++ b/src/coriplus/static/style.css @@ -2,6 +2,9 @@ --accent: #f0372e; --link: #3399ff; } +* { + box-sizing: border-box; +} body, button, input, select, textarea { font-family: Inter, Roboto, sans-serif; line-height: 1.6; @@ -38,13 +41,13 @@ a:hover{text-decoration:underline} #site-name {text-align: center;flex: 1} .header h1{margin:0;display:inline-block} .flash{background-color:#ff9;border:yellow 1px solid} -.infobox{padding:12px;border:#ccc 1px solid} -@media (min-width:640px) { - .infobox{float:right;width:320px} +.infobox{width: 50%; float: right;} +@media (max-width:639px) { + .infobox{width: 100%;} } .weak{opacity:.5} .field_desc{display:block} -ul.timeline{padding:0;margin:auto;max-width:960px} +ul.timeline{padding:0;margin:auto;max-width:960px;clear: both} ul.timeline > li{list-style:none;} .message-visual img{max-width:100%;margin:auto} .message-options-showhide::before{content:'\2026'} diff --git a/src/coriplus/templates/includes/infobox_profile.html b/src/coriplus/templates/includes/infobox_profile.html index 2cec0b7..d1b1494 100644 --- a/src/coriplus/templates/includes/infobox_profile.html +++ b/src/coriplus/templates/includes/infobox_profile.html @@ -1,27 +1,15 @@ {% set profile = user.profile %} -
+

{{ profile.full_name }}

{{ profile.biography|enrich }}

{% if profile.location %}

Location: {{ profile.location|locationdata }}

{% endif %} - {% if profile.year %} -

Year: {{ profile.year }}

- {% endif %} {% if profile.website %} {% set website = profile.website %} {% set website = website if website.startswith(('http://', 'https://')) else 'http://' + website %}

Website: {{ profile.website|urlize }}

{% endif %} - {% if profile.instagram %} -

Instagram: {{ profile.instagram }}

- {% endif %} - {% if profile.facebook %} -

Facebook: {{ profile.facebook }}

- {% endif %} - {% if profile.telegram %} -

Telegram: {{ profile.telegram }}

- {% endif %}

{{ user.messages|count }} messages - @@ -30,6 +18,6 @@ {{ user.following()|count }} following

{% if user == current_user %} -

{{ inline_svg('edit', 18) }} Edit profile

+

{{ inline_svg('edit') }} Edit profile

{% endif %}
diff --git a/src/coriplus/utils.py b/src/coriplus/utils.py index 7a98d5b..1db7414 100644 --- a/src/coriplus/utils.py +++ b/src/coriplus/utils.py @@ -3,6 +3,8 @@ A list of utilities used across modules. ''' import datetime, re, base64, hashlib, string, sys, json + +from flask_login import current_user from .models import User, Message, Notification, MSGPRV_PUBLIC, MSGPRV_UNLISTED, \ MSGPRV_FRIENDS, MSGPRV_ONLYME from flask import abort, render_template, request, session @@ -102,15 +104,14 @@ except OSError: # get the user from the session # changed in 0.5 to comply with flask_login +# DEPRECATED in 0.10; use current_user instead def get_current_user(): # new in 0.7; need a different method to get current user id if request.path.startswith('/api/'): # assume token validation is already done return User[request.args['access_token'].split(':')[0]] - else: - user_id = session.get('user_id') - if user_id: - return User[user_id] + elif current_user.is_authenticated: + return current_user def push_notification(type, target, **kwargs): try: diff --git a/src/coriplus/website.py b/src/coriplus/website.py index df43b86..9612c66 100644 --- a/src/coriplus/website.py +++ b/src/coriplus/website.py @@ -7,7 +7,7 @@ from .models import * from . import __version__ as app_version from sys import version as python_version from flask import Blueprint, abort, flash, redirect, render_template, request, url_for, __version__ as flask_version -from flask_login import login_required, login_user, logout_user +from flask_login import current_user, login_required, login_user, logout_user import json import logging @@ -17,7 +17,7 @@ bp = Blueprint('website', __name__) @bp.route('/') def homepage(): - if get_current_user(): + if current_user and current_user.is_authenticated: return private_timeline() else: return render_template('homepage.html') @@ -26,7 +26,7 @@ def private_timeline(): # the private timeline (aka feed) exemplifies the use of a subquery -- we are asking for # messages where the person who created the message is someone the current # user is following. these messages are then ordered newest-first. - user = get_current_user() + user = current_user messages = Visibility(Message .select() .where((Message.user << user.following()) @@ -83,6 +83,9 @@ def register(): @bp.route('/login/', methods=['GET', 'POST']) def login(): + if current_user and current_user.is_authenticated: + flash('You are already logged in') + return redirect(request.args.get('next', '/')) if request.method == 'POST' and request.form['username']: try: username = request.form['username']