From aaa24afdbfc532a583f9364d42f1832cca61157a Mon Sep 17 00:00:00 2001 From: kmpm Date: Wed, 11 Nov 2020 17:04:58 +0100 Subject: [PATCH] feat: editable user with more fields Closes #3 among other things --- website/models.py | 2 ++ website/oauth2.py | 11 ++++++++++- website/routes.py | 25 ++++++++++++++++++++++++- website/templates/edit_user.html | 29 +++++++++++++++++++++++++++++ website/templates/home.html | 2 +- 5 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 website/templates/edit_user.html diff --git a/website/models.py b/website/models.py index 1623f16..f40313c 100644 --- a/website/models.py +++ b/website/models.py @@ -11,6 +11,8 @@ class User(db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(40), unique=True) + name = db.Column(db.String(50), nullable=True, default='') + email = db.Column(db.String(120), nullable=True, default='') def __str__(self): return self.username diff --git a/website/oauth2.py b/website/oauth2.py index 955360c..5adb178 100644 --- a/website/oauth2.py +++ b/website/oauth2.py @@ -34,7 +34,16 @@ def exists_nonce(nonce, req): def generate_user_info(user, scope): - return UserInfo(sub=str(user.id), name=user.username) + claims = scope.split(' ') + extra = dict() + for claim in claims: + if hasattr(user, claim): + extra[claim] = getattr(user, claim) + if claim=='preferred_username' and hasattr(user, 'username'): + extra[claim] = getattr(user, 'username') + if not 'name' in extra: + extra['name'] = user.username + return UserInfo(sub=str(user.id), preferred_username=user.username, **extra) def create_authorization_code(client, grant_user, request): diff --git a/website/routes.py b/website/routes.py index 1bd9e29..8b3a45b 100644 --- a/website/routes.py +++ b/website/routes.py @@ -5,7 +5,7 @@ from authlib.integrations.flask_oauth2 import current_token from authlib.oauth2 import OAuth2Error from .models import db, User, OAuth2Client -from .oauth2 import authorization, require_oauth +from .oauth2 import authorization, require_oauth, generate_user_info bp = Blueprint(__name__, 'home') @@ -40,6 +40,22 @@ def home(): def split_by_crlf(s): return [v for v in s.splitlines() if v] +@bp.route('/edit_user', methods=('GET', 'POST')) +def edit_user(): + user = current_user() + if not user: + return redirect('/') + + if request.method == 'GET': + return render_template('edit_user.html', user=user) + + form = request.form + user.name = form['name'] + user.email = form['email'] + + db.session.commit() + return redirect('/') + @bp.route('/create_client', methods=('GET', 'POST')) def create_client(): @@ -97,6 +113,13 @@ def issue_token(): return authorization.create_token_response() +@bp.route('/oauth/userinfo') +@require_oauth('profile') +def userinfo(): + user = current_token.user + return jsonify(generate_user_info(current_token.user, current_token.scope)) + + @bp.route('/api/me') @require_oauth('profile') def api_me(): diff --git a/website/templates/edit_user.html b/website/templates/edit_user.html new file mode 100644 index 0000000..e39fe36 --- /dev/null +++ b/website/templates/edit_user.html @@ -0,0 +1,29 @@ + + +Home +

Edit User

+ +
+ + + + + + + +
\ No newline at end of file diff --git a/website/templates/home.html b/website/templates/home.html index 0b2580d..a665fdf 100644 --- a/website/templates/home.html +++ b/website/templates/home.html @@ -1,6 +1,6 @@ {% if user %} -
Logged in as {{user}}
+
Logged in as {{user}}
{% for client in clients %}