Don't let users change their "profile", send them to Noggin

Signed-off-by: Aurélien Bompard <[email protected]>
fedora-infra · Apr 18, 2024 · c0390bb · c0390bb
1 parent ae5c520
commit c0390bb
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 112 deletions.
diff --git a/devel/ansible/roles/dev/files/development.ini b/devel/ansible/roles/dev/files/development.ini
@@ -74,7 +74,6 @@ tahrir.pngs.uri = %(here)s/fedora-badges/pngs
 tahrir.base_url = http://localhost:8000
 tahrir.secure_cookies = False
 tahrir.httponly_cookies = False
-tahrir.allow_changenick = True
 tahrir.use_fedmsg = True
 tahrir.default_issuer = fedora-project
 tahrir.openbadges_modal = True

diff --git a/tahrir/__init__.py b/tahrir/__init__.py
@@ -142,7 +142,6 @@ def get_db(request):
     config.add_route("rank_json", "/leaderboard/{id}/json")
     config.add_route("tags", "/tags/{tags}/{match}")
     config.add_route("user", "/user/{id}")
-    config.add_route("user_edit", "/user/{id}/edit")
     config.add_route("user_json", "/user/{id}/json")
     config.add_route("user_rss", "/user/{id}/rss")
     config.add_route("user_team_json", "/user/{id}/team/{team_id}/json")

diff --git a/tahrir/templates/user.mak b/tahrir/templates/user.mak
@@ -113,7 +113,7 @@
                type="submit"
                value="Manage Notifications" />
           </form>
-          <form method="GET" action="${request.route_url('user_edit', id=user.nickname or user.id)}">
+          <form method="GET" action="https://accounts.fedoraproject.org/user/${user.nickname}/settings/profile/">
             <input
                class="pretty-submit"
                style="height: 50px; width: 100%;"

diff --git a/tahrir/templates/user_edit.mak b/tahrir/templates/user_edit.mak
diff --git a/tahrir/views.py b/tahrir/views.py
@@ -20,10 +20,7 @@
     HTTPNotFound,
 )
 from pyramid.response import Response
-from pyramid.settings import asbool
-from pyramid.view import (
-    view_config,
-)
+from pyramid.view import view_config
 from tahrir_api.utils import convert_name_to_id
 
 from tahrir.utils import generate_badge_yaml
@@ -1034,7 +1031,9 @@ def user(request):
         if request.authenticated_userid != user.email:
             raise HTTPForbidden("Unauthorized")
 
-        person = request.db.get_all_persons().filter_by(email=request.authenticated_userid).one()
+        person = request.db.get_person(person_email=request.authenticated_userid)
+        if person is None:
+            raise HTTPNotFound(f"Person with email {request.authenticated_userid} not found")
 
         if request.POST.get("deactivate-account"):
             person.opt_out = True
@@ -1059,58 +1058,6 @@ def user(request):
     return user_info
 
 
-@view_config(route_name="user_edit", renderer="user_edit.mak")
-def user_edit(request):
-    """Render user edit page."""
-
-    # Grab a boolean out of the config
-    settings = request.registry.settings
-    allow_changenick = asbool(settings.get("tahrir.allow_changenick", True))
-
-    # Get awarded assertions.
-    if request.authenticated_userid:
-        awarded_assertions = request.db.get_assertions_by_email(request.authenticated_userid)
-    else:
-        awarded_assertions = None
-
-    user = _get_user(request, request.matchdict.get("id"))
-
-    if request.POST:
-
-        token = request.session.get_csrf_token()
-        if token != request.POST["csrf_token"]:
-            raise HTTPForbidden("CSRF token did not match")
-
-        # Authz check
-        if request.authenticated_userid != user.email:
-            raise HTTPForbidden("Unauthorized")
-
-        person = request.db.get_all_persons().filter_by(email=request.authenticated_userid).one()
-
-        # if this remains None, we don't have to go to a new URL
-        new_nick = None
-        if request.POST.get("edit-profile"):
-            if request.POST.get("new-nickname") and allow_changenick:
-                new_nick = request.POST.get("new-nickname")
-                person.nickname = new_nick
-
-            if request.POST.get("new-website"):
-                person.website = request.POST.get("new-website")
-
-            if request.POST.get("new-bio"):
-                person.bio = request.POST.get("new-bio")
-
-        user_id = new_nick or person.nickname or person.id
-        return HTTPFound(location=request.route_url("user", id=user_id))
-
-    return dict(
-        user=user,
-        auth_principals=request.effective_principals,
-        awarded_assertions=awarded_assertions,
-        allow_changenick=allow_changenick,
-    )
-
-
 def _user_json_generator(request, user):
     """Generates a json of user data"""
     user_info = _get_user_badge_info(request, user)