From c0390bb98ac2c38af3c76056169ca22f516206ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 18 Apr 2024 10:26:56 +0200
Subject: [PATCH] Don't let users change their "profile", send them to Noggin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 devel/ansible/roles/dev/files/development.ini |  1 -
 tahrir/__init__.py                            |  1 -
 tahrir/templates/user.mak                     |  2 +-
 tahrir/templates/user_edit.mak                | 52 ----------------
 tahrir/views.py                               | 61 ++-----------------
 5 files changed, 5 insertions(+), 112 deletions(-)
 delete mode 100644 tahrir/templates/user_edit.mak

diff --git a/devel/ansible/roles/dev/files/development.ini b/devel/ansible/roles/dev/files/development.ini
index 8aad4e77..4ed081a6 100644
--- a/devel/ansible/roles/dev/files/development.ini
+++ b/devel/ansible/roles/dev/files/development.ini
@@ -74,7 +74,6 @@ tahrir.pngs.uri = %(here)s/fedora-badges/pngs
 tahrir.base_url = http://localhost:8000
 tahrir.secure_cookies = False
 tahrir.httponly_cookies = False
-tahrir.allow_changenick = True
 tahrir.use_fedmsg = True
 tahrir.default_issuer = fedora-project
 tahrir.openbadges_modal = True
diff --git a/tahrir/__init__.py b/tahrir/__init__.py
index 03cad673..34eb84c6 100644
--- a/tahrir/__init__.py
+++ b/tahrir/__init__.py
@@ -142,7 +142,6 @@ def get_db(request):
     config.add_route("rank_json", "/leaderboard/{id}/json")
     config.add_route("tags", "/tags/{tags}/{match}")
     config.add_route("user", "/user/{id}")
-    config.add_route("user_edit", "/user/{id}/edit")
     config.add_route("user_json", "/user/{id}/json")
     config.add_route("user_rss", "/user/{id}/rss")
     config.add_route("user_team_json", "/user/{id}/team/{team_id}/json")
diff --git a/tahrir/templates/user.mak b/tahrir/templates/user.mak
index 3bb681c2..394fe9d0 100644
--- a/tahrir/templates/user.mak
+++ b/tahrir/templates/user.mak
@@ -113,7 +113,7 @@
                type="submit"
                value="Manage Notifications" />
           </form>
-          <form method="GET" action="${request.route_url('user_edit', id=user.nickname or user.id)}">
+          <form method="GET" action="https://accounts.fedoraproject.org/user/${user.nickname}/settings/profile/">
             <input
                class="pretty-submit"
                style="height: 50px; width: 100%;"
diff --git a/tahrir/templates/user_edit.mak b/tahrir/templates/user_edit.mak
deleted file mode 100644
index 9e3a199f..00000000
--- a/tahrir/templates/user_edit.mak
+++ /dev/null
@@ -1,52 +0,0 @@
-<%inherit file="master.mak"/>
-<div class="page">
-	<div class="grid-50">
-		<div class="shadow">
-		<h1 class="section-header">User Details</h1>
-		<div class="padded-content">
-
-		<p><strong>Email:</strong> ${user.email}</p>
-		<p><strong>Nickname:</strong> ${user.nickname}</p>
-		<p><strong>Website:</strong> ${user.website}</p>
-		<p><strong>Bio:</strong> ${user.bio}</p>
-
-		</div> <!-- End padded content. -->
-		</div> <!-- End shadow. -->
-	</div>
-
-	<div class="grid-50">
-		<div class="shadow">
-		<h1 class="section-header">Edit Details</h1>
-		<div class="padded-content">
-
-			<p>Fields left blank will not be updated.</p>
-
-			<form method="POST">
-				<input type="hidden" name="csrf_token" value="${request.session.get_csrf_token()}"/>
-				% if allow_changenick:
-				<input name="new-nickname"
-					   placeholder="New nickname"
-					   type="text"
-					   style="width: 100%;" />
-        % endif
-				<input name="new-website"
-					   placeholder="New website"
-					   type="url"
-					   style="width: 100%;" />
-				<input name="new-bio"
-					   placeholder="New bio"
-					   type="text"
-					   maxlength=139
-					   style="width: 100%;" />
-				<input class="pretty-submit"
-					   style="height: 50px; width:100%"
-					   name="edit-profile"
-					   type="submit"
-					   value="Update Profile" />
-			</form>
-
-		</div> <!-- End padded content. -->
-		</div> <!-- End shadow. -->
-	</div>
-
-	<div class="clear spacer"></div>
diff --git a/tahrir/views.py b/tahrir/views.py
index 843b1541..785693ed 100644
--- a/tahrir/views.py
+++ b/tahrir/views.py
@@ -20,10 +20,7 @@
     HTTPNotFound,
 )
 from pyramid.response import Response
-from pyramid.settings import asbool
-from pyramid.view import (
-    view_config,
-)
+from pyramid.view import view_config
 from tahrir_api.utils import convert_name_to_id
 
 from tahrir.utils import generate_badge_yaml
@@ -1034,7 +1031,9 @@ def user(request):
         if request.authenticated_userid != user.email:
             raise HTTPForbidden("Unauthorized")
 
-        person = request.db.get_all_persons().filter_by(email=request.authenticated_userid).one()
+        person = request.db.get_person(person_email=request.authenticated_userid)
+        if person is None:
+            raise HTTPNotFound(f"Person with email {request.authenticated_userid} not found")
 
         if request.POST.get("deactivate-account"):
             person.opt_out = True
@@ -1059,58 +1058,6 @@ def user(request):
     return user_info
 
 
-@view_config(route_name="user_edit", renderer="user_edit.mak")
-def user_edit(request):
-    """Render user edit page."""
-
-    # Grab a boolean out of the config
-    settings = request.registry.settings
-    allow_changenick = asbool(settings.get("tahrir.allow_changenick", True))
-
-    # Get awarded assertions.
-    if request.authenticated_userid:
-        awarded_assertions = request.db.get_assertions_by_email(request.authenticated_userid)
-    else:
-        awarded_assertions = None
-
-    user = _get_user(request, request.matchdict.get("id"))
-
-    if request.POST:
-
-        token = request.session.get_csrf_token()
-        if token != request.POST["csrf_token"]:
-            raise HTTPForbidden("CSRF token did not match")
-
-        # Authz check
-        if request.authenticated_userid != user.email:
-            raise HTTPForbidden("Unauthorized")
-
-        person = request.db.get_all_persons().filter_by(email=request.authenticated_userid).one()
-
-        # if this remains None, we don't have to go to a new URL
-        new_nick = None
-        if request.POST.get("edit-profile"):
-            if request.POST.get("new-nickname") and allow_changenick:
-                new_nick = request.POST.get("new-nickname")
-                person.nickname = new_nick
-
-            if request.POST.get("new-website"):
-                person.website = request.POST.get("new-website")
-
-            if request.POST.get("new-bio"):
-                person.bio = request.POST.get("new-bio")
-
-        user_id = new_nick or person.nickname or person.id
-        return HTTPFound(location=request.route_url("user", id=user_id))
-
-    return dict(
-        user=user,
-        auth_principals=request.effective_principals,
-        awarded_assertions=awarded_assertions,
-        allow_changenick=allow_changenick,
-    )
-
-
 def _user_json_generator(request, user):
     """Generates a json of user data"""
     user_info = _get_user_badge_info(request, user)