From 8d270d0da154d8a863401581e742de7a0eb191ed Mon Sep 17 00:00:00 2001
From: Bobby <bobbyskhs@gmail.com>
Date: Sun, 8 Jan 2023 12:55:38 -0500
Subject: Add account actions working

---
 templates/blog/account.html                        | 133 +++++++--------------
 thatcomputerscientist/settings.py                  |   1 +
 users/forms.py                                     |   1 -
 .../templates/email_change_verification_email.html |   2 +-
 users/tokens.py                                    |  11 +-
 users/urls.py                                      |   1 +
 users/views.py                                     |  55 ++++++---
 7 files changed, 89 insertions(+), 115 deletions(-)

diff --git a/templates/blog/account.html b/templates/blog/account.html
index d6d5dc85..84ae465e 100644
--- a/templates/blog/account.html
+++ b/templates/blog/account.html
@@ -59,6 +59,46 @@
                 <input type="submit" value="Update Details" class="button button-special" />
             </form>
         </div>
+        {% elif request.GET.tab == 'email' %}
+        <div id="email">
+            <p>Change your email address here. Your current registered email is <em><u>{{ user.email }}</u></em>. Please note that a verification email will be sent to the new email address in order to update the current email address. Please provide the new email address in the box below:</p>
+            <form method="post" action = "{% url 'users:sendchangeuseremail' %}">
+                {% csrf_token %}
+                <p><input type="email" name="email" id="email" required placeholder="New email address" /></p>
+                <input type="submit" value="Update Email" class="button button-special" />
+            </form>
+        </div>
+        {% elif request.GET.tab == 'password' %}
+        <div id="password">
+            <form method="post" action="{% url 'users:changepassword' %}">
+                {% csrf_token %}
+                <table>
+                    <tr>
+                        <td><label for="oldPassword"><b>Current Password: </b></label></td>
+                        <td><input type="password" name="oldPassword" id="oldPassword" placeholder="Current Password" /></td>
+                    </tr>
+                    <tr>
+                        <td><label for="newPassword"><b>New Password: </b></label></td>
+                        <td><input type="password" name="newPassword" id="newPassword" placeholder="New Password" /></td>
+                    </tr>
+                    <tr>
+                        <td><label for="confirmPassword"><b>Confirm New Password: </b></label></td>
+                        <td><input type="password" name="confirmPassword" id="confirmPassword" placeholder="Confirm New Password" /></td>
+                    </tr>
+                </table>
+                <br>
+                <input type="submit" value="Change Password" class="button button-special" />
+            </form>
+        </div>
+        {% elif request.GET.tab == 'delete' %}
+        <div id="delete">
+            <p>Deleting your account will remove all your posts, comments and other data from the website. Please note that this action is irreversible. If you wish to delete your account, please enter your password in the box below:</p>
+            <form method="post" action="{% url 'users:delete' %}">
+                {% csrf_token %}
+                <p><input type="password" name="password" id="password" required placeholder="Password" /></p>
+                <input type="submit" value="Delete Account" class="button button-special" />
+            </form>
+        </div>
         {% else %}
         <div id="help">
             <p>You can change account settings for <strong>{{ user.username }}</strong> here. If you wish to have additional support, please contact me at <a href="mailto:support@thatcomputerscientist.com?subject=[URGENT]%20Support%20Request%20for%20{{ user.username }}">support@thatcomputerscientist.com</a>. Please take care of the following points before you submit your support request:</p>
@@ -74,97 +114,4 @@
         {% endif %}
     </div>
 </div>
-
-{% comment %} 
-<div id="account-area">
-    <div id="user-details">
-        <form method="post" action="{% url 'users:update' %} ">
-            {% csrf_token %}
-            <fieldset>
-                <legend>Account Details</legend>
-                <label for="firstname">First Name</label>
-                <input type="text" name="firstname" id="firstname" value="{{ user.first_name }}" placeholder="First Name" />
-                <label for="lastname">Last Name</label>
-                <input type="text" name="lastname" id="lastname" value="{{ user.last_name }}" placeholder="Last Name" />
-                <label for="gravatarEmail">Gravatar Email</label>
-                <input type="text" name="gravatarEmail" id="gravatarEmail" value="{{ user_profile.gravatar_email }}" placeholder="Gravatar Email" />
-                <label for="location">Location</label>
-                <input type="text" name="location" id="location" value="{{ user_profile.location }}" placeholder="Location" maxlength="50"/>
-                <label for="bio">Bio</label>
-                <textarea name="bio" id="bio" placeholder="Bio">{{ user_profile.bio }}</textarea>
-                <label for="isPublic">Account Visibility</label>
-                <select name="isPublic" id="isPublic">
-                    <option value="1"{% if user_profile.is_public %} selected{% endif %}>Public</option>
-                    <option value="0"{% if not user_profile.is_public %} selected{% endif %}>Private</option>
-                </select>
-                {% if user_profile.is_public %}
-                    <label for="emailPublic">Email Visibility</label>
-                    <select name="emailPublic" id="emailPublic">
-                        <option value="1"{% if user_profile.email_public %} selected{% endif %}>Public</option>
-                        <option value="0"{% if not user_profile.email_public %} selected{% endif %}>Private</option>
-                    </select>
-                {% endif %}
-                <input type="submit" value="Update Account" />
-            </fieldset>
-        </form>
-    </div>
-</div>
-
-
-
-<div class="main">
-    <p>You can change account settings for <strong>{{ user.username }}</strong> here. If you wish to have additional support, please contact me at <a href="mailto:support@thatcomputerscientist.com?subject=[URGENT]%20Support%20Request%20for%20{{ user.username }}">support@thatcomputerscientist.com</a>. Please take care of the following points before you submit your support request:</p>
-    <ul>
-        <li>Please do not edit the subject line.</li>
-        <li>As an individual monitoring this email, I request you to refrain yourself from spamming.</li>
-        <li>Please do not include any sensitive information (like credit card numbers, passwords, etc.) in the email.</li>
-        <li>Allow me upto 48 hours to respond to your support request.</li>
-        <li>Do not send multiple support requests.</li>
-        <li>Please note that this is a support request related to your account. Please do not file any bugs here. If you have noticed a bug, please report it to the <a href="https://github.com/luciferreeves/thatcomputerscientist/issues">GitHub Issues</a> page.</li>
-    </ul>
-    {% for message in messages %}
-        <div class="alert {{message.tags}}">
-            <p>{{ message }}</p>
-        </div>
-    {% endfor %}
-    <div class="account">
-        <div class="ac-sidebar">
-            <fieldset>
-                <legend>Avatar</legend>
-                <img src="https://www.gravatar.com/avatar/{{avatar}}?s=200" alt="{{ user.username }}'s avatar" width="200" height="200"/>
-            </fieldset>
-            <form method="post" action="{% url 'users:changepassword' %}">
-                {% csrf_token %}
-                <fieldset>
-                    <legend>Change Password</legend>
-                    <label for="oldPassword">Current Password</label>
-                    <input type="password" name="oldPassword" id="oldPassword" placeholder="Current Password" />
-                    <label for="newPassword">New Password</label>
-                    <input type="password" name="newPassword" id="newPassword" placeholder="New Password" />
-                    <label for="confirmPassword">Confirm New Password</label>
-                    <input type="password" name="confirmPassword" id="confirmPassword" placeholder="Confirm New Password" />
-                    <input type="submit" value="Change Password" />
-                </fieldset>
-            </form>
-            <form method="post" onsubmit="event.preventDefault();">
-                <fieldset>
-                    <legend class="error">Delete Account</legend>
-                    <input type="submit" value="Delete Account" />
-                </fieldset>
-            </form>
-        </div>
-        <div class="ac-main">
-            
-            <form method="post" action = "{% url 'users:sendchangeuseremail' %}">
-                {% csrf_token %}
-                <fieldset>
-                    <legend>Change Email</legend>
-                    <label for="email">Your current registered email is <em><u>{{ user.email }}</u></em>. Please note that a verification email will be sent to the new email address in order to update the current email address. Please provide the new email address in the box below:</label>
-                    <input type="email" name="email" id="email" placeholder="New Email" />
-                    <input type="submit" value="Change Email" />
-                </fieldset>
-            </form>
-        </div>
-    </div>
-</div> {% endcomment %}
 {% endblock %}
diff --git a/thatcomputerscientist/settings.py b/thatcomputerscientist/settings.py
index fd231fa5..100c398b 100644
--- a/thatcomputerscientist/settings.py
+++ b/thatcomputerscientist/settings.py
@@ -33,6 +33,7 @@ ALLOWED_HOSTS = ["*"]
 CSRF_TRUSTED_ORIGINS = ['https://*.thatcomputerscientist.com', 'http://*.thatcomputerscientist.com']
 SESSION_COOKIE_DOMAIN = ".thatcomputerscientist.com"
 DOMAIN_NAME = "thatcomputerscientist.com"
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
 
 # Application definition
 
diff --git a/users/forms.py b/users/forms.py
index 5ef95543..8b02fef5 100644
--- a/users/forms.py
+++ b/users/forms.py
@@ -65,7 +65,6 @@ class RegisterForm(forms.Form):
 
         return user
 
-
 class UpdateUserDetailsForm(forms.Form):
     first_name = forms.CharField(label='First name', max_length=30, required=False, widget=forms.TextInput(attrs={'placeholder': 'First name'}))
     last_name = forms.CharField(label='Last name', max_length=30, required=False, widget=forms.TextInput(attrs={'placeholder': 'Last name'}))
diff --git a/users/templates/email_change_verification_email.html b/users/templates/email_change_verification_email.html
index d016578b..a1347fbd 100644
--- a/users/templates/email_change_verification_email.html
+++ b/users/templates/email_change_verification_email.html
@@ -2,7 +2,7 @@
 Hi {{ user }},
 
 We received a request to change you email address on {{ site_name }}. To verify and change your email address, please click the link below.
-{{ protocol }}{{ domain }}{% url 'users:changeemail' uidb64=uid token=token %}
+{{ protocol }}{{ domain }}/users/changeemail/{{ uid }}/{{ token }}.
 
 Please ignore this email if you did not make this request.
 
diff --git a/users/tokens.py b/users/tokens.py
index 77bd4e88..1e481b3e 100644
--- a/users/tokens.py
+++ b/users/tokens.py
@@ -1,4 +1,3 @@
-import cryptocode
 import os
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from dotenv import load_dotenv
@@ -17,11 +16,17 @@ class AccountActivationTokenGenerator(PasswordResetTokenGenerator):
 class EmailChangeTokenGenerator():
     def encrypt(self, email):
         auth_string = os.getenv('AUTHORIZATION_STRING')
-        return cryptocode.encrypt(email, auth_string)
+        key = auth_string.encode('utf-8')[0:16]
+        cipher = AES.new(key, AES.MODE_CFB, key)
+        return cipher.encrypt(email.encode('utf-8')).hex()
+
     
     def decrypt(self, token):
         auth_string = os.getenv('AUTHORIZATION_STRING')
-        return cryptocode.decrypt(token, auth_string)
+        key = auth_string.encode('utf-8')[0:16]
+        cipher = AES.new(key, AES.MODE_CFB, key)
+        return cipher.decrypt(bytes.fromhex(token)).decode('utf-8')
+
 
 class CaptchaTokenGenerator():
     def encrypt(self, captcha_string):
diff --git a/users/urls.py b/users/urls.py
index 1450653e..b486edb5 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -13,6 +13,7 @@ urlpatterns = [
     path('/sendchangeuseremail', views.send_change_user_email, name='sendchangeuseremail'),
     path('/changeemail/<uidb64>/<token>', views.change_email, name='changeemail'),
     path('updateavatar', views.update_avatar, name='updateavatar'),
+    path('/delete', views.delete_user, name='delete'),
 ]
 
 # Configure Admin Site
diff --git a/users/views.py b/users/views.py
index 64449f20..02f82902 100644
--- a/users/views.py
+++ b/users/views.py
@@ -55,16 +55,36 @@ def update_user(request):
             if form.is_valid():
                 form.save()
                 messages.success(request, 'Profile was successfully updated!')
-                return redirect(reverse('blog:account') + '?tab=details')
+                return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
             else:
                 messages.error(request, 'Unable to update profile! Please try again later.')
-                return redirect(reverse('blog:account') + '?tab=details')
+                return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
         else:
-            return redirect(reverse('blog:account') + '?tab=details')
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
     else:
         messages.error(request, 'You must be logged in to update your profile!')
         return redirect('blog:home')
 
+def delete_user(request):
+    user = request.user
+    if user is not None:
+        if request.method == 'POST':
+            password = request.POST['password']
+            if user.check_password(password):
+                # delete user, all comments, user profile details, and all posts
+                user.delete()
+                messages.success(request, 'Your account was successfully deleted!')
+                return redirect('blog:home')
+            else:
+                messages.error(request, 'Incorrect password!')
+                return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+        else:
+            messages.error(request, 'Unable to delete account! Please try again later.')
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+    else:
+        messages.error(request, 'You must be logged in to delete your account!')
+        return redirect('blog:home')
+
 def update_avatar(request):
     user = request.user
     if user is not None:
@@ -73,10 +93,10 @@ def update_avatar(request):
             user_profile.avatar_url = request.POST['avatar']
             user_profile.save()
             messages.success(request, 'Avatar was successfully updated!')
-            return redirect(reverse('blog:account') + '?tab=avatar')
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
         else:
             messages.error(request, 'Unable to update avatar! Please try again later.')
-            return redirect(reverse('blog:account') + '?tab=avatar')
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
     else:
         messages.error(request, 'You must be logged in to update your avatar!')
         return redirect('blog:home')
@@ -95,13 +115,13 @@ def change_password(request):
                 user.save()
                 update_session_auth_hash(request, user)
                 messages.success(request, 'Password was successfully changed!')
-                return redirect('blog:account')
+                return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
             else:
                 messages.error(request, 'The new password and confirmation password do not match!')
-                return redirect('blog:account')
+                return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
         else:
             messages.error(request, 'Old password is incorrect!')
-            return redirect('blog:account')
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
     else:
         messages.error(request, 'Unable to change password! Please try again later.')
         return redirect('blog:home')
@@ -118,8 +138,8 @@ def send_verification_email(request):
         'site_name': 'That Computer Scientist',
         'uid': urlsafe_base64_encode(force_bytes(user.pk)),
         'token': account_activation_token.make_token(user),
-        'protocol': 'https://' if request.is_secure() else 'http://',
-        'domain': get_current_site(request).domain,
+        'protocol': request.scheme + '://',
+        'domain': request.get_host(),
     })
     message = strip_tags(message)
     send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [user.email])
@@ -150,15 +170,16 @@ def send_change_user_email(request):
     user = request.user
     new_email = request.POST['email']
     if user is not None:
+        # Check if the new and the old email are the same
+        if user.email == new_email:
+            messages.error(request, 'New email is the same as the old one!')
+            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+
         # check if email is already in use
         if User.objects.filter(email=new_email).exists():
             messages.error(request, 'Email is already in use!')
             # Redirect to referrer
             return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
-        # Check if the new and the old email are the same
-        if user.email == new_email:
-            messages.error(request, 'New email is the same as the old one!')
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
         # Send verification email
         subject = 'Verify your email address'
         message = render_to_string('email_change_verification_email.html', {
@@ -166,8 +187,8 @@ def send_change_user_email(request):
             'site_name': 'That Computer Scientist',
             'uid': urlsafe_base64_encode(force_bytes(user.pk)),
             'token': EmailChangeTokenGenerator().encrypt(new_email),
-            'protocol': 'https://' if request.is_secure() else 'http://',
-            'domain': get_current_site(request).domain,
+            'protocol': request.scheme + '://',
+            'domain': request.get_host(),
         })
         message = strip_tags(message)
         send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [new_email])
@@ -188,7 +209,7 @@ def change_email(request, uidb64, token):
         user.email = new_email
         user.save()
         messages.success(request, 'Email was successfully changed!')
-        return redirect('blog:account')
+        return redirect(reverse('blog:account') + '?tab=email')
     else:
         messages.error(request, 'The verification link is invalid!')
         return redirect('blog:home')
-- 
cgit v1.2.3