globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

profile edition: redirect after form submission to avoid double submissions

Browse source
This commit is contained in:
Éloi Rivard 2022-11-16 18:19:24 +01:00
parent 32a626ee4b
commit c7df0cca32
3 changed files with 16 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
canaille/account.py
View file

@ -497,6 +497,7 @@ def profile_edit(editor, username):
flash(_("Profile updated successfuly."), "success")
user.save()
return redirect(url_for("account.profile_edition", username=username))
return render_template(
"profile.html",

18
canaille/templates/profile.html
View file

@ -186,15 +186,9 @@
<div class="ui message warning visible">
{% if has_smtp and edited_user.can_edit_self %}
{% if request.method == "POST" and request.form.action == "password-initialization-mail" %}
<button type="submit" name="action" value="password-initialization-mail" class="ui right floated button">
{% trans %}Send again{% endtrans %}
</button>
{% else %}
<button type="submit" name="action" value="password-initialization-mail" class="ui right floated primary button">
{% trans %}Send email{% endtrans %}
</button>
{% endif %}
<button type="submit" name="action" value="password-initialization-mail" class="ui right floated primary button">
{% trans %}Send email{% endtrans %}
</button>
{% endif %}
<div class="header">
{% trans %}This user does not have a password yet{% endtrans %}
@ -215,11 +209,7 @@
<div class="ui message info">
<button type="submit" name="action" value="password-reset-mail" class="ui right floated button">
{% if request.method == "POST" and request.form.action == "password-reset-mail" %}
{% trans %}Send again{% endtrans %}
{% else %}
{% trans %}Send mail{% endtrans %}
{% endif %}
{% trans %}Send mail{% endtrans %}
</button>
<div class="header">
{% trans %}Password reset{% endtrans %}

26
tests/test_profile.py
View file

@ -51,7 +51,7 @@ def test_edition(
"cn=bar,ou=groups,dc=mydomain,dc=tld",
]
res.form["jpegPhoto"] = Upload("logo.jpg", jpeg_photo)
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn)
@ -157,7 +157,7 @@ def test_bad_email(testclient, logged_user):
res.form["mail"] = "john@doe.com"
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert ["john@doe.com"] == logged_user.mail
@ -191,7 +191,7 @@ def test_password_change(testclient, logged_user):
res.form["password1"] = "new_password"
res.form["password2"] = "new_password"
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert logged_user.check_password("new_password")
@ -200,7 +200,7 @@ def test_password_change(testclient, logged_user):
res.form["password1"] = "correct horse battery staple"
res.form["password2"] = "correct horse battery staple"
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly" in res
assert logged_user.check_password("correct horse battery staple")
@ -269,7 +269,7 @@ def test_user_creation_edition_and_deletion(
]
# User have been edited
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
george = User.get("george")
george.load_groups()
assert "Georgio" == george.givenName[0]
@ -329,14 +329,11 @@ def test_first_login_mail_button(smtpd, testclient, slapd_connection, logged_adm
assert "This user does not have a password yet" in res
assert "Send" in res
res = res.form.submit(
name="action", value="password-initialization-mail", status=200
)
res = res.form.submit(name="action", value="password-initialization-mail").follow()
assert (
"A password initialization link has been sent at the user email address. It should be received within 10 minutes."
in res
)
assert "Send again" in res
assert len(smtpd.messages) == 1
u.reload()
@ -365,12 +362,11 @@ def test_email_reset_button(smtpd, testclient, slapd_connection, logged_admin):
assert "If the user has forgotten his password" in res, res.text
assert "Send" in res
res = res.form.submit(name="action", value="password-reset-mail", status=200)
res = res.form.submit(name="action", value="password-reset-mail").follow()
assert (
"A password reset link has been sent at the user email address. It should be received within 10 minutes."
in res
)
assert "Send again" in res
assert len(smtpd.messages) == 1
u.delete()
@ -387,7 +383,7 @@ def test_photo_edition(
res = testclient.get("/profile/user", status=200)
res.form["jpegPhoto"] = Upload("logo.jpg", jpeg_photo)
res.form["jpegPhoto_delete"] = False
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn)
@ -397,7 +393,7 @@ def test_photo_edition(
# No change
res = testclient.get("/profile/user", status=200)
res.form["jpegPhoto_delete"] = False
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn)
@ -407,7 +403,7 @@ def test_photo_edition(
# Photo deletion
res = testclient.get("/profile/user", status=200)
res.form["jpegPhoto_delete"] = True
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn)
@ -418,7 +414,7 @@ def test_photo_edition(
res = testclient.get("/profile/user", status=200)
res.form["jpegPhoto"] = Upload("logo.jpg", jpeg_photo)
res.form["jpegPhoto_delete"] = True
res = res.form.submit(name="action", value="edit", status=200)
res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn)