Updated profile page #233
Updated profile page #233
Conversation
|
One issue with the removal of external IDs we saw the other day - because twitter auth doesn't return email address, if someone deleted twitter extid, there doesn't seem to be any way to add it again. Twitter auth right now asks for email address after login. Which wont work for an existing account. We need to add a "add external ID" button on profile page and link to currently logged in account when the user comes back from twitter login. |
|
That should be in this PR: buttons for all login services should be included in an "add external id" section. |
|
The buttons can link to the existing |
|
Account merger reversal is discussed in #230. It'll become high priority once we include the option of adding external services as people will start accidentally merging accounts. |
lastuser_oauth/views/account.py
Outdated
| # XXX: What if, the user is logged in and the "first" email address | ||
| # returned by the external ID belongs to another user account in our DB? | ||
| # In that case, current_auth.user != useremail.user | ||
| # https://github.com/hasgeek/lastuser/blob/profile_page/lastuser_oauth/providers/github.py#L70 |
There was a problem hiding this comment.
@jace need your comment for this part.
lastuser_oauth/views/account.py
Outdated
| # This is possible when user is adding an external ID from the profile page. | ||
| # useremail can be None if the "first" email of the external ID doesn't match | ||
| # any useremail record. | ||
| user = current_auth.user |
There was a problem hiding this comment.
This else clause is unnecessary. We already handle this.
There was a problem hiding this comment.
@jace this only works if the email address of the external ID is already in the db and connected to the currently logged in user. But if the external ID returns a completely new email address, it crashes because there is no useremail record for it.
There was a problem hiding this comment.
Don't make any changes here. Changes should be in login_service_postcallback, which calls this function.
lastuser_core/models/user.py
Outdated
| @@ -171,6 +171,14 @@ def add_email(self, email, primary=False, type=None, private=False): | |||
| self.primary_email = useremail | |||
| return useremail | |||
|
|
|||
| def make_email_primary(self, email): | |||
There was a problem hiding this comment.
This method doesn't need to exist. self.primary_email is already safe to assign to. Always load the UserEmail object first if you don't have it.
lastuser_core/utils.py
Outdated
| return email | ||
| username, domain = email.split('@') | ||
| masked_username = username.replace(username[1:], '*' * 4) | ||
| masked_domain = domain.replace(domain[1:], '*' * 4) |
There was a problem hiding this comment.
return '%s****@%s****' % (username[0], domain[0])
lastuser_oauth/views/account.py
Outdated
| # This is possible when user is adding an external ID from the profile page. | ||
| # useremail can be None if the "first" email of the external ID doesn't match | ||
| # any useremail record. | ||
| user = current_auth.user |
There was a problem hiding this comment.
Don't make any changes here. Changes should be in login_service_postcallback, which calls this function.
lastuser_oauth/views/login.py
Outdated
| @@ -58,7 +59,7 @@ def login(): | |||
| return set_loginmethod_cookie(render_redirect(get_next_url(session=True), code=303), | |||
| 'password') | |||
| except LoginPasswordResetException: | |||
| return render_redirect(url_for('.reset', expired=1, username=loginform.username.data)) | |||
| return render_redirect(url_for('.reset', nopasswd=1, username=loginform.username.data)) | |||
There was a problem hiding this comment.
Let's change this to not pass status in request.args, but as a flash message.
lastuser_oauth/views/login.py
Outdated
| @@ -172,6 +173,9 @@ def reset(): | |||
| if getbool(request.args.get('expired')): | |||
| message = _(u"Your password has expired. Please enter your username " | |||
| "or email address to request a reset code and set a new password") | |||
| elif getbool(request.args.get('nopasswd')): | |||
| message = _(u"Your account does not have a password set. Please enter your username " | |||
| "or email address to request a reset code and set a new password") | |||
There was a problem hiding this comment.
Remove this and just depend on the flash message. Remove the expired check as well unless there's an email that goes out when a password expires (can't use flash messages there).
|
|
|
The |
Updated profile page design, with added option to
Also touched upon #189 and #190.