From b7e9914246f706769b002a7febf1e82d20bbb7bf Mon Sep 17 00:00:00 2001
From: spl0k <alban.feron@gmail.com>
Date: Wed, 22 Nov 2017 22:39:54 +0100
Subject: [PATCH] Web UI: split GET and POST handlers

---
 supysonic/frontend/user.py       | 166 ++++++++++++++++++-------------
 supysonic/templates/profile.html |  10 +-
 supysonic/templates/users.html   |   2 +-
 3 files changed, 104 insertions(+), 74 deletions(-)

diff --git a/supysonic/frontend/user.py b/supysonic/frontend/user.py
index 0660b68..552e1e4 100644
--- a/supysonic/frontend/user.py
+++ b/supysonic/frontend/user.py
@@ -76,37 +76,43 @@ def update_clients(uid):
     flash('Clients preferences updated.')
     return user_profile(uid)
 
-@app.route('/user/<uid>/changeusername', methods = [ 'GET', 'POST' ])
+@app.route('/user/<uid>/changeusername')
 @admin_only
-def change_username(uid):
+def change_username_form(uid):
     code, user = UserManager.get(store, uid)
     if code != UserManager.SUCCESS:
         return redirect(url_for('index'))
 
-    if request.method == 'POST':
-        username = request.form.get('user')
-        if username in ('', None):
-            flash('The username is required')
-            return render_template('change_username.html', user = user)
-        if request.form.get('admin') is None:
-            admin = False
-        else:
-            admin = True
-
-        if user.name != username or user.admin != admin:
-            user.name = username
-            user.admin = admin
-            store.commit()
-            flash("User '%s' updated." % username)
-            return redirect(url_for('user_profile', uid = uid))
-        else:
-            flash("No changes for '%s'." % username)
-            return redirect(url_for('user_profile', uid = uid))
-
     return render_template('change_username.html', user = user)
 
-@app.route('/user/<uid>/changemail', methods = [ 'GET', 'POST' ])
-def change_mail(uid):
+@app.route('/user/<uid>/changeusername', methods = [ 'POST' ])
+@admin_only
+def change_username_post(uid):
+    code, user = UserManager.get(store, uid)
+    if code != UserManager.SUCCESS:
+        return redirect(url_for('index'))
+
+    username = request.form.get('user')
+    if username in ('', None):
+        flash('The username is required')
+        return render_template('change_username.html', user = user)
+    if request.form.get('admin') is None:
+        admin = False
+    else:
+        admin = True
+
+    if user.name != username or user.admin != admin:
+        user.name = username
+        user.admin = admin
+        store.commit()
+        flash("User '%s' updated." % username)
+    else:
+        flash("No changes for '%s'." % username)
+
+    return redirect(url_for('user_profile', uid = uid))
+
+@app.route('/user/<uid>/changemail')
+def change_mail_form(uid):
     if uid == 'me':
         user = request.user
     elif not request.user.admin:
@@ -116,17 +122,10 @@ def change_mail(uid):
         if code != UserManager.SUCCESS:
             return redirect(url_for('index'))
 
-    if request.method == 'POST':
-        mail = request.form.get('mail')
-        # No validation, lol.
-        user.mail = mail
-        store.commit()
-        return redirect(url_for('user_profile', uid = uid))
-
     return render_template('change_mail.html', user = user)
 
-@app.route('/user/<uid>/changepass', methods = [ 'GET', 'POST' ])
-def change_password(uid):
+@app.route('/user/<uid>/changemail', methods = [ 'POST' ])
+def change_mail_post(uid):
     if uid == 'me':
         user = request.user
     elif not request.user.admin:
@@ -136,49 +135,80 @@ def change_password(uid):
         if code != UserManager.SUCCESS:
             return redirect(url_for('index'))
 
-    if request.method == 'POST':
-        error = False
-        if uid == 'me' or uid == str(request.user.id):
-            current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
-            if current in ('', None):
-                flash('The current password is required')
-                error = True
-        else:
-            new, confirm = map(request.form.get, [ 'new', 'confirm' ])
+    mail = request.form.get('mail')
+    # No validation, lol.
+    user.mail = mail
+    store.commit()
+    return redirect(url_for('user_profile', uid = uid))
 
-        if new in ('', None):
-            flash('The new password is required')
-            error = True
-        if new != confirm:
-            flash("The new password and its confirmation don't match")
-            error = True
-
-        if not error:
-            if uid == 'me' or uid == str(request.user.id):
-                status = UserManager.change_password(store, user.id, current, new)
-            else:
-                status = UserManager.change_password2(store, user.name, new)
-
-            if status != UserManager.SUCCESS:
-                flash(UserManager.error_str(status))
-            else:
-                flash('Password changed')
-                return redirect(url_for('user_profile', uid = uid))
+@app.route('/user/<uid>/changepass')
+def change_password_form(uid):
+    if uid == 'me':
+        user = request.user
+    elif not request.user.admin:
+        return redirect(url_for('index'))
+    else:
+        code, user = UserManager.get(store, uid)
+        if code != UserManager.SUCCESS:
+            return redirect(url_for('index'))
 
     return render_template('change_pass.html', user = user)
 
-@app.route('/user/add', methods = [ 'GET', 'POST' ])
-@admin_only
-def add_user():
-    if request.method == 'GET':
-        return render_template('adduser.html')
+@app.route('/user/<uid>/changepass', methods = [ 'POST' ])
+def change_password_post(uid):
+    if uid == 'me':
+        user = request.user
+    elif not request.user.admin:
+        return redirect(url_for('index'))
+    else:
+        code, user = UserManager.get(store, uid)
+        if code != UserManager.SUCCESS:
+            return redirect(url_for('index'))
 
+    error = False
+    if user.id == request.user.id:
+        current = request.form.get('current')
+        if not current:
+            flash('The current password is required')
+            error = True
+
+    new, confirm = map(request.form.get, [ 'new', 'confirm' ])
+
+    if not new:
+        flash('The new password is required')
+        error = True
+    if new != confirm:
+        flash("The new password and its confirmation don't match")
+        error = True
+
+    if not error:
+        if user.id == request.user.id:
+            status = UserManager.change_password(store, user.id, current, new)
+        else:
+            status = UserManager.change_password2(store, user.name, new)
+
+        if status != UserManager.SUCCESS:
+            flash(UserManager.error_str(status))
+        else:
+            flash('Password changed')
+            return redirect(url_for('user_profile', uid = uid))
+
+    return change_password_form(uid)
+
+@app.route('/user/add')
+@admin_only
+def add_user_form():
+    return render_template('adduser.html')
+
+@app.route('/user/add', methods = [ 'POST' ])
+@admin_only
+def add_user_post():
     error = False
     (name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
-    if name in (None, ''):
+    if not name:
         flash('The name is required.')
         error = True
-    if passwd in (None, ''):
+    if not passwd:
         flash('Please provide a password.')
         error = True
     elif passwd != passwd_confirm:
@@ -198,7 +228,7 @@ def add_user():
         else:
             flash(UserManager.error_str(status))
 
-    return render_template('adduser.html')
+    return add_user_form()
 
 @app.route('/user/del/<uid>')
 @admin_only
diff --git a/supysonic/templates/profile.html b/supysonic/templates/profile.html
index 1bde28d..39c8aeb 100644
--- a/supysonic/templates/profile.html
+++ b/supysonic/templates/profile.html
@@ -39,9 +39,9 @@
           <input type="text" class="form-control" id="email" placeholder="{{ user.mail }}" readonly>
           <div class="input-group-btn">
             {% if request.user.id == user.id %}
-            <a href="{{ url_for('change_mail', uid = 'me') }}" class="btn btn-default">Change eMail</a>
+            <a href="{{ url_for('change_mail_form', uid = 'me') }}" class="btn btn-default">Change eMail</a>
             {% else %}
-            <a href="{{ url_for('change_mail', uid = user.id) }}" class="btn btn-default">Change eMail</a>
+            <a href="{{ url_for('change_mail_form', uid = user.id) }}" class="btn btn-default">Change eMail</a>
             {% endif %}
           </div>
         </div>
@@ -83,10 +83,10 @@
   </div>
 </div>
 {% if request.user.id == user.id %}
-<a href="{{ url_for('change_password', uid = 'me') }}" class="btn btn-default">Change password</a></li>
+<a href="{{ url_for('change_password_form', uid = 'me') }}" class="btn btn-default">Change password</a></li>
 {% else %}
-<a href="{{ url_for('change_username', uid = user.id) }}" class="btn btn-default">Change username or admin status</a></li>
-<a href="{{ url_for('change_password', uid = user.id) }}" class="btn btn-default">Change password</a></li>
+<a href="{{ url_for('change_username_form', uid = user.id) }}" class="btn btn-default">Change username or admin status</a></li>
+<a href="{{ url_for('change_password_form', uid = user.id) }}" class="btn btn-default">Change password</a></li>
 {% endif %}
 {% if clients.count() %}
 <div class="page-header">
diff --git a/supysonic/templates/users.html b/supysonic/templates/users.html
index f5400c3..6005569 100644
--- a/supysonic/templates/users.html
+++ b/supysonic/templates/users.html
@@ -32,7 +32,7 @@
   </tbody>
 </table>
 <div class="btn-toolbar" role="toolbar">
-  <a href="{{ url_for('add_user') }}" class="btn btn-default">Add</a>
+  <a href="{{ url_for('add_user_form') }}" class="btn btn-default">Add</a>
   <a href="{{ url_for('export_users') }}" class="btn btn-default">Export</a>
   <a href="{{ url_for('import_users') }}" class="btn btn-default">Import</a>
 </div>