Merge branch 'main' of https://github.com/Promptly-Technologies-LLC/fastapi-jinja2-postgres-webapp

chriscarrollsmith · chriscarrollsmith · commit 84662735dd54 · 2024-11-17T16:39:20.000Z
diff --git a/routers/authentication.py b/routers/authentication.py
@@ -241,7 +241,6 @@ async def forgot_password(
     db_user = session.exec(select(User).where(
         User.email == user.email)).first()
 
-    # TODO: Handle this in background task so we don't leak information via timing attacks
     if db_user:
         background_tasks.add_task(send_reset_email, user.email, session)
 
diff --git a/routers/user.py b/routers/user.py
@@ -1,3 +1,80 @@
-from fastapi import APIRouter
+from fastapi import APIRouter, Depends, HTTPException, Form
+from fastapi.responses import RedirectResponse
+from pydantic import BaseModel, EmailStr
+from sqlmodel import Session
+from utils.db import User
+from utils.auth import get_session, get_authenticated_user, verify_password
 
 router = APIRouter(prefix="/user", tags=["user"])
+
+
+# -- Server Request and Response Models --
+
+
+class UserProfile(BaseModel):
+    name: str
+    email: EmailStr
+    avatar_url: str
+
+    @classmethod
+    async def as_form(
+        cls,
+        name: str = Form(...),
+        email: EmailStr = Form(...),
+        avatar_url: str = Form(...),
+    ):
+        return cls(name=name, email=email, avatar_url=avatar_url)
+
+
+class UserDeleteAccount(BaseModel):
+    confirm_delete_password: str
+
+    @classmethod
+    async def as_form(
+        cls,
+        confirm_delete_password: str = Form(...),
+    ):
+        return cls(confirm_delete_password=confirm_delete_password)
+
+
+# -- Routes --
+
+
+@router.get("/profile", response_class=RedirectResponse)
+async def view_profile(
+    current_user: User = Depends(get_authenticated_user)
+):
+    # Render the profile page with the current user's data
+    return {"user": current_user}
+
+
+@router.post("/edit_profile", response_class=RedirectResponse)
+async def edit_profile(
+    name: str = Form(...),
+    email: str = Form(...),
+    avatar_url: str = Form(...),
+    current_user: User = Depends(get_authenticated_user),
+    session: Session = Depends(get_session)
+):
+    # Update user details
+    current_user.name = name
+    current_user.email = email
+    current_user.avatar_url = avatar_url
+    session.commit()
+    session.refresh(current_user)
+    return RedirectResponse(url="/profile", status_code=303)
+
+
+@router.post("/delete_account", response_class=RedirectResponse)
+async def delete_account(
+    confirm_delete_password: str = Form(...),
+    current_user: User = Depends(get_authenticated_user),
+    session: Session = Depends(get_session)
+):
+    if not verify_password(confirm_delete_password, current_user.hashed_password):
+        raise HTTPException(status_code=400, detail="Password is incorrect")
+
+    # Mark the user as deleted
+    current_user.deleted = True
+    session.commit()
+    return RedirectResponse(url="/", status_code=303)
diff --git a/templates/components/header.html b/templates/components/header.html
@@ -23,7 +23,9 @@
                 {% if user %}
                 <li class="nav-item dropdown">
                     <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false">
-                        {{ render_silhouette() }}
+                        <button class="profile-button btn p-0 border-0 bg-transparent">
+                            {{ render_silhouette() }}
+                        </button>
                     </a>
                     <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="navbarDropdown">
                         <li><a class="dropdown-item" href="{{ url_for('read_profile') }}">Profile</a></li>
diff --git a/templates/components/silhouette.html b/templates/components/silhouette.html
@@ -1,9 +1,7 @@
 {% macro render_silhouette(width=30, height=30, classes="d-inline-block align-top") %}
-<button class="profile-button btn p-0 border-0 bg-transparent">
     <svg width="{{ width }}" height="{{ height }}" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" class="{{ classes }}">
         <circle cx="12" cy="12" r="12" fill="#E0E0E0"/>
         <path d="M12 12C14.2091 12 16 10.2091 16 8C16 5.79086 14.2091 4 12 4C9.79086 4 8 5.79086 8 8C8 10.2091 9.79086 12 12 12Z" fill="#BDBDBD"/>
         <path d="M4 20C4 16.6863 7.58172 14 12 14C16.4183 14 20 16.6863 20 20H4Z" fill="#BDBDBD"/>
     </svg>
-</button>
 {% endmacro %}
diff --git a/templates/index.html b/templates/index.html
@@ -44,8 +44,8 @@ <h5 class="card-title">PostgreSQL</h5>
 
     <div class="row">
         <div class="col-md-6 offset-md-3 text-center">
-            <a href="{{ url_for('read_register') }}" class="btn btn-primary btn-lg mx-3">Sign Up</a>
-            <a href="{{ url_for('read_login') }}" class="btn btn-outline-secondary btn-lg">Log In</a>
+            <a href="{{ url_for('read_register') }}" class="btn btn-primary btn-lg mx-3 mb-3">Sign Up</a>
+            <a href="{{ url_for('read_login') }}" class="btn btn-outline-secondary btn-lg mb-3">Log In</a>
         </div>
     </div>
 </div>
diff --git a/templates/users/change_password.html b/templates/users/change_password.html
diff --git a/templates/users/edit_profile.html b/templates/users/edit_profile.html
diff --git a/templates/users/profile.html b/templates/users/profile.html
@@ -1,5 +1,103 @@
 {% extends "base.html" %}
+{% from 'components/silhouette.html' import render_silhouette %}
+
+{% block title %}Profile{% endblock %}
 
 {% block content %}
-<p>Welcome, {{ user.name }}!</p>
+<div class="container mt-5">
+    <h1 class="mb-4">User Profile</h1>
+    
+    <!-- Basic Information -->
+    <div class="card mb-4" id="basic-info">
+        <div class="card-header">
+            Basic Information
+        </div>
+        <div class="card-body">
+            <p><strong>Name:</strong> {{ user.name }}</p>
+            <p><strong>Email:</strong> {{ user.email }}</p>
+            <!-- Display user avatar or silhouette if no avatar is available -->
+            <div class="mb-3">
+                {% if user.avatar_url %}
+                    <img src="{{ user.avatar_url }}" alt="User Avatar" class="img-thumbnail" width="150">
+                {% else %}
+                    {{ render_silhouette(width=150, height=150) }}
+                {% endif %}
+            </div>
+            <!-- Edit button placed below the image -->
+            <button class="btn btn-primary mt-3" onclick="toggleEditProfile()">Edit</button>
+        </div>
+    </div>
+
+    <!-- Edit Profile -->
+    <div class="card mb-4" id="edit-profile" style="display: none;">
+        <div class="card-header">
+            Edit Profile
+        </div>
+        <div class="card-body">
+            <form action="{{ url_for('edit_profile') }}" method="post">
+                <div class="mb-3">
+                    <label for="name" class="form-label">Name</label>
+                    <input type="text" class="form-control" id="name" name="name" value="{{ user.name }}">
+                </div>
+                <div class="mb-3">
+                    <label for="email" class="form-label">Email</label>
+                    <input type="email" class="form-control" id="email" name="email" value="{{ user.email }}">
+                </div>
+                <div class="mb-3">
+                    <label for="avatar_url" class="form-label">Avatar URL</label>
+                    <input type="url" class="form-control" id="avatar_url" name="avatar_url" value="{{ user.avatar_url }}">
+                </div>
+                <button type="submit" class="btn btn-primary">Save Changes</button>
+            </form>
+        </div>
+    </div>
+
+    <!-- Change Password -->
+    <div class="card mb-4">
+        <div class="card-header">
+            Change Password
+        </div>
+        <div class="card-body">
+            <!-- Trigger password reset via email confirmation -->
+            <form action="{{ url_for('forgot_password') }}" method="post">
+                <input type="hidden" name="email" value="{{ user.email }}">
+                <p>To change your password, please confirm your email. A password reset link will be sent to your email address.</p>
+                <button type="submit" class="btn btn-primary">Send Password Reset Email</button>
+            </form>
+        </div>
+    </div>
+
+    <!-- Delete Account -->
+    <div class="card mb-4">
+        <div class="card-header">
+            Delete Account
+        </div>
+        <div class="card-body">
+            <form action="{{ url_for('delete_account') }}" method="post">
+                <p class="text-danger">This action cannot be undone. Please confirm your password to delete your account.</p>
+                <div class="mb-3">
+                    <label for="confirm_delete_password" class="form-label">Password</label>
+                    <input type="password" class="form-control" id="confirm_delete_password" name="confirm_delete_password">
+                </div>
+                <button type="submit" class="btn btn-danger">Delete Account</button>
+            </form>
+        </div>
+    </div>
+</div>
+
+<script>
+    // Function to toggle visibility of Basic Information and Edit Profile sections
+    function toggleEditProfile() {
+        var basicInfo = document.getElementById('basic-info');
+        var editProfile = document.getElementById('edit-profile');
+        
+        if (basicInfo.style.display === 'none') {
+            basicInfo.style.display = 'block';
+            editProfile.style.display = 'none';
+        } else {
+            basicInfo.style.display = 'none';
+            editProfile.style.display = 'block';
+        }
+    }
+</script>
 {% endblock %}
