From da84304778e2df6835f46bae4b7cd9f97ecf52b2 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Thu, 9 Feb 2023 14:00:38 +0300
Subject: oauth2: reorganise the endpoints.

---
 wqflask/wqflask/oauth2/checks.py            |   2 +-
 wqflask/wqflask/oauth2/toplevel.py          |  73 --------------------
 wqflask/wqflask/oauth2/users.py             | 100 ++++++++++++++++++++++++++--
 wqflask/wqflask/templates/oauth2/login.html |   4 +-
 4 files changed, 98 insertions(+), 81 deletions(-)

(limited to 'wqflask')

diff --git a/wqflask/wqflask/oauth2/checks.py b/wqflask/wqflask/oauth2/checks.py
index ccb2c3f7..e6859c4a 100644
--- a/wqflask/wqflask/oauth2/checks.py
+++ b/wqflask/wqflask/oauth2/checks.py
@@ -29,6 +29,6 @@ def require_oauth2(func):
             session.pop("user_details", None)
 
         flash("You need to be logged in.", "alert-warning")
-        return redirect(url_for("oauth2.toplevel.login", next=request.endpoint))
+        return redirect(url_for("oauth2.user.login", next=request.endpoint))
 
     return __token_valid__
diff --git a/wqflask/wqflask/oauth2/toplevel.py b/wqflask/wqflask/oauth2/toplevel.py
index 72933861..1803ef85 100644
--- a/wqflask/wqflask/oauth2/toplevel.py
+++ b/wqflask/wqflask/oauth2/toplevel.py
@@ -12,81 +12,8 @@ from .checks import require_oauth2, user_logged_in
 
 toplevel = Blueprint("toplevel", __name__)
 
-@toplevel.route("/login", methods=["GET", "POST"])
-def login():
-    """Route to allow users to sign up."""
-    next_endpoint=request.args.get("next", False)
 
-    if request.method == "POST":
-        form = request.form
-        client = oauth2_client()
-        config = app.config
-        try:
-            token = client.fetch_token(
-                urljoin(config["GN_SERVER_URL"], "oauth2/token"),
-                username=form.get("email_address"),
-                password=form.get("password"),
-                grant_type="password")
-            session["oauth2_token"] = token
-        except OAuthError as _oaerr:
-            flash(_oaerr.args[0], "alert-danger")
-            return render_template(
-                "oauth2/login.html", next_endpoint=next_endpoint,
-                email=form.get("email_address"))
 
-    if user_logged_in():
-        if next_endpoint:
-            return redirect(url_for(next_endpoint))
-        return redirect("/")
-
-    return render_template("oauth2/login.html", next_endpoint=next_endpoint)
-
-
-@toplevel.route("/logout", methods=["GET", "POST"])
-def logout():
-    if user_logged_in():
-        token = session.get("oauth2_token", False)
-        config = app.config
-        client = oauth2_client()
-        resp = client.revoke_token(urljoin(config["GN_SERVER_URL"], "oauth2/revoke"))
-        keys = tuple(key for key in session.keys() if not key.startswith("_"))
-        for key in keys:
-            session.pop(key, default=None)
-
-    return redirect("/")
-
-@toplevel.route("/register-user", methods=["GET", "POST"])
-def register_user():
-    if user_logged_in():
-        next_endpoint=request.args.get("next", "/")
-        flash(("You cannot register a new user while logged in. "
-               "Please logout to register a new user."),
-              "alert-danger")
-        return redirect(next_endpoint)
-
-    if request.method == "GET":
-        return render_template("oauth2/register_user.html")
-
-    config = app.config
-    form = request.form
-    response = requests.post(
-        urljoin(config["GN_SERVER_URL"], "oauth2/user/register"),
-        data = {
-            "user_name": form.get("user_name"),
-            "email": form.get("email_address"),
-            "password": form.get("password"),
-            "confirm_password": form.get("confirm_password")})
-    results = response.json()
-    if "error" in results:
-        error_messages = tuple(
-            f"{results['error']}: {msg.strip()}"
-            for msg in results.get("error_description").split("::"))
-        for message in error_messages:
-            flash(message, "alert-danger")
-        return redirect(url_for("oauth2.toplevel.register_user"))
-
-    flash("Registration successful! Please login to continue.", "alert-success")
-    return redirect(url_for("oauth2.toplevel.login"))
 
 @toplevel.route("/register-client", methods=["GET", "POST"])
 @require_oauth2
diff --git a/wqflask/wqflask/oauth2/users.py b/wqflask/wqflask/oauth2/users.py
index 67d6b27f..94c3a4ce 100644
--- a/wqflask/wqflask/oauth2/users.py
+++ b/wqflask/wqflask/oauth2/users.py
@@ -1,7 +1,12 @@
+import requests
+from urllib.parse import urljoin
+
+from authlib.integrations.base_client.errors import OAuthError
 from flask import (
-    flash, request, url_for, redirect, Response, Blueprint, render_template)
+    flash, request, session, url_for, redirect, Response, Blueprint,
+    render_template, current_app as app)
 
-from .checks import require_oauth2
+from .checks import require_oauth2, user_logged_in
 from .client import oauth2_get, oauth2_post, oauth2_client
 from .request_utils import user_details, request_error, process_error
 
@@ -13,10 +18,20 @@ def user_profile():
     __id__ = lambda the_val: the_val
     usr_dets = user_details()
     client = oauth2_client()
+    def __render__(usr_dets, roles=[], **kwargs):
+        return render_template(
+            "oauth2/view-user.html", user_details=usr_dets, roles=roles,
+            **kwargs)
+
+    def __roles_success__(roles):
+        return oauth2_get("oauth2/user/group/join-request").either(
+            lambda err: __render__(
+                user_details, group_join_error=process_error(err)),
+            lambda gjr: __render__(user_details, group_join_request=gjr))
 
-    roles = oauth2_get("oauth2/user/roles").either(lambda x: "Error", lambda x: x)
-    return render_template(
-        "oauth2/view-user.html", user_details=usr_dets, roles=roles)
+    return oauth2_get("oauth2/user/roles").either(
+        lambda err: __render__(user_details, role_error=process_error(err)),
+        __roles_success__)
 
 @users.route("/request-add-to-group", methods=["POST"])
 @require_oauth2
@@ -37,3 +52,78 @@ def request_add_to_group() -> Response:
 
     return oauth2_post(f"oauth2/group/requests/join/{group_id}",
                        data=form).either(__error__, __success__)
+
+@users.route("/login", methods=["GET", "POST"])
+def login():
+    """Route to allow users to sign up."""
+    next_endpoint=request.args.get("next", False)
+
+    if request.method == "POST":
+        form = request.form
+        client = oauth2_client()
+        config = app.config
+        try:
+            token = client.fetch_token(
+                urljoin(config["GN_SERVER_URL"], "oauth2/token"),
+                username=form.get("email_address"),
+                password=form.get("password"),
+                grant_type="password")
+            session["oauth2_token"] = token
+        except OAuthError as _oaerr:
+            flash(_oaerr.args[0], "alert-danger")
+            return render_template(
+                "oauth2/login.html", next_endpoint=next_endpoint,
+                email=form.get("email_address"))
+
+    if user_logged_in():
+        if next_endpoint:
+            return redirect(url_for(next_endpoint))
+        return redirect("/")
+
+    return render_template("oauth2/login.html", next_endpoint=next_endpoint)
+
+@users.route("/logout", methods=["GET", "POST"])
+def logout():
+    if user_logged_in():
+        token = session.get("oauth2_token", False)
+        config = app.config
+        client = oauth2_client()
+        resp = client.revoke_token(urljoin(config["GN_SERVER_URL"], "oauth2/revoke"))
+        keys = tuple(key for key in session.keys() if not key.startswith("_"))
+        for key in keys:
+            session.pop(key, default=None)
+
+    return redirect("/")
+
+@users.route("/register", methods=["GET", "POST"])
+def register_user():
+    if user_logged_in():
+        next_endpoint=request.args.get("next", "/")
+        flash(("You cannot register a new user while logged in. "
+               "Please logout to register a new user."),
+              "alert-danger")
+        return redirect(next_endpoint)
+
+    if request.method == "GET":
+        return render_template("oauth2/register_user.html")
+
+    config = app.config
+    form = request.form
+    response = requests.post(
+        urljoin(config["GN_SERVER_URL"], "oauth2/user/register"),
+        data = {
+            "user_name": form.get("user_name"),
+            "email": form.get("email_address"),
+            "password": form.get("password"),
+            "confirm_password": form.get("confirm_password")})
+    results = response.json()
+    if "error" in results:
+        error_messages = tuple(
+            f"{results['error']}: {msg.strip()}"
+            for msg in results.get("error_description").split("::"))
+        for message in error_messages:
+            flash(message, "alert-danger")
+        return redirect(url_for("oauth2.user.register_user"))
+
+    flash("Registration successful! Please login to continue.", "alert-success")
+    return redirect(url_for("oauth2.user.login"))
diff --git a/wqflask/wqflask/templates/oauth2/login.html b/wqflask/wqflask/templates/oauth2/login.html
index d3e0a4d8..eaa1a192 100644
--- a/wqflask/wqflask/templates/oauth2/login.html
+++ b/wqflask/wqflask/templates/oauth2/login.html
@@ -6,9 +6,9 @@
 
   <form class="form-horizontal"
 	{%if next_endpoint%}
-	action="{{url_for('oauth2.toplevel.login', next=next_endpoint)}}"
+	action="{{url_for('oauth2.user.login', next=next_endpoint)}}"
 	{%else%}
-	action="{{url_for('oauth2.toplevel.login')}}"
+	action="{{url_for('oauth2.user.login')}}"
 	{%endif%}
 	method="POST" id="oauth2-login-form">
     <fieldset>
-- 
cgit v1.2.3