From 50694fe490aaa15cb266522376ce508d71b3776b Mon Sep 17 00:00:00 2001
From: deflax <daniel@deflax.net>
Date: Wed, 10 Apr 2024 18:23:20 +0300
Subject: [PATCH] force user to set its profile

---
 src/forest/auth/routes.py     | 13 +++++--------
 src/forest/settings/routes.py |  3 +++
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/forest/auth/routes.py b/src/forest/auth/routes.py
index cea3d5b..f5891f8 100644
--- a/src/forest/auth/routes.py
+++ b/src/forest/auth/routes.py
@@ -23,8 +23,9 @@ def before_request():
         current_user.ping()
         #print('request for {} from {}#{}'.format(request.endpoint, current_user.email, current_user.id))
         if not current_user.confirmed and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
-            print(request.endpoint)
             return redirect(url_for('auth.unconfirmed'))
+        if not current_user.setup and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
+            return redirect(url_for('settings.profile'))
 
 @auth.route('/unconfirmed')
 def unconfirmed():
@@ -155,16 +156,13 @@ def oauth2_callback(provider):
     # find or create the user in the database
     user = db.session.scalar(db.select(User).where(User.email == email))
     if user is None:
-        #user = User(email=email, username=email.split('@')[0])
-        user = User(email=email, confirmed=True)
+        user = User(email=email, confirmed=True, setup=False)
         db.session.add(user)
         db.session.commit()
 
     # log the user in
     login_user(user)
-    #return redirect(url_for('main.index'))
-    flash('Last Login: {}'.format(user.last_seen.strftime("%a %d %B %Y %H:%M")))
-    return redirect(request.args.get('next') or url_for('panel.dashboard'))
+    return redirect(url_for('settings.profile'))
 
 @auth.route('/login', methods=['GET', 'POST'])
 def login():
@@ -242,13 +240,12 @@ def qrcode():
 
     # for added security, remove username from session
     #del session['email']
-
-    # render qrcode for FreeTOTP
     url = pyqrcode.create(current_user.get_totp_uri())
     stream = BytesIO()
     url.svg(stream, scale=6)
     svg_secret = Markup(stream.getvalue().decode('utf-8'))
     otp_secret = current_user.get_otp_secret()
+
     # since this page contains the sensitive qrcode, make sure the browser
     # does not cache it
     return render_template('auth/qrcode.html', svg=svg_secret, otp=otp_secret), 200, {
diff --git a/src/forest/settings/routes.py b/src/forest/settings/routes.py
index d461e13..0fb1921 100644
--- a/src/forest/settings/routes.py
+++ b/src/forest/settings/routes.py
@@ -24,6 +24,9 @@ def profile():
         current_user.country = form.country.data
         current_user.phone = form.phone.data
         current_user.twofactor = form.twofactor.data
+
+        #the user is set-up when we are able to save the settings form
+        current_user.setup = True
         db.session.add(current_user)
         db.session.commit()
         flash('Profile info Updated!')