diff --git a/app/dashboard/views/contact_detail.py b/app/dashboard/views/contact_detail.py index 5fc40fb1..372aca0b 100644 --- a/app/dashboard/views/contact_detail.py +++ b/app/dashboard/views/contact_detail.py @@ -1,5 +1,7 @@ from flask import render_template, request, redirect, url_for, flash from flask_login import login_required, current_user +from flask_wtf import FlaskForm +from wtforms import StringField, validators from app.dashboard.base import dashboard_bp from app.db import Session @@ -7,6 +9,14 @@ from app.models import Contact from app.pgp_utils import PGPException, load_public_key_and_check +class PGPContactForm(FlaskForm): + action = StringField( + "action", + validators=[validators.DataRequired(), validators.AnyOf(("save", "remove"))], + ) + pgp = StringField("pgp", validators=[validators.Optional()]) + + @dashboard_bp.route("/contact//", methods=["GET", "POST"]) @login_required def contact_detail_route(contact_id): @@ -16,33 +26,41 @@ def contact_detail_route(contact_id): return redirect(url_for("dashboard.index")) alias = contact.alias + pgp_form = PGPContactForm() if request.method == "POST": if request.form.get("form-name") == "pgp": - if request.form.get("action") == "save": + if not pgp_form.validate(): + flash("Invalid request", "warning") + return redirect(request.url) + if pgp_form.action.data == "save": if not current_user.is_premium(): flash("Only premium plan can add PGP Key", "warning") return redirect( url_for("dashboard.contact_detail_route", contact_id=contact_id) ) - - contact.pgp_public_key = request.form.get("pgp") - try: - contact.pgp_finger_print = load_public_key_and_check( - contact.pgp_public_key - ) - except PGPException: - flash("Cannot add the public key, please verify it", "error") + if not pgp_form.pgp.data: + flash("Invalid pgp key") else: - Session.commit() - flash( - f"PGP public key for {contact.email} is saved successfully", - "success", - ) - return redirect( - url_for("dashboard.contact_detail_route", contact_id=contact_id) - ) - elif request.form.get("action") == "remove": + contact.pgp_public_key = pgp_form.pgp.data + try: + contact.pgp_finger_print = load_public_key_and_check( + contact.pgp_public_key + ) + except PGPException: + flash("Cannot add the public key, please verify it", "error") + else: + Session.commit() + flash( + f"PGP public key for {contact.email} is saved successfully", + "success", + ) + return redirect( + url_for( + "dashboard.contact_detail_route", contact_id=contact_id + ) + ) + elif pgp_form.action.data == "remove": # Free user can decide to remove contact PGP key contact.pgp_public_key = None contact.pgp_finger_print = None @@ -53,5 +71,5 @@ def contact_detail_route(contact_id): ) return render_template( - "dashboard/contact_detail.html", contact=contact, alias=alias + "dashboard/contact_detail.html", contact=contact, alias=alias, pgp_form=pgp_form ) diff --git a/templates/dashboard/contact_detail.html b/templates/dashboard/contact_detail.html index dca2f9d0..8616fffe 100644 --- a/templates/dashboard/contact_detail.html +++ b/templates/dashboard/contact_detail.html @@ -26,6 +26,7 @@
+ {{ pgp_form.csrf_token }}