Mailu/core/admin/mailu/ui/views/users.py

from mailu import models, utils
from mailu.ui import ui, access, forms
from flask import current_app as app

import flask
import flask_login
import wtforms
import wtforms_components

@ui.route('/user/list/<domain_name>', methods=['GET'])
@access.domain_admin(models.Domain, 'domain_name')
def user_list(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    return flask.render_template('user/list.html', domain=domain)


@ui.route('/user/create/<domain_name>', methods=['GET', 'POST'])
@access.domain_admin(models.Domain, 'domain_name')
def user_create(domain_name):
    domain = models.Domain.query.get(domain_name) or flask.abort(404)
    if not domain.max_users == -1 and len(domain.users) >= domain.max_users:
        flask.flash('Too many users for domain %s' % domain, 'error')
        return flask.redirect(
            flask.url_for('.user_list', domain_name=domain.name))
    form = forms.UserForm()
    form.pw.validators = [wtforms.validators.DataRequired()]
    if domain.max_quota_bytes:
        form.quota_bytes.validators = [
            wtforms.validators.NumberRange(max=domain.max_quota_bytes)]
    if form.validate_on_submit():
        if msg := utils.isBadOrPwned(form):
            flask.flash(msg, "error")
            return flask.render_template('user/create.html',
                domain=domain, form=form)
        if domain.has_email(form.localpart.data):
            flask.flash('Email is already used', 'error')
        else:
            user = models.User(domain=domain)
            form.populate_obj(user)
            user.set_password(form.pw.data)
            models.db.session.add(user)
            models.db.session.commit()
            user.send_welcome()
            flask.flash('User %s created' % user)
            return flask.redirect(
                flask.url_for('.user_list', domain_name=domain.name))
    return flask.render_template('user/create.html',
        domain=domain, form=form)


@ui.route('/user/edit/<path:user_email>', methods=['GET', 'POST'])
@access.domain_admin(models.User, 'user_email')
def user_edit(user_email):
    user = models.User.query.get(user_email) or flask.abort(404)
    # Handle the case where user quota is more than allowed
    max_quota_bytes = user.domain.max_quota_bytes
    if max_quota_bytes and user.quota_bytes > max_quota_bytes:
        max_quota_bytes = user.quota_bytes
    # Create the form
    form = forms.UserForm(obj=user)
    wtforms_components.read_only(form.localpart)
    form.localpart.validators = []
    if max_quota_bytes:
        form.quota_bytes.validators = [
            wtforms.validators.NumberRange(max=max_quota_bytes)]
    if form.validate_on_submit():
        if msg := utils.isBadOrPwned(form):
            flask.flash(msg, "error")
            return flask.render_template('user/edit.html', form=form, user=user,
                domain=user.domain, max_quota_bytes=max_quota_bytes)
        form.populate_obj(user)
        if form.pw.data:
            user.set_password(form.pw.data)
        models.db.session.commit()
        flask.flash('User %s updated' % user)
        return flask.redirect(
            flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/edit.html', form=form, user=user,
        domain=user.domain, max_quota_bytes=max_quota_bytes)


@ui.route('/user/delete/<path:user_email>', methods=['GET', 'POST'])
@access.domain_admin(models.User, 'user_email')
@access.confirmation_required("delete {user_email}")
def user_delete(user_email):
    user = models.User.query.get(user_email) or flask.abort(404)
    domain = user.domain
    models.db.session.delete(user)
    models.db.session.commit()
    flask.flash('User %s deleted' % user)
    return flask.redirect(
        flask.url_for('.user_list', domain_name=domain.name))


@ui.route('/user/settings', methods=['GET', 'POST'], defaults={'user_email': None})
@ui.route('/user/usersettings/<path:user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_settings(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserSettingsForm(obj=user)
    if isinstance(form.forward_destination.data,str):
        data = form.forward_destination.data.replace(" ","").split(",")
    else:
        data = form.forward_destination.data
    form.forward_destination.data = ", ".join(data)
    if form.validate_on_submit():
        form.forward_destination.data = form.forward_destination.data.replace(" ","").split(",")
        form.populate_obj(user)
        models.db.session.commit()
        form.forward_destination.data = ", ".join(form.forward_destination.data)
        flask.flash('Settings updated for %s' % user)
        if user_email:
            return flask.redirect(
                flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/settings.html', form=form, user=user)


@ui.route('/user/password', methods=['GET', 'POST'], defaults={'user_email': None})
@ui.route('/user/password/<path:user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_password(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserPasswordForm()
    if form.validate_on_submit():
        if form.pw.data != form.pw2.data:
            flask.flash('Passwords do not match', 'error')
        else:
            if msg := utils.isBadOrPwned(form):
                flask.flash(msg, "error")
                return flask.render_template('user/password.html', form=form, user=user)
            flask.session.regenerate()
            user.set_password(form.pw.data)
            models.db.session.commit()
            flask.flash('Password updated for %s' % user)
            if user_email:
                return flask.redirect(flask.url_for('.user_list',
                    domain_name=user.domain.name))
    return flask.render_template('user/password.html', form=form, user=user)


@ui.route('/user/reply', methods=['GET', 'POST'], defaults={'user_email': None})
@ui.route('/user/reply/<path:user_email>', methods=['GET', 'POST'])
@access.owner(models.User, 'user_email')
def user_reply(user_email):
    user_email_or_current = user_email or flask_login.current_user.email
    user = models.User.query.get(user_email_or_current) or flask.abort(404)
    form = forms.UserReplyForm(obj=user)
    if form.validate_on_submit():
        form.populate_obj(user)
        models.db.session.commit()
        flask.flash('Auto-reply message updated for %s' % user)
        if user_email:
            return flask.redirect(
                flask.url_for('.user_list', domain_name=user.domain.name))
    return flask.render_template('user/reply.html', form=form, user=user)


@ui.route('/user/signup', methods=['GET', 'POST'])
@ui.route('/user/signup/<domain_name>', methods=['GET', 'POST'])
def user_signup(domain_name=None):
    available_domains = {
        domain.name: domain
        for domain in models.Domain.query.filter_by(signup_enabled=True).all()
        if domain.max_users == -1 or len(domain.users) < domain.max_users
    }
    if not available_domains:
        flask.flash('No domain available for registration')
    if not domain_name:
        return flask.render_template('user/signup_domain.html',
            available_domains=available_domains)
    domain = available_domains.get(domain_name) or flask.abort(404)
    quota_bytes = domain.max_quota_bytes or app.config['DEFAULT_QUOTA']
    if app.config['RECAPTCHA_PUBLIC_KEY'] == "" or app.config['RECAPTCHA_PRIVATE_KEY'] == "":
        form = forms.UserSignupForm()
    else:
        form = forms.UserSignupFormCaptcha()

    if form.validate_on_submit():
        if domain.has_email(form.localpart.data) or models.Alias.resolve(form.localpart.data, domain_name):
            flask.flash('Email is already used', 'error')
        else:
            if msg := utils.isBadOrPwned(form):
                flask.flash(msg, "error")
                return flask.render_template('user/signup.html', domain=domain, form=form)
            flask.session.regenerate()
            user = models.User(domain=domain)
            form.populate_obj(user)
            user.set_password(form.pw.data)
            user.quota_bytes = quota_bytes
            models.db.session.add(user)
            models.db.session.commit()
            user.send_welcome()
            flask.flash('Successfully signed up %s' % user)
            return flask.redirect(flask.url_for('.index'))
    return flask.render_template('user/signup.html', domain=domain, form=form)
refactor 2022-11-03 17:19:44 +02:00			`from mailu import models, utils`
Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`from mailu.ui import ui, access, forms`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`from flask import current_app as app`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00
			`import flask`
Remove deprecated flask.ext imports 2016-08-13 20:51:54 +02:00			`import flask_login`
Implement a maximum quota per domain, fixes #106 2017-02-02 23:29:33 +02:00			`import wtforms`
Improve forms for user creation an deletion 2016-03-22 20:47:15 +02:00			`import wtforms_components`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00
Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/user/list/<domain_name>', methods=['GET'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.Domain, 'domain_name')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_list(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('user/list.html', domain=domain)`


Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/user/create/<domain_name>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.Domain, 'domain_name')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_create(domain_name):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`domain = models.Domain.query.get(domain_name) or flask.abort(404)`
allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit 2019-01-05 14:45:55 +02:00			`if not domain.max_users == -1 and len(domain.users) >= domain.max_users:`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('Too many users for domain %s' % domain, 'error')`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(`
			`flask.url_for('.user_list', domain_name=domain.name))`
Improve forms for user creation an deletion 2016-03-22 20:47:15 +02:00			`form = forms.UserForm()`
fix forced password on user edit 2019-01-09 13:03:47 +02:00			`form.pw.validators = [wtforms.validators.DataRequired()]`
Handle infinite quotas when adding validators, fixes #162 2017-02-14 22:37:51 +02:00			`if domain.max_quota_bytes:`
			`form.quota_bytes.validators = [`
			`wtforms.validators.NumberRange(max=domain.max_quota_bytes)]`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
refactor 2022-11-03 17:19:44 +02:00			`if msg := utils.isBadOrPwned(form):`
			`flask.flash(msg, "error")`
v1 2022-10-31 20:41:40 +02:00			`return flask.render_template('user/create.html',`
			`domain=domain, form=form)`
Rename the generic 'address' to 'email' 2016-05-01 20:04:40 +02:00			`if domain.has_email(form.localpart.data):`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`flask.flash('Email is already used', 'error')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`else:`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`user = models.User(domain=domain)`
			`form.populate_obj(user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`user.set_password(form.pw.data)`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.add(user)`
			`models.db.session.commit()`
Implement welcome emails, fixes #107 2017-11-10 12:56:43 +02:00			`user.send_welcome()`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('User %s created' % user)`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=domain.name))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('user/create.html',`
			`domain=domain, form=form)`


harden email address validation and fix routes with user_email 2019-01-04 19:01:46 +02:00			`@ui.route('/user/edit/<path:user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_edit(user_email):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`user = models.User.query.get(user_email) or flask.abort(404)`
Implement a maximum quota per domain, fixes #106 2017-02-02 23:29:33 +02:00			`# Handle the case where user quota is more than allowed`
			`max_quota_bytes = user.domain.max_quota_bytes`
			`if max_quota_bytes and user.quota_bytes > max_quota_bytes:`
			`max_quota_bytes = user.quota_bytes`
			`# Create the form`
Improve forms for user creation an deletion 2016-03-22 20:47:15 +02:00			`form = forms.UserForm(obj=user)`
			`wtforms_components.read_only(form.localpart)`
Fix the behaviour from Wtforms Components regarding readonly, related to #152 2017-01-25 01:05:03 +02:00			`form.localpart.validators = []`
Handle infinite quotas when adding validators, fixes #162 2017-02-14 22:37:51 +02:00			`if max_quota_bytes:`
			`form.quota_bytes.validators = [`
			`wtforms.validators.NumberRange(max=max_quota_bytes)]`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`if form.validate_on_submit():`
refactor 2022-11-03 17:19:44 +02:00			`if msg := utils.isBadOrPwned(form):`
			`flask.flash(msg, "error")`
v1 2022-10-31 20:41:40 +02:00			`return flask.render_template('user/edit.html', form=form, user=user,`
			`domain=user.domain, max_quota_bytes=max_quota_bytes)`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(user)`
Improve the action buttons 2016-03-22 22:15:57 +02:00			`if form.pw.data:`
			`user.set_password(form.pw.data)`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.commit()`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('User %s updated' % user)`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Implement a maximum quota per domain, fixes #106 2017-02-02 23:29:33 +02:00			`return flask.render_template('user/edit.html', form=form, user=user,`
			`domain=user.domain, max_quota_bytes=max_quota_bytes)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

harden email address validation and fix routes with user_email 2019-01-04 19:01:46 +02:00			`@ui.route('/user/delete/<path:user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.domain_admin(models.User, 'user_email')`
Clean imports and remove calls to the utils module 2016-08-29 19:35:09 +02:00			`@access.confirmation_required("delete {user_email}")`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_delete(user_email):`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`user = models.User.query.get(user_email) or flask.abort(404)`
Do not use objects after deleting them, fixes #112 2016-11-12 16:47:48 +02:00			`domain = user.domain`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.delete(user)`
			`models.db.session.commit()`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('User %s deleted' % user)`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(`
Do not use objects after deleting them, fixes #112 2016-11-12 16:47:48 +02:00			`flask.url_for('.user_list', domain_name=domain.name))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/user/settings', methods=['GET', 'POST'], defaults={'user_email': None})`
harden email address validation and fix routes with user_email 2019-01-04 19:01:46 +02:00			`@ui.route('/user/usersettings/<path:user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_settings(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
Prefill user forms 2016-03-20 12:14:27 +02:00			`form = forms.UserSettingsForm(obj=user)`
fixed auto-forward 2018-12-28 22:03:57 +02:00			`if isinstance(form.forward_destination.data,str):`
			`data = form.forward_destination.data.replace(" ","").split(",")`
			`else:`
			`data = form.forward_destination.data`
			`form.forward_destination.data = ", ".join(data)`
Add some example settings 2016-03-20 12:09:06 +02:00			`if form.validate_on_submit():`
fixed auto-forward 2018-12-28 22:03:57 +02:00			`form.forward_destination.data = form.forward_destination.data.replace(" ","").split(",")`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(user)`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.commit()`
fixed auto-forward 2018-12-28 22:03:57 +02:00			`form.forward_destination.data = ", ".join(form.forward_destination.data)`
Add some example settings 2016-03-20 12:09:06 +02:00			`flask.flash('Settings updated for %s' % user)`
			`if user_email:`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Add some example settings 2016-03-20 12:09:06 +02:00			`return flask.render_template('user/settings.html', form=form, user=user)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00

Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/user/password', methods=['GET', 'POST'], defaults={'user_email': None})`
harden email address validation and fix routes with user_email 2019-01-04 19:01:46 +02:00			`@ui.route('/user/password/<path:user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`def user_password(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`form = forms.UserPasswordForm()`
			`if form.validate_on_submit():`
			`if form.pw.data != form.pw2.data:`
			`flask.flash('Passwords do not match', 'error')`
			`else:`
refactor 2022-11-03 17:19:44 +02:00			`if msg := utils.isBadOrPwned(form):`
			`flask.flash(msg, "error")`
v1 2022-10-31 20:41:40 +02:00			`return flask.render_template('user/password.html', form=form, user=user)`
Regenerate session-ids to prevent session fixation 2021-02-22 21:43:52 +02:00			`flask.session.regenerate()`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`user.set_password(form.pw.data)`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.commit()`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`flask.flash('Password updated for %s' % user)`
			`if user_email:`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`return flask.redirect(flask.url_for('.user_list',`
			`domain_name=user.domain.name))`
First shot at an AdminLTE dashboard 2016-03-19 21:37:48 +02:00			`return flask.render_template('user/password.html', form=form, user=user)`


Move the admin interface back to a blueprint 2017-09-24 12:00:39 +02:00			`@ui.route('/user/reply', methods=['GET', 'POST'], defaults={'user_email': None})`
harden email address validation and fix routes with user_email 2019-01-04 19:01:46 +02:00			`@ui.route('/user/reply/<path:user_email>', methods=['GET', 'POST'])`
Implement the decorator-based access control for all views 2016-08-29 19:24:39 +02:00			`@access.owner(models.User, 'user_email')`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`def user_reply(user_email):`
Do not redirect users to admin pages, fix #74 2016-10-02 10:14:53 +02:00			`user_email_or_current = user_email or flask_login.current_user.email`
			`user = models.User.query.get(user_email_or_current) or flask.abort(404)`
Prefill user forms 2016-03-20 12:14:27 +02:00			`form = forms.UserReplyForm(obj=user)`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`if form.validate_on_submit():`
Use populate_obj to update objects 2016-05-01 21:12:08 +02:00			`form.populate_obj(user)`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.commit()`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`flask.flash('Auto-reply message updated for %s' % user)`
			`if user_email:`
			`return flask.redirect(`
Switched to blueprints for the main app 2016-03-20 16:36:56 +02:00			`flask.url_for('.user_list', domain_name=user.domain.name))`
Add the auto-reply feature in the admin panel 2016-03-20 12:00:01 +02:00			`return flask.render_template('user/reply.html', form=form, user=user)`
Enable self-service account signup 2017-12-03 13:01:25 +02:00

			`@ui.route('/user/signup', methods=['GET', 'POST'])`
			`@ui.route('/user/signup/<domain_name>', methods=['GET', 'POST'])`
			`def user_signup(domain_name=None):`
			`available_domains = {`
			`domain.name: domain`
			`for domain in models.Domain.query.filter_by(signup_enabled=True).all()`
allow to disable aliases or users for domains and don't allow negativ values on domain creation/edit 2019-01-05 14:45:55 +02:00			`if domain.max_users == -1 or len(domain.users) < domain.max_users`
Enable self-service account signup 2017-12-03 13:01:25 +02:00			`}`
			`if not available_domains:`
			`flask.flash('No domain available for registration')`
			`if not domain_name:`
			`return flask.render_template('user/signup_domain.html',`
			`available_domains=available_domains)`
			`domain = available_domains.get(domain_name) or flask.abort(404)`
Fix the signup quota 2017-12-03 18:53:33 +02:00			`quota_bytes = domain.max_quota_bytes or app.config['DEFAULT_QUOTA']`
Using a new class when captcha is enabled 2018-11-07 09:58:49 +02:00			`if app.config['RECAPTCHA_PUBLIC_KEY'] == "" or app.config['RECAPTCHA_PRIVATE_KEY'] == "":`
			`form = forms.UserSignupForm()`
			`else:`
			`form = forms.UserSignupFormCaptcha()`

Enable self-service account signup 2017-12-03 13:01:25 +02:00			`if form.validate_on_submit():`
Prevent signups with accounts where an alias exists 2022-08-27 18:09:52 +02:00			`if domain.has_email(form.localpart.data) or models.Alias.resolve(form.localpart.data, domain_name):`
Enable self-service account signup 2017-12-03 13:01:25 +02:00			`flask.flash('Email is already used', 'error')`
			`else:`
refactor 2022-11-03 17:19:44 +02:00			`if msg := utils.isBadOrPwned(form):`
			`flask.flash(msg, "error")`
v1 2022-10-31 20:41:40 +02:00			`return flask.render_template('user/signup.html', domain=domain, form=form)`
Regenerate session-ids to prevent session fixation 2021-02-22 21:43:52 +02:00			`flask.session.regenerate()`
Enable self-service account signup 2017-12-03 13:01:25 +02:00			`user = models.User(domain=domain)`
			`form.populate_obj(user)`
			`user.set_password(form.pw.data)`
			`user.quota_bytes = quota_bytes`
First batch of refactoring, using the app factory pattern 2018-10-18 15:57:43 +02:00			`models.db.session.add(user)`
			`models.db.session.commit()`
Enable self-service account signup 2017-12-03 13:01:25 +02:00			`user.send_welcome()`
			`flask.flash('Successfully signed up %s' % user)`
			`return flask.redirect(flask.url_for('.index'))`
			`return flask.render_template('user/signup.html', domain=domain, form=form)`