From fc9edfb1b65260f41f204d11bf130ceb35cb84e0 Mon Sep 17 00:00:00 2001
From: Bryan Newbold <bnewbold@robocracy.org>
Date: Fri, 26 Feb 2021 11:30:18 -0800
Subject: web: reduce flash() usage; have logins redirect

---
 python/fatcat_web/auth.py             | 19 ++++++++++---------
 python/fatcat_web/editing_routes.py   |  6 +-----
 python/fatcat_web/routes.py           |  5 ++---
 python/fatcat_web/templates/base.html | 17 ++++++++++-------
 python/fatcat_web/web_config.py       |  3 +++
 5 files changed, 26 insertions(+), 24 deletions(-)

(limited to 'python')

diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index ed9f2252..74b8e2d6 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -40,7 +40,11 @@ def handle_token_login(token):
     session['api_token'] = token
     session['editor'] = editor.to_dict()
     login_user(load_user(editor.editor_id))
-    return redirect("/auth/account")
+    rp = "/auth/account"
+    if session.get('next'):
+        rp = session['next']
+        session.pop('next')
+    return redirect(rp)
 
 # This will need to login/signup via fatcatd API, then set token in session
 def handle_oauth(remote, token, user_info):
@@ -71,13 +75,6 @@ def handle_oauth(remote, token, user_info):
         editor = resp.editor
         api_token = resp.token
 
-        if http_status == 201:
-            flash("Welcome to Fatcat! An account has been created for you with a temporary username; you may wish to change it under account settings")
-            flash("You must use the same mechanism ({}) to login in the future".format(remote.name))
-            flash("Check out 'The Guide' (linked above) for an editing quickstart tutorial")
-        else:
-            flash("Welcome back {}!".format(editor.username))
-
         # write token and username to session
         session.permanent = True
         session['api_token'] = api_token
@@ -85,7 +82,11 @@ def handle_oauth(remote, token, user_info):
 
         # call login_user(load_user(editor_id))
         login_user(load_user(editor.editor_id))
-        return redirect("/auth/account")
+        rp = "/auth/account"
+        if session.get('next'):
+            rp = session['next']
+            session.pop('next')
+        return redirect(rp)
 
     # XXX: what should this actually be?
     raise Exception("didn't receive OAuth user_info")
diff --git a/python/fatcat_web/editing_routes.py b/python/fatcat_web/editing_routes.py
index 8e3b03b0..61aade72 100644
--- a/python/fatcat_web/editing_routes.py
+++ b/python/fatcat_web/editing_routes.py
@@ -137,11 +137,7 @@ def form_editgroup_get_or_create(api, edit_form):
         except ApiException as ae:
             app.log.warning(ae)
             raise ae
-        # set this session editgroup_id
-        flash('Started new editgroup <a href="/editgroup/{}">{}</a>'.format(
-            eg.editgroup_id,
-            eg.editgroup_id,
-        ))
+        # set this session editgroup_id (TODO)
     return eg
 
 def generic_entity_edit(editgroup_id, entity_type, existing_ident, edit_template):
diff --git a/python/fatcat_web/routes.py b/python/fatcat_web/routes.py
index 02b5258a..eda947cd 100644
--- a/python/fatcat_web/routes.py
+++ b/python/fatcat_web/routes.py
@@ -3,7 +3,7 @@ import os
 import json
 import citeproc_styles
 from flask import render_template, make_response, send_from_directory, \
-    request, url_for, abort, redirect, jsonify, session, flash, Response
+    request, url_for, abort, redirect, jsonify, session, Response
 from flask_login import login_required
 from flask_wtf.csrf import CSRFError
 
@@ -986,7 +986,7 @@ def health_json():
 def login():
     # show the user a list of login options
     if not priv_api:
-        flash("This web interface not configured with credentials to actually allow login (other than via token)")
+        app.log.warn("This web interface not configured with credentials to actually allow login (other than via token)")
     return render_template('auth_login.html')
 
 @app.route('/auth/ia/login', methods=['GET', 'POST'])
@@ -1026,7 +1026,6 @@ def change_username():
     # update our session
     session['editor'] = editor.to_dict()
     load_user(editor.editor_id)
-    flash("Username updated successfully")
     return redirect('/auth/account')
 
 @app.route('/auth/create_token', methods=['POST'])
diff --git a/python/fatcat_web/templates/base.html b/python/fatcat_web/templates/base.html
index 8cdc3fbf..73f33d0d 100644
--- a/python/fatcat_web/templates/base.html
+++ b/python/fatcat_web/templates/base.html
@@ -101,14 +101,17 @@
 <main class="ui main container" style="margin-top: 6em; margin-bottom: 2em;" {% block main_extra_attr %}{% endblock %}>
 {% with messages = get_flashed_messages() %}
   {% if messages %}
-    <div class="ui message">
+    <div class="ui info message" style="margin: 1em auto; max-width: 45em;">
     {# Needs more javascript: <i class="close icon"></i> #}
-    <div class="header">Flash Message!</div>
-    <ul class="list">
-    {% for message in messages %}
-      <li>{{ message|safe }}
-    {% endfor %}
-    </ul>
+    {% if messages|length == 1 %}
+      <div class="header">{{ messages[0]|safe }}</div>
+    {% else %}
+      <ul class="list">
+      {% for message in messages %}
+        <li>{{ message|safe }}
+      {% endfor %}
+      </ul>
+    {% endif %}
     </div>
   {% endif %}
 {% endwith %}
diff --git a/python/fatcat_web/web_config.py b/python/fatcat_web/web_config.py
index 22a704d9..5d2da830 100644
--- a/python/fatcat_web/web_config.py
+++ b/python/fatcat_web/web_config.py
@@ -60,6 +60,9 @@ class Config(object):
     WTF_CSRF_CHECK_DEFAULT = False
     WTF_CSRF_TIME_LIMIT = None
 
+    # for login redirects
+    USE_SESSION_FOR_NEXT = True
+
     if FATCAT_DOMAIN == "dev.fatcat.wiki":
         # "Even more verbose" debug options
         #SQLALCHEMY_ECHO = True
-- 
cgit v1.2.3