From dadfe72b480f05d6d31aaf575afaa34e53c450ab Mon Sep 17 00:00:00 2001
From: rubenwardy <rw@rubenwardy.com>
Date: Tue, 14 Apr 2020 14:39:49 +0100
Subject: [PATCH] Improve user authentication error handling

---
 app/blueprints/users/claim.py   | 28 +++++++++++++++++++---------
 app/blueprints/users/profile.py |  4 ++--
 app/tasks/phpbbparser.py        |  9 ++++++++-
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/app/blueprints/users/claim.py b/app/blueprints/users/claim.py
index 7c6283d..4e0f1ec 100644
--- a/app/blueprints/users/claim.py
+++ b/app/blueprints/users/claim.py
@@ -34,15 +34,16 @@ def claim():
 		if user and user.rank.atLeast(UserRank.NEW_MEMBER):
 			flash("User has already been claimed", "danger")
 			return redirect(url_for("users.claim"))
-		elif user is None and method == "github":
-			flash("Unable to get Github username for user", "danger")
-			return redirect(url_for("users.claim"))
-		elif user is None:
-			flash("Unable to find that user", "danger")
+		elif method == "github":
+			if user is None or user.github_username is None:
+				flash("Unable to get Github username for user", "danger")
+				return redirect(url_for("users.claim"))
+			else:
+				return redirect(url_for("github.start"))
+		elif user is None and request.method == "POST":
+			flash("Unable to find user", "danger")
 			return redirect(url_for("users.claim"))
 
-		if user is not None and method == "github":
-			return redirect(url_for("github.start"))
 
 	token = None
 	if "forum_token" in session:
@@ -70,8 +71,17 @@ def claim():
 			sig = None
 			try:
 				profile = getProfile("https://forum.minetest.net", username)
-				sig = profile.signature
-			except IOError:
+				sig = profile.signature if profile else None
+			except IOError as e:
+				if hasattr(e, 'message'):
+					message = e.message
+				else:
+					message = str(e)
+
+				flash("Error whilst attempting to access forums: " + message, "danger")
+				return redirect(url_for("users.claim", username=username))
+
+			if profile is None:
 				flash("Unable to get forum signature - does the user exist?", "danger")
 				return redirect(url_for("users.claim", username=username))
 
diff --git a/app/blueprints/users/profile.py b/app/blueprints/users/profile.py
index 177eefe..f3c697d 100644
--- a/app/blueprints/users/profile.py
+++ b/app/blueprints/users/profile.py
@@ -16,7 +16,7 @@
 
 
 from flask import *
-from flask_user import *
+from flask_user import signals, current_user, user_manager
 from flask_login import login_user, logout_user
 from app.markdown import render_markdown
 from . import bp
@@ -192,7 +192,7 @@ def set_password():
 
 			# Send 'password_changed' email
 			if user_manager.USER_ENABLE_EMAIL and current_user.email:
-				emails.send_password_changed_email(current_user)
+				user_manager.email_manager.send_password_changed_email(current_user)
 
 			# Send password_changed signal
 			signals.user_changed_password.send(current_app._get_current_object(), user=current_user)
diff --git a/app/tasks/phpbbparser.py b/app/tasks/phpbbparser.py
index 3df8470..752c7a6 100644
--- a/app/tasks/phpbbparser.py
+++ b/app/tasks/phpbbparser.py
@@ -74,7 +74,14 @@ def __extract_signature(soup):
 def getProfile(url, username):
 	url = url + "/memberlist.php?mode=viewprofile&un=" + urlEncodeNonAscii(username)
 
-	contents = urllib.request.urlopen(url).read().decode("utf-8")
+	req = urllib.request.urlopen(url, timeout=5)
+	if req.getcode() == 404:
+		return None
+
+	if req.getcode() != 200:
+		raise IOError(req.getcode())
+
+	contents = req.read().decode("utf-8")
 	soup = BeautifulSoup(contents, "lxml")
 	if soup is None:
 		return None