From fb54d65d740f5dca39d233c8b38e4be586ec9f34 Mon Sep 17 00:00:00 2001
From: Lynne <lynne@bune.city>
Date: Tue, 3 Sep 2019 13:22:00 +1000
Subject: [PATCH] implement errors that can be shown to the user

---
 static/style.css                |  8 ++++++
 templates/bot_accounts_add.html |  2 ++
 templates/bot_create.html       |  2 ++
 templates/error.html            |  3 +++
 templates/login.html            |  2 ++
 webui.py                        | 48 ++++++++++++++++++++++++---------
 6 files changed, 53 insertions(+), 12 deletions(-)
 create mode 100644 templates/error.html

diff --git a/static/style.css b/static/style.css
index 1066208..57eafbf 100644
--- a/static/style.css
+++ b/static/style.css
@@ -178,3 +178,11 @@ form .row {
 	background: center/contain url("https://lynnesbian.space/img/bune.png");
 	display: inline-block;
 }
+
+.error {
+	background-color: #e66;
+	color: white;
+	text-align: center;
+	font-size: 1.6em;
+	padding: 10px;
+}
diff --git a/templates/bot_accounts_add.html b/templates/bot_accounts_add.html
index 49d0379..24ce1cd 100644
--- a/templates/bot_accounts_add.html
+++ b/templates/bot_accounts_add.html
@@ -10,6 +10,8 @@
 	<div class="container">
 		<h1 class="thin centred">Add account</h1>
 	</div>
+
+	{%include 'error.html' %}
 	
 	<div class="container centred">
 		<form action="/bot/accounts/add" method="POST">
diff --git a/templates/bot_create.html b/templates/bot_create.html
index 1298b13..0175243 100644
--- a/templates/bot_create.html
+++ b/templates/bot_create.html
@@ -10,6 +10,8 @@
 	<div class="container">
 		<h1 class="thin centred">Create bot</h1>
 	</div>
+
+	{% include 'error.html' %}
 	
 	<div class="container centred">
 		<form action="/bot/create" method="POST">
diff --git a/templates/error.html b/templates/error.html
new file mode 100644
index 0000000..a5cca48
--- /dev/null
+++ b/templates/error.html
@@ -0,0 +1,3 @@
+{% if error != None %}
+<div class="error"><i class="fas fa-exclamation-triangle"></i> {{ error }}</div>
+{% endif %}
diff --git a/templates/login.html b/templates/login.html
index 3027cd4..0b252b7 100644
--- a/templates/login.html
+++ b/templates/login.html
@@ -10,6 +10,8 @@
 	<div class="container">
 		<h1 class="thin centred">{% if signup %}Sign up{% else %}Log in{% endif %}</h1>
 	</div>
+
+	{% include 'error.html' %}
 	
 	<div class="container centred">
 		<form action="/do/{% if signup %}signup{% else %}login{% endif %}" method="POST">
diff --git a/webui.py b/webui.py
index 08b250e..30af551 100644
--- a/webui.py
+++ b/webui.py
@@ -60,11 +60,16 @@ def about():
 
 @app.route("/login")
 def show_login_page():
-	return render_template("login.html", signup = False)
+	error = None
+	if 'error' in session:
+		error = session.pop('error')
+	return render_template("login.html", signup = False, error = error)
 
 @app.route("/signup")
-def show_signup_page(error = None):
-	#TODO: display error if any
+def show_signup_page():
+	error = None
+	if 'error' in session:
+		error = session.pop('error')
 	return render_template("login.html", signup = True)
 
 @app.route("/settings")
@@ -136,8 +141,13 @@ def bot_accounts(id):
 
 @app.route("/bot/accounts/add", methods = ['GET', 'POST'])
 def bot_accounts_add():
+	error = None
 	if request.method == 'POST':
 		if session['step'] == 1:
+			if request.form['account'] == session['bot']:
+				error = "Bots cannot learn from themselves."
+				return render_template("bot_accounts_add.html", error)
+
 			# look up user
 			handle_list = request.form['account'].split('@')
 			username = handle_list[1]
@@ -159,7 +169,8 @@ def bot_accounts_add():
 					found = True
 					break
 			if not found:
-				return "Couldn't find a valid ActivityPub outbox URL."
+				error = "Couldn't find a valid ActivityPub outbox URL."
+				return render_template("bot_accounts_add.html", error = error)
 
 			# 3. format as outbox URL and check to make sure it works
 			outbox = "{}/outbox?page=true".format(uri)
@@ -171,10 +182,13 @@ def bot_accounts_add():
 				c.execute("INSERT INTO `bot_learned_accounts` (`bot_id`, `fedi_id`) VALUES (%s, %s)", (session['bot'], request.form['account']))
 				c.close()
 				mysql.connection.commit()
+			else:
+				error = "Couldn't access ActivityPub outbox. {} may require authenticated fetches, which FediBooks doesn't support yet."
+				return render_template("bot_accounts_add.html", error = error)
 
 				return redirect("/bot/accounts/{}".format(session['bot']), 303)
 
-	return render_template("bot_accounts_add.html")
+	return render_template("bot_accounts_add.html", error = error)
 
 @app.route("/bot/accounts/toggle/<id>")
 def bot_accounts_toggle(id):
@@ -205,7 +219,7 @@ def bot_accounts_delete(id):
 
 @app.route("/bot/create/", methods=['GET', 'POST'])
 def bot_create():
-	#TODO: error handling
+	error = None
 	if request.method == 'POST':
 		if session['step'] == 1:
 			# strip leading https://, if provided
@@ -270,7 +284,7 @@ def bot_create():
 				del session['instance']
 				del session['instance_type']
 				session['step'] = 1
-				return bot_create()
+				return redirect(url_for("bot_create"), 303)
 
 	else:
 		if session['step'] == 4:
@@ -282,7 +296,8 @@ def bot_create():
 				handle = "@{}@{}".format(username, session['instance'])
 			except:
 				# authentication error occurred
-				return render_template("bot_oauth_error.html")
+				error = "Authentication failed."
+				return render_template("bot_create.html", error = error)
 
 			# authentication success!!
 			c = mysql.connection.cursor()
@@ -301,7 +316,9 @@ def bot_create():
 			del session['client_id']
 			del session['client_secret']
 
-	return render_template("bot_create.html")
+	if 'error' in session:
+		error = session.pop('error')
+	return render_template("bot_create.html", error = error)
 
 @app.route("/bot/create/back")
 def bot_create_back():
@@ -319,10 +336,12 @@ def do_signup():
 	# email validation is basically impossible without actually sending an email to the address
 	# because fedibooks can't send email yet, we'll just check if the string contains an @ ;)
 	if "@" not in request.form['email']:
-		return show_signup_page("Invalid email address.")
+		session['error'] = "Invalid email address."
+		return redirect(url_for("show_signup_page"), 303)
 
 	if len(request.form['password']) < 8:
-		return show_signup_page("Password too short.")
+		session['error'] = "Password too short."
+		return redirect(url_for("show_signup_page"), 303)
 
 	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
 	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
@@ -350,12 +369,17 @@ def do_login():
 	c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))
 	data = c.fetchone()
 	c.close()
+	if data == None:
+		session['error'] = "Incorrect login information."
+		return redirect(url_for("show_login_page"), 303)
+	
 	if bcrypt.checkpw(pw_hashed, data['password']):
 		session['user_id'] = data['id']
 		return redirect(url_for("home"))
 
 	else:
-		return "invalid login"
+		session['error'] = "Incorrect login information."
+		return redirect(url_for("show_login_page"), 303)
 
 @app.route("/img/bot_generic.png")
 def img_bot_generic():