From 12c957bf5f08fa5eac9b21bb4a1f4adc37de1167 Mon Sep 17 00:00:00 2001
From: thomasDOTde <thomas@drewermann.org>
Date: Wed, 1 Nov 2017 01:34:29 +0100
Subject: [PATCH] disabled profile usage when authenticated externally

---
 app/templates/user_profile.html | 18 +++++++++---------
 app/views.py                    | 11 ++++++++---
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/app/templates/user_profile.html b/app/templates/user_profile.html
index 19201dc..2dae7e0 100644
--- a/app/templates/user_profile.html
+++ b/app/templates/user_profile.html
@@ -19,7 +19,7 @@
         <div class="col-lg-12">
             <div class="box box-primary">
                 <div class="box-header with-border">
-                    <h3 class="box-title">Edit my profile</h3>
+                    <h3 class="box-title">Edit my profile{%  if external_account %} [Disabled - Authenticated externally]{% endif %}</h3>
                 </div>
                 <div class="box-body">
                     <!-- Custom Tabs -->
@@ -40,17 +40,17 @@
                                     <div class="form-group">
                                         <label for="firstname">First Name</label> <input type="text"
                                             class="form-control" name="firstname" id="firstname"
-                                            placeholder="{{ current_user.firstname }}">
+                                            placeholder="{{ current_user.firstname }}" {%  if external_account %}disabled{% endif %}>
                                     </div>
                                     <div class="form-group">
                                         <label for="lastname">Last Name</label> <input type="text"
                                             class="form-control" name="lastname" id="lastname"
-                                            placeholder="{{ current_user.lastname }}">
+                                            placeholder="{{ current_user.lastname }}" {%  if external_account %}disabled{% endif %}>
                                     </div>
                                     <div class="form-group">
                                         <label for="email">E-mail</label> <input type="text"
                                             class="form-control" name="email" id="email"
-                                            placeholder="{{ current_user.email }}">
+                                            placeholder="{{ current_user.email }}" {%  if external_account %}disabled{% endif %}>
                                     </div>
                                     <div class="form-group">
                                         <button type="submit" class="btn btn-flat btn-primary">Submit</button>
@@ -72,7 +72,7 @@
                                             </div>
                                             <div>
                                                 <label for="file">Select image</label> <input type="file"
-                                                    id="file" name="file">
+                                                    id="file" name="file" {%  if external_account %}disabled{% endif %}>
                                             </div>
                                         </div>
                                         <div>
@@ -95,15 +95,15 @@
                                     <div class="form-group">
                                         <label for="password">New Password</label> <input
                                             type="password" class="form-control" name="password"
-                                            id="newpassword" />
+                                            id="newpassword" {%  if external_account %}disabled{% endif %} />
                                     </div>
                                     <div class="form-group">
                                         <label for="rpassword">Re-type New Password</label> <input
                                             type="password" class="form-control" name="rpassword"
-                                            id="rpassword" />
+                                            id="rpassword" {%  if external_account %}disabled{% endif %} />
                                     </div>
                                     <div class="form-group">
-                                        <button type="submit" class="btn btn-flat btn-primary">Change
+                                        <button type="submit" class="btn btn-flat btn-primary" {%  if external_account %}disabled{% endif %}>Change
                                             password</button>
                                     </div>
                                 </form>
@@ -112,7 +112,7 @@
                             <div class="tab-pane" id="tabs-authentication">
                                 <form action="{{ user_profile }}" method="post">
                                     <div class="form-group">
-                                        <input type="checkbox" id="otp_toggle" class="otp_toggle" {% if current_user.otp_secret %}checked{% endif %}>
+                                        <input type="checkbox" id="otp_toggle" class="otp_toggle" {% if current_user.otp_secret %}checked{% endif %} {%  if external_account %}disabled{% endif %}>
                                         <label for="otp_toggle">Enable Two Factor Authentication</label>
                                         {% if current_user.otp_secret %}
                                         <div id="token_information">
diff --git a/app/views.py b/app/views.py
index 17bbf5d..ff035e4 100644
--- a/app/views.py
+++ b/app/views.py
@@ -228,6 +228,7 @@ def saml_authorized():
             user.lastname = session['samlUserdata']["surname"][0]
         user.plain_text_password = gen_salt(7)
         user.update_profile()
+        session['external_auth'] = True
         login_user(user, remember=False)
         return redirect(url_for('index'))
     else:
@@ -259,6 +260,7 @@ def login():
             user.create_local_user()
 
         session['user_id'] = user.id
+        session['external_auth'] = True
         login_user(user, remember = False)
         return redirect(url_for('index'))
 
@@ -741,8 +743,11 @@ def admin_settings_edit(setting):
 @app.route('/user/profile', methods=['GET', 'POST'])
 @login_required
 def user_profile():
-    if request.method == 'GET':
-        return render_template('user_profile.html')
+    external_account = False
+    if session.has_key('external_auth'):
+        external_account = session['external_auth']
+    if request.method == 'GET' or external_account:
+        return render_template('user_profile.html', external_account=external_account)
     if request.method == 'POST':
         # get new profile info
         firstname = request.form['firstname'] if 'firstname' in request.form else ''
@@ -777,7 +782,7 @@ def user_profile():
         user = User(username=current_user.username, plain_text_password=new_password, firstname=firstname, lastname=lastname, email=email, avatar=save_file_name, reload_info=False)
         user.update_profile()
 
-        return render_template('user_profile.html')
+        return render_template('user_profile.html', external_account=external_account)
 
 
 @app.route('/user/avatar/<string:filename>')