SS-643 Users can edit their account details

common/forms.py

@@ -321,3 +321,65 @@ class Meta:
         fields = [
             "token",
         ]
+
+
+# SS-643 We've created a new form because UserForm above
+# is a UserCreationForm,
+# which means 'exclude' in Meta or change in
+# initialization won't work
+class UserEditForm(BootstrapErrorFormMixin, forms.ModelForm):
+    first_name = forms.CharField(
+        min_length=1,
+        max_length=30,
+        label="First name",
+        widget=forms.TextInput(attrs={"class": "form-control"}),
+    )
+    last_name = forms.CharField(
+        min_length=1,
+        max_length=30,
+        label="Last name",
+        widget=forms.TextInput(attrs={"class": "form-control"}),
+    )
+    email = forms.EmailField(
+        max_length=254,
+        label="Email address",
+        widget=forms.TextInput(attrs={"class": "form-control"}),
+        help_text=mark_safe("Email address can not be changed. Please email [email protected] with any questions."),
+        disabled=True,
+    )
+
+    required_css_class = "required"
+
+    class Meta:
+        model = User
+        fields = [
+            "username",
+            "first_name",
+            "last_name",
+            "email",
+            "password1",
+            "password2",
+        ]
+        exclude = [
+            "username",
+            "password1",
+            "password2",
+        ]
+
+    def __repr__(self) -> str:
+        return f"{self.__class__.__name__}({self.data})"
+
+
+class ProfileEditForm(ProfileForm):
+    class Meta(ProfileForm.Meta):
+        exclude = [
+            "note",
+            "why_account_needed",
+        ]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields["affiliation"].disabled = True
+        self.fields[
+            "affiliation"
+        ].help_text = "Affiliation can not be changed. Please email [email protected] with any questions."

common/urls.py

@@ -1,4 +1,5 @@
 from django.contrib.auth import views as auth_views
+from django.contrib.auth.decorators import login_required
 from django.urls import include, path
 
 from . import views
@@ -9,4 +10,5 @@
     path("success/", views.RegistrationCompleteView.as_view(), name="success"),
     path("signup/", views.SignUpView.as_view(), name="signup"),
     path("verify/", views.VerifyView.as_view(), name="verify"),
+    path("edit-profile/", login_required(views.EditProfileView.as_view()), name="edit-profile"),
 ]

common/views.py

@@ -1,15 +1,29 @@
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth.decorators import login_required
+from django.core.exceptions import ObjectDoesNotExist
 from django.core.mail import send_mail
 from django.db import transaction
 from django.http.response import HttpResponseRedirect
-from django.shortcuts import redirect, render
+from django.shortcuts import HttpResponse, redirect, render
 from django.urls import reverse_lazy
+from django.utils.decorators import method_decorator
 from django.views.generic import CreateView, TemplateView
 
-from .forms import ProfileForm, SignUpForm, TokenVerificationForm, UserForm
-from .models import EmailVerificationTable
+from studio.utils import get_logger
+
+from .forms import (
+    ProfileEditForm,
+    ProfileForm,
+    SignUpForm,
+    TokenVerificationForm,
+    UserEditForm,
+    UserForm,
+)
+from .models import EmailVerificationTable, UserProfile
+
+logger = get_logger(__name__)
 
 
 # Create your views here.
@@ -129,3 +143,119 @@ def post(self, request, *args, **kwargs):
                 messages.error(request, "Invalid token!")
                 return redirect("portal:home")
         return render(request, self.template_name, {"form": form})
+
+
+@method_decorator(login_required, name="post")
+class EditProfileView(TemplateView):
+    template_name = "user/profile_edit_form.html"
+
+    profile_edit_form_class = ProfileEditForm
+    user_edit_form_class = UserEditForm
+
+    def get_user_profile_info(self, request):
+        # Get the user profile from database
+        try:
+            # Note that not all users have a user profile object
+            # such as the admin superuser
+            user_profile = UserProfile.objects.get(user_id=request.user.id)
+        except ObjectDoesNotExist as e:
+            logger.error(str(e), exc_info=True)
+            user_profile = UserProfile()
+        except Exception as e:
+            logger.error(str(e), exc_info=True)
+            user_profile = UserProfile()
+
+        return user_profile
+
+    def get(self, request, *args, **kwargs):
+        user_profile_data = self.get_user_profile_info(request)
+
+        profile_edit_form = self.profile_edit_form_class(
+            initial={"affiliation": user_profile_data.affiliation, "department": user_profile_data.department}
+        )
+
+        user_edit_form = self.user_edit_form_class(
+            initial={
+                "email": user_profile_data.user.email,
+                "first_name": user_profile_data.user.first_name,
+                "last_name": user_profile_data.user.last_name,
+            }
+        )
+
+        return render(request, self.template_name, {"form": user_edit_form, "profile_form": profile_edit_form})
+
+    def post(self, request, *args, **kwargs):
+        user_profile_data = self.get_user_profile_info(request)
+
+        user_form_details = self.user_edit_form_class(
+            request.POST,
+            instance=request.user,
+            initial={
+                "email": user_profile_data.user.email,
+            },
+        )
+
+        profile_form_details = self.profile_edit_form_class(
+            request.POST,
+            instance=user_profile_data,
+            initial={
+                "affiliation": user_profile_data.affiliation,
+            },
+        )
+
+        if user_form_details.is_valid() and profile_form_details.is_valid():
+            try:
+                with transaction.atomic():
+                    user_form_retrived_data = user_form_details.save(commit=False)
+
+                    # Only saving the new values, overwriting other existing values
+                    if (
+                        user_form_retrived_data.first_name != user_profile_data.user.first_name
+                        or user_form_retrived_data.last_name != user_profile_data.user.last_name
+                    ):
+                        user_form_retrived_data.username = user_profile_data.user.username
+                        user_form_retrived_data.email = user_profile_data.user.email
+                        user_form_retrived_data.password1 = user_profile_data.user.password
+                        user_form_retrived_data.password2 = user_profile_data.user.password
+                        user_form_retrived_data.save()
+
+                    else:
+                        logger.info("Not saving user form info as nothing has changed", exc_info=True)
+
+                    profile_form_retrived_data = profile_form_details.save(commit=False)
+
+                    # Only saving the new values, overwriting other existing values
+                    profile_form_retrived_data.affiliation = user_profile_data.affiliation
+                    profile_form_retrived_data.deleted_on = user_profile_data.deleted_on
+                    profile_form_retrived_data.why_account_needed = user_profile_data.why_account_needed
+                    profile_form_retrived_data.save()
+
+                    # profile_form_details.save_m2m()
+                    # user_form_details.save()
+                    # profile_form_details.save()
+
+                    logger.info(
+                        "Updated First Name: " + str(self.get_user_profile_info(request).user.first_name), exc_info=True
+                    )
+                    logger.info(
+                        "Updated Last Name: " + str(self.get_user_profile_info(request).user.last_name), exc_info=True
+                    )
+                    logger.info(
+                        "Updated Department: " + str(self.get_user_profile_info(request).department), exc_info=True
+                    )
+
+            except Exception as e:
+                return HttpResponse("Error updating records: " + str(e))
+
+            return render(request, "user/profile.html", {"user_profile": self.get_user_profile_info(request)})
+
+        else:
+            if not user_form_details.is_valid():
+                logger.error("Edit user error: " + str(user_form_details.errors), exc_info=True)
+
+            if not profile_form_details.is_valid():
+                logger.error("Edit profile error: " + str(profile_form_details.errors), exc_info=True)
+
+            return render(
+                request, self.template_name, {"form": user_form_details, "profile_form": profile_form_details}
+            )

cypress/e2e/ui-tests/test-brute-force-login-attempts.cy.js

@@ -45,7 +45,7 @@ describe("Test brute force login attempts are blocked", () => {
 
         // Sign out before logging in again
         cy.logf("Sign out before logging in again", Cypress.currentTest)
-        cy.get('button.btn-profile').click()
+        cy.get('button.btn-profile').contains("Profile").click()
         cy.get('li.btn-group').find('button').contains("Sign out").click()
         cy.get("title").should("have.text", "Logout | SciLifeLab Serve (beta)")
 

templates/common/navbar.html

@@ -40,6 +40,7 @@
                         </button>
                         <ul class="dropdown-menu">
                             <li><a class="dropdown-item" href="{% url 'user-profile' %}"><i class="bi bi-person me-1"></i>My profile</a></li>
+                            <li><a class="dropdown-item" href="{% url 'common:edit-profile' %}"><i class="bi bi-pencil-square me-1"></i>Edit profile</a></li>
                             <li><a class="dropdown-item" href="{% url 'password_change' %}"><i class="bi bi-key me-1"></i>Change password</a></li>
                             <form action="{% url 'logout' %}" method="post">
                                 {% csrf_token %}

templates/user/profile.html

@@ -11,8 +11,16 @@
         <div class="card-body">
             <div class="row">
                 <div class="col">
-                    <h3 class="card-title mb-0">My user profile</h3>
-
+                    <div class="row">
+                        <div class="col">
+                            <h3 class="card-title mb-0">My user profile</h3>
+                        </div>
+                        <div class="col">
+                            <button type="button" type="submit" aria-expanded="false" class="btn btn-profile">
+                                <a href="{% url 'common:edit-profile' %}"> <i class="bi bi-pencil-square"></i> Edit </a>
+                            </button>
+                        </div>
+                        </div>
                     <div class="row pt-4">
                         <h6 class="fw-bold">Account</h6>
                     </div>
@@ -45,7 +53,7 @@ <h6 class="fw-bold">Contact</h6>
                     <div class="row pt-5">
                         <h5>Delete Account</h5>
                         <p>
-                            To delete your account, <a href="{% url 'delete_account' %}">visit this page</a>
+                            To delete your account, <a href="{% url 'delete_account' %}">visit this page</a>.
                         </p>
                     </div>