Use the user_id as key to avoid exposing the email address

author: Aurélien Bompard <aurelien@bompard.org> 2013-08-01 12:19:12 +0200
committer: Aurélien Bompard <aurelien@bompard.org> 2013-08-02 10:54:23 +0200
commit: c14775c638735fd719a97f53cb119ccea37f2ba4 (patch)
tree: d04dd662b78ff9d51e3fd16428edee42a8914306
parent: a5d7239c7a2be95816716997a8bbee7463a734ad (diff)
download: hyperkitty-c14775c638735fd719a97f53cb119ccea37f2ba4.tar.gz
hyperkitty-c14775c638735fd719a97f53cb119ccea37f2ba4.tar.xz
hyperkitty-c14775c638735fd719a97f53cb119ccea37f2ba4.zip
4 files changed, 32 insertions, 30 deletions
diff --git a/hyperkitty/templates/messages/message.html b/hyperkitty/templates/messages/message.html
index 7140d75..23fa458 100644
--- a/hyperkitty/templates/messages/message.html
+++ b/hyperkitty/templates/messages/message.html
@@ -27,17 +27,21 @@
             {% gravatar email.sender_email 40 %}
         </div>
         <div class="email-author inline-block">
-            <span class="name"><a
-                href="{% url 'public_user_profile' email=email.sender_email %}"
-                title="See {{ email.sender_name|escapeemail|escape }}'s profile"
-                >{{email.sender_name|escapeemail}}</a></span>
+            <span class="name">
+                {% if email.user_id %}
+                <a href="{% url 'public_user_profile' user_id=email.user_id %}"
+                   title="See {{ email.sender_name|escapeemail|escape }}'s profile"
+                   >{{email.sender_name|escapeemail}}</a>
+                {% else %}
+                   {{email.sender_name|escapeemail}}
+                {% endif %}
+            </span>
             <br />
             <span class="messagelink">
                 (<a href="{% url 'message_index' mlist_fqdn=mlist.name message_id_hash=email.message_id_hash %}"
                     title="{{ email.subject }}">permalink</a>)
             </span>
             {% if use_mockups %}
-            <br />
             <span class="rank">
                 Rank 8
             </span>
diff --git a/hyperkitty/templates/user_public_profile.html b/hyperkitty/templates/user_public_profile.html
index b62002d..0e4f7af 100644
--- a/hyperkitty/templates/user_public_profile.html
+++ b/hyperkitty/templates/user_public_profile.html
@@ -6,14 +6,14 @@
 
 
 {% block title %}
-{% trans 'User Profile' %} for {{ email }} - {{ app_name|title }}
+{% trans 'User Profile' %} for {{ fullname }} - {{ app_name|title }}
 {% endblock %}
 
 {% block content %}
 
 <div id="user-profile">
 
-    <h1>User profile <small>for {{ email }}</small></h1>
+    <h1>User profile <small>for {{ fullname }}</small></h1>
 
     <table class="table table-bordered table-striped user-data">
         <tbody>
@@ -21,10 +21,6 @@
                 <th>{% trans 'Name:' %}</th>
                 <td>{{ fullname }}</td>
             </tr>
-            <tr>
-                <th>{% trans 'Email:' %}</th>
-                <td>{{ email }}</td>
-            </tr>
             {% if creation %}
             <tr>
                 <th>{% trans 'Creation:' %}</th>
diff --git a/hyperkitty/urls.py b/hyperkitty/urls.py
index 3cc24e5..c24615a 100644
--- a/hyperkitty/urls.py
+++ b/hyperkitty/urls.py
@@ -51,7 +51,7 @@ urlpatterns = patterns('hyperkitty.views',
     url(r'^accounts/register/$', 'accounts.user_registration', {'SSL': True}, name='user_registration'),
 
     # Users
-    url(r'^user/(?P<email>[^/@]+@[^/@]+)/$', 'accounts.public_profile', name='public_user_profile'),
+    url(r'^user/(?P<user_id>[^/]+)/$', 'accounts.public_profile', name='public_user_profile'),
 
     # List archives and overview
     url(r'^list/(?P<mlist_fqdn>[^/@]+@[^/@]+)/(?P<year>\d{4})/(?P<month>\d\d?)/(?P<day>\d\d?)/$',
diff --git a/hyperkitty/views/accounts.py b/hyperkitty/views/accounts.py
index 5d7a9fc..c7772ec 100644
--- a/hyperkitty/views/accounts.py
+++ b/hyperkitty/views/accounts.py
@@ -32,10 +32,11 @@ from django.contrib.auth.views import login as django_login_view
 from django.shortcuts import render, redirect
 from django.utils.http import is_safe_url, urlquote
 from django.utils.timezone import utc, get_current_timezone
-from django.http import Http404
+from django.http import Http404, HttpResponse
 #from django.utils.translation import gettext as _
 from social_auth.backends import SocialAuthBackend
 import dateutil.parser
+import mailmanclient
 
 from hyperkitty.models import UserProfile, Rating, Favorite, LastView
 from hyperkitty.views.forms import RegistrationForm, UserProfileForm
@@ -208,19 +209,21 @@ def votes(request):
             })
 
 
-def public_profile(request, email):
-    from mailmanclient import Client, MailmanConnectionError
+def public_profile(request, user_id):
     try:
-        client = Client('%s/3.0' % settings.MAILMAN_REST_SERVER,
-                        settings.MAILMAN_API_USER, settings.MAILMAN_API_PASS)
-        mm_user = client.get_user(email)
+        client = mailmanclient.Client('%s/3.0' %
+                    settings.MAILMAN_REST_SERVER,
+                    settings.MAILMAN_API_USER,
+                    settings.MAILMAN_API_PASS)
+        mm_user = client.get_user(user_id)
     except HTTPError:
-        raise Http404("No user with this email: %s" % email)
-    except MailmanConnectionError:
-        class EmptyMailmanUser:
-            created_on = None
-            subscription_list_ids = []
-        mm_user = EmptyMailmanUser()
+        raise Http404("No user with this ID: %s" % user_id)
+    except mailmanclient.MailmanConnectionError:
+        return HttpResponse("Can't connect to Mailman",
+                            content_type="text/plain", status=500)
+    fullname = mm_user.display_name
+    if not fullname:
+        fullname = store.get_sender_name(user_id)
     subscriptions = []
     store = get_store(request)
     # Subscriptions
@@ -229,7 +232,7 @@ def public_profile(request, email):
         # de-duplicate subscriptions
         if mlist in [ s["list_name"] for s in subscriptions ]:
             continue
-        email_hashes = store.get_message_hashes_by_sender(email, mlist)
+        email_hashes = store.get_message_hashes_by_user_id(user_id, mlist)
         try: # Compute the average vote value
             votes = Rating.objects.filter(list_address=mlist,
                                           messageid__in=email_hashes)
@@ -241,8 +244,8 @@ def public_profile(request, email):
                 likes += 1
             elif v.vote == -1:
                 dislikes += 1
-        all_posts_url = "%s?list=%s&query=sender:%s" % \
-                (reverse("search"), mlist, urlquote(email))
+        all_posts_url = "%s?list=%s&query=user_id:%s" % \
+                (reverse("search"), mlist, urlquote(user_id))
         likestatus = "neutral"
         if likes - dislikes >= 10:
             likestatus = "likealot"
@@ -250,7 +253,7 @@ def public_profile(request, email):
             likestatus = "like"
         subscriptions.append({
             "list_name": mlist,
-            "first_post": store.get_first_post(mlist, email),
+            "first_post": store.get_first_post(mlist, user_id),
             "likes": likes,
             "dislikes": dislikes,
             "likestatus": likestatus,
@@ -265,8 +268,7 @@ def public_profile(request, email):
     elif likes - dislikes > 0:
         likestatus = "like"
     context = {
-        "email": email,
-        "fullname": store.get_sender_name(email),
+        "fullname": fullname,
         "mm_user": mm_user,
         "creation": dateutil.parser.parse(mm_user.created_on),
         "subscriptions": subscriptions,
author	Aurélien Bompard <aurelien@bompard.org>	2013-08-01 12:19:12 +0200
committer	Aurélien Bompard <aurelien@bompard.org>	2013-08-02 10:54:23 +0200
commit	c14775c638735fd719a97f53cb119ccea37f2ba4 (patch)
tree	d04dd662b78ff9d51e3fd16428edee42a8914306
parent	a5d7239c7a2be95816716997a8bbee7463a734ad (diff)
download	hyperkitty-c14775c638735fd719a97f53cb119ccea37f2ba4.tar.gz hyperkitty-c14775c638735fd719a97f53cb119ccea37f2ba4.tar.xz hyperkitty-c14775c638735fd719a97f53cb119ccea37f2ba4.zip