From c2ca4c5cc424daebd016adedcd7b8d8fbd36b346 Mon Sep 17 00:00:00 2001
From: drorganvidez <davromorg@alum.us.es>
Date: Thu, 12 Sep 2024 22:27:52 +0200
Subject: [PATCH] fix: Fix bugs in CAPTCHA and sign up

---
 app/modules/auth/routes.py                     | 18 ++++++++++++++----
 app/modules/auth/services.py                   |  9 +++++++--
 .../auth/templates/auth/signup_form.html       |  1 +
 app/modules/captcha/services.py                |  4 ++--
 app/modules/mail/services.py                   |  8 ++++++--
 5 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/app/modules/auth/routes.py b/app/modules/auth/routes.py
index ec869db..4a7eb68 100644
--- a/app/modules/auth/routes.py
+++ b/app/modules/auth/routes.py
@@ -1,5 +1,6 @@
 from flask import flash, render_template, redirect, url_for, request
 from flask_login import current_user, login_user, logout_user
+from pymysql import IntegrityError
 
 from app.modules.auth import auth_bp
 from app.modules.auth.decorators import guest_required
@@ -8,6 +9,8 @@
 from app.modules.profile.services import UserProfileService
 from app.modules.captcha.services import CaptchaService
 
+from app import db
+
 authentication_service = AuthenticationService()
 user_profile_service = UserProfileService()
 captcha_service = CaptchaService()
@@ -20,7 +23,6 @@ def show_signup_form():
 
     form = SignupForm()
     if form.validate_on_submit():
-
         user_input = request.form['captcha']
         if not captcha_service.validate_captcha(user_input):
             flash('Please complete the reCAPTCHA', 'danger')
@@ -28,14 +30,22 @@ def show_signup_form():
 
         email = form.email.data
         if not authentication_service.is_email_available(email):
-            return render_template("auth/signup_form.html", form=form, error=f'Email {email} in use')
+            flash(f'Email {email} is already in use', 'danger')
+            return render_template("auth/signup_form.html", form=form)
 
         try:
+            # Intentamos crear el usuario
             user = authentication_service.create_with_profile(**form.data)
             authentication_service.send_confirmation_email(user.email)
             flash("Please confirm your email", "info")
-        except Exception as exc:
-            return render_template("auth/signup_form.html", form=form, error=f'Error creating user: {exc}')
+        except IntegrityError as exc:
+            # Manejar el caso de duplicado en la base de datos
+            db.session.rollback()  # Hacer rollback para limpiar la sesión
+            if 'Duplicate entry' in str(exc):
+                flash(f'Email {email} is already in use', 'danger')
+            else:
+                flash(f'Error creating user: {exc}', 'danger')
+            return render_template("auth/signup_form.html", form=form)
 
         return redirect(url_for("public.index"))
 
diff --git a/app/modules/auth/services.py b/app/modules/auth/services.py
index 7738e4e..2c1835e 100644
--- a/app/modules/auth/services.py
+++ b/app/modules/auth/services.py
@@ -77,11 +77,16 @@ def get_token_from_email(self, email):
 
     def send_confirmation_email(self, user_email):
         token = self.get_token_from_email(user_email)
-        url = url_for("auth.confirm_user", token=token)
+        url = url_for("auth.confirm_user", token=token, _external=True)
+        
+        # Usamos UTF-8 para el contenido HTML
+        html_body = f"<a href='{url}'>Please confirm your email</a>"
+        
         mail_service.send_email(
             "Please confirm your email",
             recipients=[user_email],
-            body=f"<a href='{url}'>Please confirm your email</a>",
+            body="Please confirm your email by clicking the link below.",
+            html_body=html_body
         )
 
     def confirm_user_with_token(self, token):
diff --git a/app/modules/auth/templates/auth/signup_form.html b/app/modules/auth/templates/auth/signup_form.html
index 803115b..6d9a8c4 100644
--- a/app/modules/auth/templates/auth/signup_form.html
+++ b/app/modules/auth/templates/auth/signup_form.html
@@ -160,4 +160,5 @@ <h5 class="card-title">Anti-bot filter</h5>
 
 {% block scripts %}
     <script src="{{ url_for('auth.scripts') }}"></script>
+    <script src="{{ url_for('captcha.scripts') }}"></script>
 {% endblock %}
diff --git a/app/modules/captcha/services.py b/app/modules/captcha/services.py
index 496c3b1..971ec83 100644
--- a/app/modules/captcha/services.py
+++ b/app/modules/captcha/services.py
@@ -13,8 +13,8 @@ def __init__(self):
         self.image_captcha = ImageCaptcha()
 
     def generate_captcha_text(self, length=6) -> str:
-        letters = string.ascii_uppercase + string.digits
-        return ''.join(random.choice(letters) for _ in range(length))
+        allowed_characters = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789'
+        return ''.join(random.choice(allowed_characters) for _ in range(length))
 
     def generate_captcha(self):
         captcha_text = self.generate_captcha_text()
diff --git a/app/modules/mail/services.py b/app/modules/mail/services.py
index b7cb4a4..02730f3 100644
--- a/app/modules/mail/services.py
+++ b/app/modules/mail/services.py
@@ -18,13 +18,17 @@ def init_app(self, app):
         app.config['MAIL_USE_TLS'] = os.getenv('MAIL_USE_TLS', 'True') == 'True'
         app.config['MAIL_USE_SSL'] = os.getenv('MAIL_USE_SSL', 'False') == 'True'
         app.config['MAIL_USERNAME'] = os.getenv('MAIL_USERNAME', 'tu_correo@tudominio.com')
-        app.config['MAIL_PASSWORD'] = os.getenv('MAIL_PASSWORD', 'tu_contraseña')
+        app.config['MAIL_PASSWORD'] = os.getenv('MAIL_PASSWORD', 'tu_password')
         app.config['MAIL_DEFAULT_SENDER'] = os.getenv('MAIL_USERNAME')
 
         self.mail = Mail(app)
         self.sender = app.config['MAIL_USERNAME']
 
-    def send_email(self, subject, recipients, body):
+    def send_email(self, subject, recipients, body, html_body=None):
         msg = Message(subject, sender=self.sender, recipients=recipients)
+        
         msg.body = body
+        if html_body:
+            msg.html = html_body
+
         self.mail.send(msg)