Remove strange greeting copied over from user_home

This is more robust, as it indicates the request was successfully
authenticated and processed, but that there is no data to export. This is
different from the URL not existing (which would also happen if the module was
unavailable, which should be a notable error instead).

snikket_web/invite.py

@@ -10,13 +10,14 @@ from quart import (
     current_app,
     render_template,
     redirect,
+    request,
     url_for,
     session as http_session,
 )
 
 import wtforms
 
-from flask_babel import lazy_gettext as _l
+from flask_babel import lazy_gettext as _l, gettext
 
 from .infra import client, selected_locale, BaseForm
 
@@ -26,6 +27,11 @@ bp = Blueprint("invite", __name__)
 
 INVITE_SESSION_JID = "invite-session-jid"
 
+MAX_IMPORT_DATA_SIZE = 5*1024*1024  # 5MB
+SUPPORTED_IMPORT_TYPES = ["application/xml", "text/xml"]
+
+EIMPORTTOOBIG = _l("The account data you tried to import is too large to"
+                   "upload. Please contact your Snikket operator.")
 
 # https://play.google.com/store/apps/details?id=org.snikket.android&referrer={uri|urlescape}&pcampaignid=pcampaignidMKT-Other-global-all-co-prtnr-py-PartBadge-Mar2515-1
 
@@ -163,6 +169,7 @@ async def register(id_: str) -> typing.Union[str, quart.Response]:
                 raise
         else:
             http_session[INVITE_SESSION_JID] = jid
+            await client.login(jid, form.password.data)
             return redirect(url_for(".success"))
 
     return await render_template(
@@ -232,11 +239,55 @@ async def reset(id_: str) -> typing.Union[str, quart.Response]:
     )
 
 
+class DataImportForm(BaseForm):
+    account_data_file = wtforms.FileField(
+        _l("Account data file")
+    )
+
+    action_import = wtforms.SubmitField(
+        _l("Import data")
+    )
+
+
 @bp.route("/success", methods=["GET", "POST"])
+@client.require_session()
 async def success() -> str:
+    form = DataImportForm()
+    if form.validate_on_submit():
+        ok = True
+        file_info = (await request.files).get(form.account_data_file.name)
+        if file_info is not None:
+            mimetype = file_info.mimetype
+            data = file_info.stream.read()
+            if len(data) > MAX_IMPORT_DATA_SIZE:
+                form.account_data_file.errors.append(EIMPORTTOOBIG)
+                ok = False
+            elif mimetype not in SUPPORTED_IMPORT_TYPES:
+                form.account_data_file.errors.append(
+                    # not breaking the line here to avoid extract
+                    # translations failing (defensive)
+                    gettext("The account data you tried to import is in an unknown format. Please upload an XML file in XEP-0227 format (provided format: %(mimetype)s).", mimetype=mimetype),  # noqa:E501
+                )
+                ok = False
+            elif len(data) > 0:
+                await client.import_account_data(data)
+
+        if ok:
+            # Re-render success page, this time with no import option
+            return await render_template(
+                "invite_success.html",
+                jid=http_session.get(INVITE_SESSION_JID, ""),
+                migration_success=True,
+                    )
+
     return await render_template(
         "invite_success.html",
         jid=http_session.get(INVITE_SESSION_JID, ""),
+        migration_success=False,
+        form=form,
+        max_import_size=MAX_IMPORT_DATA_SIZE,
+        import_too_big_warning_header=_l("Error"),
+        import_too_big_warning=EIMPORTTOOBIG,
     )
 
 

snikket_web/prosodyclient.py

@@ -296,6 +296,9 @@ class ProsodyClient:
     def _public_v1_endpoint(self, subpath: str) -> str:
         return "{}/register_api{}".format(self._endpoint_base, subpath)
 
+    def _xep227_endpoint(self, subpath: str) -> str:
+        return "{}/xep227{}".format(self._endpoint_base, subpath)
+
     async def _oauth2_bearer_token(self,
                                    session: aiohttp.ClientSession,
                                    jid: str,
@@ -1121,6 +1124,34 @@ class ProsodyClient:
                 ) as resp:
             self._raise_error_from_response(resp)
 
+    @autosession
+    async def export_account_data(
+            self,
+            *,
+            session: aiohttp.ClientSession,
+            ) -> typing.Optional[str]:
+        async with session.get(
+                self._xep227_endpoint("/export?stores=roster,vcard,pep,pep_data"),  # noqa:E501
+                ) as resp:
+            self._raise_error_from_response(resp)
+            if resp.status == 204:
+                return None
+            return await resp.text()
+
+    @autosession
+    async def import_account_data(
+            self,
+            user_xml: str,
+            *,
+            session: aiohttp.ClientSession,
+            ) -> bool:
+        async with session.put(
+                self._xep227_endpoint("/import?stores=roster,vcard,pep,pep_data"),  # noqa:E501
+                data=user_xml,
+                ) as resp:
+            self._raise_error_from_response(resp)
+            return True
+
     @autosession
     async def revoke_token(
             self,

snikket_web/static/img/icons.svg

@@ -42,6 +42,11 @@ licensed under the terms of the Apache 2.0 License -->
 <g fill="none"><path d="M0 0h24v24H0V0z" /><path d="M0 0h24v24H0V0z" opacity=".87" /></g>
 <path d="M18 8h-1V6c0-2.76-2.24-5-5-5S7 3.24 7 6v2H6c-1.1 0-2 .9-2 2v10c0 1.1.9 2 2 2h12c1.1 0 2-.9 2-2V10c0-1.1-.9-2-2-2zm-6 9c-1.1 0-2-.9-2-2s.9-2 2-2 2 .9 2 2-.9 2-2 2zM9 8V6c0-1.66 1.34-3 3-3s3 1.34 3 3v2H9z" />
 </symbol>
+<!-- from: communication/import_export/materialiconsround/24px.svg -->
+<symbol id="icon-import_export" viewBox="0 0 24 24">
+<path d="M0 0h24v24H0V0z" fill="none" />
+<path d="M8.65 3.35L5.86 6.14c-.32.31-.1.85.35.85H8V13c0 .55.45 1 1 1s1-.45 1-1V6.99h1.79c.45 0 .67-.54.35-.85L9.35 3.35c-.19-.19-.51-.19-.7 0zM16 17.01V11c0-.55-.45-1-1-1s-1 .45-1 1v6.01h-1.79c-.45 0-.67.54-.35.85l2.79 2.78c.2.19.51.19.71 0l2.79-2.78c.32-.31.09-.85-.35-.85H16z" />
+</symbol>
 <!-- from: communication/qr_code/materialiconsround/24px.svg -->
 <symbol id="icon-qrcode" viewBox="0 0 24 24">
 <g><rect fill="none" height="24" width="24" /><rect fill="none" height="24" width="24" /></g>
@@ -88,6 +93,21 @@ licensed under the terms of the Apache 2.0 License -->
 <path d="M0 0h24v24H0V0z" fill="none" />
 <path d="M3.4 20.4l17.45-7.48c.81-.35.81-1.49 0-1.84L3.4 3.6c-.66-.29-1.39.2-1.39.91L2 9.12c0 .5.37.93.87.99L17 12 2.87 13.88c-.5.07-.87.5-.87 1l.01 4.61c0 .71.73 1.2 1.39.91z" />
 </symbol>
+<!-- from: file/file_download/materialicons/24px.svg -->
+<symbol id="icon-download" viewBox="0 0 24 24">
+<path d="M0 0h24v24H0z" fill="none" />
+<path d="M19 9h-4V3H9v6H5l7 7 7-7zM5 18v2h14v-2H5z" />
+</symbol>
+<!-- from: file/file_upload/materialicons/24px.svg -->
+<symbol id="icon-upload" viewBox="0 0 24 24">
+<path d="M0 0h24v24H0z" fill="none" />
+<path d="M9 16h6v-6h4l-7-7-7 7h4zm-4 2h14v2H5z" />
+</symbol>
+<!-- from: file/folder/materialiconsround/24px.svg -->
+<symbol id="icon-folder" viewBox="0 0 24 24">
+<path d="M0 0h24v24H0V0z" fill="none" />
+<path d="M10.59 4.59C10.21 4.21 9.7 4 9.17 4H4c-1.1 0-1.99.9-1.99 2L2 18c0 1.1.9 2 2 2h16c1.1 0 2-.9 2-2V8c0-1.1-.9-2-2-2h-8l-1.41-1.41z" />
+</symbol>
 <!-- from: navigation/arrow_back/materialiconsround/24px.svg -->
 <symbol id="icon-back" viewBox="0 0 24 24">
 <path d="M0 0h24v24H0V0z" fill="none" />

snikket_web/templates/invite_success.html

@@ -1,6 +1,6 @@
 {% extends "invite.html" %}
 {% set body_id = "invite" %}
-{% from "library.j2" import form_button, clipboard_button %}
+{% from "library.j2" import form_button, clipboard_button, render_errors %}
 {% block head_lead %}
 <title>{% trans site_name=config["SITE_NAME"] %}Successfully registered on {{ site_name }} | Snikket{% endtrans %}</title>
 {%- include "copy-snippet.html" -%}
@@ -16,5 +16,46 @@
 	{%- endcall -%}
 	<p>{% trans %}You can now set up your legacy XMPP client with the above address and the password you chose during registration.{% endtrans %}</p>
 	<p>{% trans login_url=url_for('main.login') %}You can now safely close this page, or log in to the web portal to <a href="{{ login_url }}">manage your account</a>.{% endtrans %}</p>
+
+	{% if migration_success %}
+		<h2>{% trans %}Import successful{% endtrans %}</h2>
+		<p>{% trans %}Congratulations! Your account data has been successfully imported.{% endtrans %}</p>
+	{% endif %}
+
+	{% if form %}
+		<h2>{% trans %}Moving to Snikket?{% endtrans %}</h2>
+		<p>{% trans %}If you are moving from a different Snikket instance or another XMPP-compatible service, you may optionally import the data (contacts, profile information, etc.) from your previous account. When you have exported the data from your previous account, upload it using the form below.{% endtrans %}</p>
+
+		<div class="form layout-expanded"><form method="POST" enctype="multipart/form-data">
+			<h3 class="form-title">{% trans %}Upload account data{% endtrans %}</h3>
+			{{ form.csrf_token }}
+			{% call render_errors(form) %}{% endcall %}
+			<div class="f-ebox">
+				{{ form.account_data_file.label }}
+				{{ form.account_data_file(accept="application/xml",
+						 data_maxsize=max_import_size,
+						 data_warning_header=import_too_big_warning_header,
+						 data_maxsize_warning=import_too_big_warning) }}
+			</div>
+			<div class="f-bbox">
+				{%- call form_button("upload", form.action_import, class="secondary") %}{% endcall -%}
+			</div>
+			<script type="text/javascript">
+			document.getElementById("{{ form.account_data_file.id }}").onchange = function() {
+				var maxsize_s = this.dataset.maxsize;
+				var maxsize = parseInt(maxsize_s);
+				if (this.files[0].size > maxsize) {
+					var warning_header = this.dataset.warningHeader;
+					var warning_text = this.dataset.maxsizeWarning;
+					this.setCustomValidity(warning_text);
+					this.reportValidity();
+					this.value = null;
+				} else {
+					this.setCustomValidity("");
+				}
+			};
+			</script>
+	</form></div>
+	{% endif %}
 </div>
 {% endblock %}

snikket_web/templates/user_home.html

@@ -30,6 +30,7 @@
 			<div>
 				<div>{% call standard_button("edit", url_for(".profile"), class="primary") %}{% trans %}Edit profile{% endtrans %}{% endcall %}</div>
 				<div>{% call standard_button("passwd", url_for(".change_pw"), class="secondary") %}{% trans %}Change password{% endtrans %}{% endcall %}</div>
+				<div>{% call standard_button("folder", url_for(".manage_data"), class="secondary") %}{% trans %}Manage your data{% endtrans %}{% endcall %}</div>
 			</div>
 			{#- -#}
 		</li>

snikket_web/templates/user_manage_data.html

@@ -0,0 +1,22 @@
+{% extends "app.html" %}
+{% from "library.j2" import standard_button, form_button, render_errors, avatar with context %}
+{% block content %}
+<h1>{% trans %}Manage your data{% endtrans %}</h1>
+<nav class="welcome">
+	<ul>
+		<li>
+			<h2>{% trans %}Export account{% endtrans %}</h2>
+			<p>{% trans %}Download your account data as a file for backup purposes or to move your account to another service.{% endtrans %}</p>
+
+			{% call render_errors(form) %}{% endcall %}
+
+			<div class="f-bbox">
+				<form method="POST">
+					{{ form.csrf_token }}
+					{%- call form_button("download", form.action_export, class="primary") %}{% endcall -%}
+				</form>
+			</div>
+		</li>
+	</ul>
+</nav>
+{% endblock %}

snikket_web/user.py

@@ -1,9 +1,11 @@
 import asyncio
 import typing
+import urllib
 
 import quart.flask_patch
 from quart import (
     Blueprint,
+    Response,
     render_template,
     request,
     redirect,
@@ -75,6 +77,16 @@ class ProfileForm(BaseForm):
     )
 
 
+class ImportAccountDataForm(BaseForm):
+    account_data_file = wtforms.FileField(
+        _l("Account data")
+    )
+
+    action_upload = wtforms.SubmitField(
+        _l("Upload"),
+    )
+
+
 @bp.route("/")
 @client.require_session()
 async def index() -> str:
@@ -168,6 +180,46 @@ async def profile() -> typing.Union[str, quart.Response]:
                                  avatar_too_big_warning=EAVATARTOOBIG)
 
 
+class DataExportForm(BaseForm):
+    action_export = wtforms.SubmitField(
+        _l("Export")
+    )
+
+
+@bp.route("/manage_data", methods=["GET", "POST"])
+@client.require_session()
+async def manage_data() -> typing.Union[str, quart.Response]:
+    form = DataExportForm()
+
+    if form.validate_on_submit():
+        user_info = await client.get_user_info()
+        # The UTF-8 version of the filename needs to be percent-encoded
+        encoded_address = urllib.parse.quote(
+            user_info["address"].encode(encoding='utf-8', errors='strict')
+        )
+        account_data = await client.export_account_data()
+        if account_data is None:
+            await flash(
+                _("You currently have no account data to export."),
+                "alert"
+            )
+        else:
+            return Response(account_data,
+                            mimetype="application/xml",
+                            headers={
+                                # We provide the UTF-8 filename, but the ASCII
+                                # one will be used as a fallback for legacy
+                                # browsers (RFC 5987)
+                                "Content-Disposition": (
+                                    'attachment; filename="account-data.xml"; '
+                                    'filename*="UTF-8\'\'account-data-{}.xml"'
+                                ).format(encoded_address)
+                            })
+    return await render_template("user_manage_data.html",
+                                 form=form,
+                                 )
+
+
 @bp.route("/logout", methods=["GET", "POST"])
 @client.require_session()
 async def logout() -> typing.Union[quart.Response, str]:

tools/icons.list

@@ -6,6 +6,7 @@ action/logout:logout
 action/login:login
 action/exit_to_app:exit_to_app
 action/lock:lock
+communication/import_export:import_export
 communication/qr_code:qrcode
 communication/vpn_key:passwd
 communication/rss_feed:broadcast
@@ -15,6 +16,9 @@ content/remove_circle_outline:remove
 content/content_copy:copy
 content/link_off:remove_link
 content/send:send
+file/file_download:download
+file/file_upload:upload
+file/folder:folder
 navigation/arrow_back:back
 navigation/arrow_forward:forward
 navigation/cancel:cancel