Create proper edit profile form w/ CSRF & refactor User.about_me null/empty string handling

models.py

@@ -37,6 +37,9 @@ class User(UserMixin, db.Model):
     def get_post_count(self) -> int:
         return len(self.posts)
 
+    def display_about(self) -> str:
+        return self.about_me or "This user hasn't written a bio yet."
+
 class Post(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     author = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)

routes.py

@@ -2,7 +2,7 @@ from flask import Blueprint, redirect, render_template, url_for, request
 from flask_login import current_user, login_required
 
 from models import User, Post, Comment
-from forms import NewPostForm
+from forms import NewPostForm, EditProfileForm
 from database import db
 
 blueprint = Blueprint('main', __name__)
@@ -71,13 +71,24 @@ def view_user(username: str):
     return render_template('pages/user.html', user=user)
 
 
-@blueprint.route('/user/<username>/edit', methods=['GET'])
+@blueprint.route('/user/<username>/edit', methods=['GET', 'POST'])
 @login_required
 def edit_user(username: str):
-    user = User.query.filter_by(username=username).first_or_404()
+    user = db.session.query(User).filter_by(username=username).first_or_404()
-    if current_user.is_admin or current_user.id == user.id:
+    form = EditProfileForm(request.form)
-        return render_template('pages/user_edit.html', user=user)
+
-    return redirect(url_for('main.view_user', username=username))
+    if request.method == 'POST':
+        if form.validate():
+            if current_user.is_admin or current_user.id == user.id:
+                user.about_me = form.about_me.data
+                user.name = form.name.data
+
+                db.session.commit()
+                return redirect(url_for('main.view_user', username=username))
+        return render_template('pages/user_edit.html', form=form)
+
+    form.populate_obj(user)
+    return render_template('pages/user_edit.html', form=form)
 
 # @blueprint.route('/blogs')
 # def blogs():

templates/pages/browse.html

@@ -24,7 +24,7 @@
                                     <img src="{{ url_for('static', filename='default_photo.png') }}"
                                          alt="{{ user.username }}'s Profile Picture">
                                 </div>
-                                <p class="user-box-minibio">{{ user.about_me }}</p>
+                                <p class="user-box-minibio">{{ user.display_about() }}</p>
                             </div>
                         </div>
                     {% endfor %}

templates/pages/user.html

@@ -29,7 +29,7 @@
         <div class="profile-bio">
             <p>
                 <strong>About me:</strong><br>
-                {{ user.about_me or "This user hasn't written a bio yet." }}
+                {{ user.display_about() }}
             </p>
         </div>
     </div>

templates/pages/user_edit.html

@@ -1,23 +1,12 @@
 {% extends 'layouts/index.html' %}
+{% from 'macros.html' import render_field %}
 
 {% block content %}
     <h3>Edit Profile</h3>
-    <form method="POST" action="{{ url_for('forms.edit_profile_post', username=user.username) }}" class="form">
+    <form method="POST" class="form">
-        <label>
+        {{ form.csrf_token }}
-            Name<br>
+        {{ render_field(form.name) }}
-            <input type="text" name="name" value="{{ user.name }}">
+        {{ render_field(form.about_me) }}
-        </label><br>
+        <input type="submit" value="Save & Submit">
-        <label>
-            About Me
-            <textarea type="text" name="about-me">{{ user.about_me }}</textarea>
-        </label>
-        <button class="button">Save & Submit</button>
     </form>
-    {% with messages = get_flashed_messages() %}
-        {% if messages %}
-            <span class="error-message">
-                {{ messages[0] }}
-            </span>
-        {% endif %}
-    {% endwith %}
 {% endblock %}