From afe975b8c3ebfb7efc13ee96c8f2edf2a1602dfb Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Sun, 7 Jun 2020 00:07:46 +0200
Subject: [PATCH] User can add PGP key to for a contact

---
 app/dashboard/__init__.py                     |  1 +
 .../templates/dashboard/contact_detail.html   | 65 +++++++++++++++++++
 app/dashboard/views/contact_detail.py         | 55 ++++++++++++++++
 3 files changed, 121 insertions(+)
 create mode 100644 app/dashboard/templates/dashboard/contact_detail.html
 create mode 100644 app/dashboard/views/contact_detail.py

diff --git a/app/dashboard/__init__.py b/app/dashboard/__init__.py
index fc216406..41ff2bc0 100644
--- a/app/dashboard/__init__.py
+++ b/app/dashboard/__init__.py
@@ -22,4 +22,5 @@ from .views import (
     refused_email,
     referral,
     recovery_code,
+    contact_detail,
 )
diff --git a/app/dashboard/templates/dashboard/contact_detail.html b/app/dashboard/templates/dashboard/contact_detail.html
new file mode 100644
index 00000000..af0b1fd8
--- /dev/null
+++ b/app/dashboard/templates/dashboard/contact_detail.html
@@ -0,0 +1,65 @@
+{% extends 'default.html' %}
+
+{% set active_page = "dashboard" %}
+
+{% block title %}
+  Contact {{ contact.email }} - Alias {{ alias.email }}
+{% endblock %}
+
+{% block default_content %}
+
+  <div class="row">
+    <div class="col">
+      <h1 class="h3">{{ alias.email }} / {{ contact.email }}
+        {% if contact.pgp_finger_print %}
+          <span class="cursor" data-toggle="tooltip" data-original-title="PGP Enabled">🗝</span>
+        {% endif %}
+      </h1>
+
+      <div class="card">
+        <form method="post">
+          <input type="hidden" name="form-name" value="pgp">
+
+          <div class="card-body">
+            <div class="card-title">
+              Pretty Good Privacy (PGP)
+              <div class="small-text">
+                By importing your contact PGP Public Key into SimpleLogin, all emails sent to
+                <b>{{ contact.email }}</b> from your alias <b>{{ alias.email }}</b>
+                are <b>encrypted</b>.
+              </div>
+            </div>
+
+            {% if not current_user.is_premium() %}
+              <div class="alert alert-danger" role="alert">
+                This feature is only available in premium plan.
+              </div>
+            {% endif %}
+
+            <div class="form-group">
+              <label class="form-label">PGP Public Key</label>
+
+              <textarea name="pgp"
+                  {% if not current_user.is_premium() %} disabled {% endif %}
+                        class="form-control" rows=10
+                        placeholder="-----BEGIN PGP PUBLIC KEY BLOCK-----">{{ contact.pgp_public_key or "" }}</textarea>
+            </div>
+
+            <button class="btn btn-primary" name="action"
+                {% if not current_user.is_premium() %} disabled {% endif %}
+                    value="save">Save
+            </button>
+            {% if contact.pgp_finger_print %}
+              <button class="btn btn-danger float-right" name="action" value="remove">Remove</button>
+            {% endif %}
+
+          </div>
+        </form>
+
+      </div>
+
+    </div>
+  </div>
+{% endblock %}
+
+
diff --git a/app/dashboard/views/contact_detail.py b/app/dashboard/views/contact_detail.py
new file mode 100644
index 00000000..ead29120
--- /dev/null
+++ b/app/dashboard/views/contact_detail.py
@@ -0,0 +1,55 @@
+from flask import render_template, request, redirect, url_for, flash
+from flask_login import login_required, current_user
+
+from app.dashboard.base import dashboard_bp
+from app.extensions import db
+from app.models import Contact
+from app.pgp_utils import PGPException, load_public_key
+
+
+@dashboard_bp.route("/contact/<int:contact_id>/", methods=["GET", "POST"])
+@login_required
+def contact_detail_route(contact_id):
+    contact = Contact.get(contact_id)
+    if not contact or contact.user_id != current_user.id:
+        flash("You cannot see this page", "warning")
+        return redirect(url_for("dashboard.index"))
+
+    alias = contact.alias
+
+    if request.method == "POST":
+        if request.form.get("form-name") == "pgp":
+            if request.form.get("action") == "save":
+                if not current_user.is_premium():
+                    flash("Only premium plan can add PGP Key", "warning")
+                    return redirect(
+                        url_for("dashboard.contact_detail_route", contact_id=contact_id)
+                    )
+
+                contact.pgp_public_key = request.form.get("pgp")
+                try:
+                    contact.pgp_finger_print = load_public_key(contact.pgp_public_key)
+                except PGPException:
+                    flash("Cannot add the public key, please verify it", "error")
+                else:
+                    db.session.commit()
+                    flash(
+                        f"PGP public key for {contact.email} is saved successfully",
+                        "success",
+                    )
+                    return redirect(
+                        url_for("dashboard.contact_detail_route", contact_id=contact_id)
+                    )
+            elif request.form.get("action") == "remove":
+                # Free user can decide to remove contact PGP key
+                contact.pgp_public_key = None
+                contact.pgp_finger_print = None
+                db.session.commit()
+                flash(f"PGP public key for {contact.email} is removed", "success")
+                return redirect(
+                    url_for("dashboard.contact_detail_route", contact_id=contact_id)
+                )
+
+    return render_template(
+        "dashboard/contact_detail.html", contact=contact, alias=alias
+    )