From 0e24f6b40ae741a6c728aa482214f1f6397591b6 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Mon, 28 Nov 2016 18:55:41 -0500
Subject: [PATCH 1/3] Fix user redirects to go to the correct URL

`/user` no longer works and returns a 404; we now need to redirect to the specific user page
---
 endpoints/oauthlogin.py |  8 ++++----
 endpoints/web.py        | 12 ++++--------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/endpoints/oauthlogin.py b/endpoints/oauthlogin.py
index 3d009ee9a..5ededb2dd 100644
--- a/endpoints/oauthlogin.py
+++ b/endpoints/oauthlogin.py
@@ -15,7 +15,6 @@ from endpoints.web import render_page_template_with_routedata
 from util.security.jwtutil import decode, InvalidTokenError
 from util.validation import generate_valid_usernames
 
-
 logger = logging.getLogger(__name__)
 client = app.config['HTTPCLIENT']
 oauthlogin = Blueprint('oauthlogin', __name__)
@@ -229,7 +228,7 @@ def google_oauth_attach():
       username, app.config['REGISTRY_TITLE_SHORT'])
     return render_ologin_error('Google', err)
 
-  return redirect(url_for('web.user'))
+  return redirect(url_for('web.user_view', path=user_obj.username, tab='external'))
 
 
 @oauthlogin.route('/github/callback/attach', methods=['GET'])
@@ -258,7 +257,7 @@ def github_oauth_attach():
 
     return render_ologin_error('GitHub', err)
 
-  return redirect(url_for('web.user'))
+  return redirect(url_for('web.user_view', path=user_obj.username, tab='external'))
 
 
 def decode_user_jwt(token, oidc_provider):
@@ -344,4 +343,5 @@ def dex_oauth_attach():
                                                               app.config['REGISTRY_TITLE_SHORT'])
     return render_ologin_error(dex_login.public_title, err)
 
-  return redirect(url_for('web.user'))
+  return redirect(url_for('web.user_view', path=user_obj.username, tab='external'))
+
diff --git a/endpoints/web.py b/endpoints/web.py
index 40ad37812..c19c957a1 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -126,12 +126,6 @@ def organizations():
   return index('')
 
 
-@web.route('/user/')
-@no_cache
-def user():
-  return index('')
-
-
 @web.route('/superuser/')
 @no_cache
 @route_show_if(features.SUPER_USERS)
@@ -405,8 +399,10 @@ def confirm_email():
   common_login(user)
   if model.user.has_user_prompts(user):
     return redirect(url_for('web.updateuser'))
+  elif new_email:
+    return redirect(url_for('web.user_view', path=user.username, tab='settings'))
   else:
-    return redirect(url_for('web.user', tab='email') if new_email else url_for('web.index'))
+    return redirect(url_for('web.index'))
 
 
 @web.route('/recovery', methods=['GET'])
@@ -418,7 +414,7 @@ def confirm_recovery():
 
   if user is not None:
     common_login(user)
-    return redirect(url_for('web.user'))
+    return redirect(url_for('web.user_view', path=user.username, tab='settings', action='password'))
   else:
     message = 'Invalid recovery code: This code is invalid or may have already been used.'
     return render_page_template_with_routedata('message.html', message=message)

From dcd8157207e58e5a69455404f39450d5795fa4c6 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Mon, 28 Nov 2016 18:55:51 -0500
Subject: [PATCH 2/3] Fix JWT exception in Dex code

---
 endpoints/oauthlogin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/endpoints/oauthlogin.py b/endpoints/oauthlogin.py
index 5ededb2dd..1164d5df5 100644
--- a/endpoints/oauthlogin.py
+++ b/endpoints/oauthlogin.py
@@ -325,7 +325,7 @@ def dex_oauth_attach():
 
   try:
     payload = decode_user_jwt(token, dex_login)
-  except jwt.InvalidTokenError:
+  except InvalidTokenError:
     logger.exception('Exception when decoding returned JWT')
     return render_ologin_error(
       dex_login.public_title,

From 2a24bbfb50e43729a1f8b8c50127c06c8bbec156 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Mon, 28 Nov 2016 18:59:01 -0500
Subject: [PATCH 3/3] Display the password change dialog immediately after
 account recovery

Fixes #1697
---
 static/js/pages/user-view.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/static/js/pages/user-view.js b/static/js/pages/user-view.js
index ff15d0c4d..c97a786b8 100644
--- a/static/js/pages/user-view.js
+++ b/static/js/pages/user-view.js
@@ -43,9 +43,14 @@
         $scope.context.viewuser = user;
         $scope.viewuser = user;
 
-        // Load the repositories.
         $timeout(function() {
+          // Load the repositories.
           loadRepositories();
+
+          // Show the password change dialog if immediately after an account recovery.
+          if ($routeParams.action == 'password' && UserService.isNamespaceAdmin(username)) {
+            $scope.showChangePassword();
+          }
         }, 10);
       });
     };