I was just thinking about our plugin system after I have read @justanr comment on #182 issue about just pip installing a plugin. At the moment, we use a homegrown plugin system where you simply place the plugins in the plugins/ folder and disable them by placing a DISABLED file in the plugins folder.

The more I think about plugins that you can just install with pip the more I like the idea. Below I have listed a few pros/cons about both systems that came to my mind:

Current Plugin System:

• (-) No dependency management
• (-) No version management (what to do upon a new FlaskBB release, that deprecates stuff?)
• (-) No "central" repository/infrastructure available (can be implemented)
• (+) Easy to install and enable

pip/PyPI based system:

• (+) Dependency management - a plugin can define the dependencies in the setup.py file
• (+) Version management
• (+) Infrastructure already available (PyPI)
• (~) Installation of plugins (some might prefer this method over dropping them into a folder)
• (?) How to say which plugins you want to have enabled and which not without uninstalling them?

These are just some random thoughts at the moment, but what do you think about that?

I tried using both the master and the new-theme branch, I tried using sqllite, and postgresql and I keep getting this error when running:

(flaskbb) [root@speedy uwsgi]# tail uw* File "/home/flaskbb/lib/python3.6/site-packages/sqlalchemy/util/compat.py", line 186, in reraise raise value.with_traceback(tb) File "/home/flaskbb/lib/python3.6/site-packages/sqlalchemy/engine/base.py", line 1193, in _execute_context context) File "/home/flaskbb/lib/python3.6/site-packages/sqlalchemy/engine/default.py", line 507, in do_execute cursor.execute(statement, parameters) sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) no such table: settings [SQL: 'SELECT settings."key" AS settings_key, settings.value AS settings_value, settings.settingsgroup AS settings_settingsgroup, settings.name AS settings_name, settings.description AS settings_description, settings.value_type AS settings_value_type, settings.extra AS settings_extra \nFROM settings'] (Background on this error at: http://sqlalche.me/e/e3q8) [pid: 10633|app: 0|req: 1/1] 192.168.1.2 () {50 vars in 842 bytes} [Sat Apr 28 14:28:40 2018] GET / => generated 0 bytes in 910 msecs (HTTP/1.1 500) 0 headers in 0 bytes (0 switches on core 0) announcing my loyalty to the Emperor... Sat Apr 28 14:28:41 2018 - [emperor] vassal flaskbb.ini is now loyal (flaskbb) [root@speedy uwsgi]#

it seems setup is not creating all of the correct tables. I am doing it by the book I think. I dont know where I am going wrong. Help thanks!

One (and only one) of my users says that he is receiving a CSRF error every time he tries to login. He has tried multiple browsers, private windows, clearing cache, flushing DNS, using wifi vs. LTE, and using different devices.

This is an attempt to fix the immediate errors that result when a guest is allowed to reply/post and actually tries to do so. While I don’t think there would be many forums that would allow guests to post (and we should therefore not spend too much time working on this), I do think that given the current permission system, #343 is a bug that should be fixed.

Now, it is arguable whether it is a good idea to save "" as username and None as user_id, but I wanted to get some input first, hence this pull request. (By the way: If you prefer discussing in the issue or squashing the commits before making the pull request, just tell me that. I’m completely new to both Git and Github.)

Alternative approach It might be more suitable to make Guest inherit from User and create a standard (non-deletable?) guest user that these posts are then assigned to. In that case, we could maybe also deal with the problem of the username in that a Guest class has a username attribute that when retrieved actually calls Babel’s gettext function, so it can be translated. But then: How do we know that when we load a user from the database, it should be instantiated as Guest, rather than as User? So, I think this solution would cause a bit more of a headache than it’s worth.

Left to do with the current approach The "" (not) showing up in the forums for guest posts look ugly at the very least. I just had the following idea: Since everyone else has to have a username that is at least one character long, we might actually check in the template for "" as username and dynamically replace it with _("Guest").

One last thing Before I forget: The first commit "Mismatched parentheses" (flaskbb/management/views.py) has nothing to do with this, but also caused a 500 when trying to delete a standard group (id < 6). I hope it’s presence is not a problem.

Not a full pull request, but wanting to submit for proposals and feedback. I'm current contemplating the best way of disentangling the various flaskbb.utils.permissions helpers from the handful of templates they're used in.

I'll rebase/squash the commits down into one once this is finalized.

• [x] Implement basic permission structure
• [x] Remove current permissions from templates -- ~~waiting on #145~~
• [x] More exhaustive testing (manual QA needed)

…for security reasons obviously. Hacking passwords is a lot easier if you know the usernames. And knowing who has elevated privileges makes this even cooler. Sure, request limiting makes brute-forcing harder, but IPs can be spoofed, Tor can be used and some users just choose some really stupid passwords.

Two ideas: Either have options for disabling the two on the admin panel or move it to a plug-in.

An alternative that should work even better (since usernames but not email addresses (?) can also be obtained by crawling the forums) – and that could be implemented independently: Force users to login with their email address instead of with the username.

issue #172 Adds Recaptcha to prevent brute force attacks. Is only enabled when RECAPTCHA_ENABLED is True

• [x] Login form recaptcha
• [x] Forgot password form.

p.s. first pull request ever so please correct me if I am doing something obviously wrong much appreciate it.

Hello, i have a forum section which started returning an Internal Server error each time anyone tries to browse it. I made no changes to the code pulled from github.

2017-04-29 22:00:26,183 ERROR: Exception on /forum/8-coffee [GET] [in /usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/app.py:1560]
Traceback (most recent call last):
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask_themes2/__init__.py", line 138, in render_theme_template
    **context)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/templating.py", line 133, in render_template
    return _render(ctx.app.jinja_env.get_or_select_template(template_name_or_list),
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/environment.py", line 869, in get_or_select_template
    return self.get_template(template_name_or_list, parent, globals)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/environment.py", line 830, in get_template
    return self._load_template(name, self.make_globals(globals))
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/environment.py", line 804, in _load_template
    template = self.loader.load(self, name, globals)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/loaders.py", line 113, in load
    source, filename, uptodate = self.get_source(environment, name)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/templating.py", line 57, in get_source
    return self._get_source_fast(environment, template)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/templating.py", line 85, in _get_source_fast
    raise TemplateNotFound(template)
jinja2.exceptions.TemplateNotFound: _themes/aurora/forum/forum.html

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/app.py", line 1982, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/app.py", line 1614, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/app.py", line 1517, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask_allows/allows.py", line 98, in allower
    return f(*args, **kwargs)
  File "/usr/home/flask/flaskbb/flaskbb/forum/views.py", line 100, in view_forum
    topics=topics, forumsread=forumsread,
  File "/usr/home/flask/flaskbb/flaskbb/utils/helpers.py", line 71, in render_template
    return render_theme_template(theme, template, **context)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask_themes2/__init__.py", line 141, in render_theme_template
    return render_template(template_name, **context)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/templating.py", line 134, in render_template
    context, ctx.app)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/flask/templating.py", line 116, in _render
    rv = template.render(context)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/environment.py", line 1008, in render
    return self.environment.handle_exception(exc_info, True)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/environment.py", line 780, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/home/flask/flaskbb/.venv/lib/python3.5/site-packages/jinja2/_compat.py", line 37, in reraise
    raise value.with_traceback(tb)
  File "/usr/home/flask/flaskbb/flaskbb/templates/forum/forum.html", line 4, in top-level template code
    {% extends theme("layout.html") %}
  File "/usr/home/flask/flaskbb/flaskbb/templates/layout.html", line 167, in top-level template code
    {% block content %}
  File "/usr/home/flask/flaskbb/flaskbb/templates/forum/forum.html", line 70, in block "content"
    {% if topic|topic_is_unread(topicread, current_user, forumsread) %}
  File "/usr/home/flask/flaskbb/flaskbb/utils/helpers.py", line 265, in topic_is_unread
    if topic.last_post.date_created < read_cutoff:
AttributeError: 'NoneType' object has no attribute 'date_created'

Hi everyone! First of all thank you for such a good project, I'm totally in love :)

I've noticed that there is no possibility to change the name of topics while editing it. Neither topic-starter nor moderator/admin can do this.

I suspect that this is because of beautiful slugs (e.g. /8-flaskbb-is-cool). I think there is a reason why mature forums don't use topic names in urls but they do use only IDs.

Is it possible to get the possibility to change topic names in FlaskBB?

Please, correct me if I am mistaken.

Thank you!

Hi,

https://gist.github.com/TechComet/ecffee1b427d285bb3ed050da399ba6e push this file to /flaskbb/flaskbb/themes/aurora/static/css

please add option to change default styles file (install step)

Addresses #183

WIP PR for adding pluggy based plugins to FlaskBB.

Currently this includes:

• Defining some specs for plugins to implement (by no means exhaustive)
• Creates manager and loads plugins when application is created -- after extensions
• Creates a DB interface for toggling plugins enabled
• Creates KV store in the database for plugins to store settings in so they don't need to populate the settings table -- these appear as a dictionary like interface on the plugin registry instance for the plugin (that's all the collection class and association proxy stuff in the PluginStore/PluginRegistry relationship)

I'm having some issues with loading CLI commands from plugins because the Flask-Click bridge only creates an application when absolutely needed, however plugins are loaded on application creation, so even with overriding the _load_plugin_commands hook in the FlaskGroup doesn't work as the FlaskBB instance hasn't been created yet.

Next steps here are:

• Documentation for writing pluggy based plugins
• Converting Portal to pluggy style
• Add hooks for rendering HTML fragments into templates at certain points
• Add hooks for pre/post handling on posting, topic, message, etc.
• Figure out how to load CLI commands.

Bumps json5 from 2.2.1 to 2.2.3.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps certifi from 2022.5.18.1 to 2022.12.7.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Hi, I wrote a super simple plugin which adds an atom feed to flaskbb: https://git.sr.ht/~exelotl/flaskbb-plugin-atom

If I run pip install flaskbb-plugin-atom (in my virtualenv) then the flaskbb portal plugin stops working, as pictured below:

If I remove my plugin with pip uninstall flaskbb-plugin-atom then the portal starts working again.

This would lead me to believe there's something wrong with my plugin, but it's about as simple as you can get (just a route, a template, and a couple of settings - made from the cookiecutter template). I also don't understand how this could happen when my plugin isn't even enabled.

Have I done something wrong or could this be a deeper issue somewhere?

When you go to a board and go into moderation mode, the individual "select topic" checkboxes do not respond to user input (clicking them doesn't change their state).

However, you can change their state programatically in the dev tools (e.g. mycheckbox.checked = true).

Also, the "select all" checkbox works fine (changes the state of all checkboxes)

Bumps pillow from 9.1.1 to 9.3.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps loader-utils from 2.0.2 to 2.0.4.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.