Merge branch 'jinja2-template' into DO-NOT-MERGE-horrible-webapp

.gitignore

@@ -9,3 +9,4 @@
 
 *.sqlite3
 *.db
+static/img/thumbnails

README.md

@@ -19,6 +19,7 @@ This project intends to provide a well-tested and maintainable alternative to
 - Python 3 (>=3.6)
 - Python dependencies:
   - apsw
+  - jinja2
   
 ## Usage
 

doc

@@ -1 +1 @@
-Subproject commit 14b8380090858c3bed5c3b2ee7cf1408aaa133df
+Subproject commit 51e940460ddbaebb7f2ffc48d00d9ef19cf8d33f

matemat/__main__.py

@@ -13,4 +13,4 @@ if __name__ == '__main__':
         port = int(sys.argv[1])
 
     # Start the web server
-    MatematWebserver(port=port, webroot='./static').start()
+    MatematWebserver(port=port).start()

matemat/exceptions/AuthenticatonError.py

@@ -2,7 +2,7 @@
 from typing import Optional
 
 
-class AuthenticationError(BaseException):
+class AuthenticationError(Exception):
 
     def __init__(self, msg: Optional[str] = None) -> None:
         super().__init__()

matemat/exceptions/HttpException.py

@@ -0,0 +1,20 @@
+
+class HttpException(Exception):
+
+    def __init__(self, status: int = 500, title: str = 'An error occurred', message: str = None) -> None:
+        super().__init__()
+        self.__status: int = status
+        self.__title: str = title
+        self.__message: str = message
+
+    @property
+    def status(self) -> int:
+        return self.__status
+
+    @property
+    def title(self) -> str:
+        return self.__title
+
+    @property
+    def message(self) -> str:
+        return self.__message

matemat/exceptions/__init__.py

@@ -4,3 +4,4 @@ This package provides custom exception classes used in the Matemat codebase.
 
 from .AuthenticatonError import AuthenticationError
 from .DatabaseConsistencyError import DatabaseConsistencyError
+from .HttpException import HttpException

matemat/webserver/__init__.py

@@ -7,4 +7,5 @@ server will attempt to serve the request with a static resource in a previously
 """
 
 from .requestargs import RequestArgument, RequestArguments
+from .responses import PageletResponse, RedirectResponse, TemplateResponse
 from .httpd import MatematWebserver, HttpHandler, pagelet

matemat/webserver/httpd.py

@@ -1,5 +1,5 @@
 
-from typing import Any, Callable, Dict, Optional, Tuple, Union
+from typing import Any, Callable, Dict, Tuple, Type, Union
 
 import traceback
 
@@ -12,10 +12,12 @@ from http.cookies import SimpleCookie
 from uuid import uuid4
 from datetime import datetime, timedelta
 
-from matemat import __version__ as matemat_version
+import jinja2
-from matemat.webserver import RequestArguments
-from matemat.webserver.util import parse_args
 
+from matemat import __version__ as matemat_version
+from matemat.exceptions import HttpException
+from matemat.webserver import RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
+from matemat.webserver.util import parse_args
 
 #
 # Python internal class hacks
@@ -27,15 +29,16 @@ TCPServer.address_family = socket.AF_INET6
 BaseHTTPRequestHandler.log_request = lambda self, code='-', size='-': None
 BaseHTTPRequestHandler.log_error = lambda self, fstring='', *args: None
 
-
 # Dictionary to hold registered pagelet paths and their handler functions
 _PAGELET_PATHS: Dict[str, Callable[[str,  # HTTP method (GET, POST, ...)
                                     str,  # Request path
                                     RequestArguments,  # HTTP Request arguments
                                     Dict[str, Any],  # Session vars
                                     Dict[str, str]],  # Response headers
-                                   Tuple[int, Union[bytes, str]]]] = dict()  # Returns: (status code, response body)
+                                   Union[  # Return type: either a response body, or a redirect
-
+                                       bytes, str,  # Response body: will assign HTTP/1.0 200 OK
+                                       PageletResponse,  # A generic response
+                                   ]]] = dict()
 
 # Inactivity timeout for client sessions
 _SESSION_TIMEOUT: int = 3600
@@ -54,15 +57,18 @@ def pagelet(path: str):
          args: RequestArguments,
          session_vars: Dict[str, Any],
          headers: Dict[str, str])
-        -> (int, Optional[Union[str, bytes]])
+        -> Union[bytes, str, Tuple[int, str]]
 
         method:       The HTTP method (GET, POST) that was used.
         path:         The path that was requested.
         args:         The arguments that were passed with the request (as GET or POST arguments).
         session_vars: The session storage.  May be read from and written to.
         headers:      The dictionary of HTTP response headers.  Add headers you wish to send with the response.
-        returns:      A tuple consisting of the HTTP status code (as an int) and the response body (as str or bytes,
+        returns:      One of the following:
-                      may be None)
+                        - A HTTP Response body as str or bytes
+                        - A PageletResponse class instance: An instance of (a subclass of)
+                          matemat.webserver.PageletResponse, e.g. encapsulating a redirect or a Jinja2 template.
+        raises:       HttpException: If a non-200 HTTP status code should be returned
 
     :param path: The path to register the function for.
     """
@@ -72,16 +78,42 @@ def pagelet(path: str):
                                     RequestArguments,
                                     Dict[str, Any],
                                     Dict[str, str]],
-                                   Tuple[int, Optional[Union[bytes, str]]]]):
+                                   Union[
+                                       bytes, str,
+                                       PageletResponse
+                                   ]]):
         # Add the function to the dict of pagelets
         _PAGELET_PATHS[path] = fun
         # Don't change the function itself at all
         return fun
+
     # Return the inner function (Python requires a "real" function annotation to not have any arguments except
     # the function itself)
     return http_handler
 
 
+class MatematHTTPServer(HTTPServer):
+    """
+    A http.server.HTTPServer subclass that acts as a container for data that must be persistent between requests.
+    """
+
+    def __init__(self,
+                 server_address: Any,
+                 handler: Type[BaseHTTPRequestHandler],
+                 staticroot: str,
+                 templateroot: str,
+                 bind_and_activate: bool = True) -> None:
+        super().__init__(server_address, handler, bind_and_activate)
+        # Resolve webroot directory
+        self.webroot = os.path.abspath(staticroot)
+        # Set up session vars dict
+        self.session_vars: Dict[str, Tuple[datetime, Dict[str, Any]]] = dict()
+        # Set up the Jinja2 environment
+        self.jinja_env: jinja2.Environment = jinja2.Environment(
+            loader=jinja2.FileSystemLoader(os.path.abspath(templateroot))
+        )
+
+
 class MatematWebserver(object):
     """
     Then main webserver class, internally uses Python's http.server.
@@ -97,13 +129,18 @@ class MatematWebserver(object):
         server.start()
     """
 
-    def __init__(self, listen: str = '::', port: int = 80, webroot: str = './webroot') -> None:
+    def __init__(self,
+                 listen: str = '::',
+                 port: int = 80,
+                 staticroot: str = './static',
+                 templateroot: str = './templates') -> None:
         """
         Instantiate a MatematWebserver.
 
-        :param listen: The IPv4 or IPv6 address to listen on
+        :param listen: The IPv4 or IPv6 address to listen on.
-        :param port: The TCP port to listen on
+        :param port: The TCP port to listen on.
-        :param webroot: Path to the webroot directory
+        :param staticroot: Path to the static webroot directory.
+        :param templateroot: Path to the Jinja2 templates root directory.
         """
         if len(listen) == 0:
             # Empty string should be interpreted as all addresses
@@ -113,11 +150,7 @@ class MatematWebserver(object):
             # Rewrite IPv4 address to IPv6-mapped form
             listen = f'::ffff:{listen}'
         # Create the http server
-        self._httpd = HTTPServer((listen, port), HttpHandler)
+        self._httpd = MatematHTTPServer((listen, port), HttpHandler, staticroot, templateroot)
-        # Set up session vars dict
-        self._httpd.session_vars: Dict[str, Tuple[datetime, Dict[str, Any]]] = dict()
-        # Resolve webroot directory
-        self._httpd.webroot = os.path.abspath(webroot)
 
     def start(self) -> None:
         """
@@ -136,6 +169,7 @@ class HttpHandler(BaseHTTPRequestHandler):
 
     def __init__(self, request: bytes, client_address: Tuple[str, int], server: HTTPServer) -> None:
         super().__init__(request, client_address, server)
+        self.server: MatematHTTPServer
 
     @property
     def server_version(self) -> str:
@@ -167,7 +201,7 @@ class HttpHandler(BaseHTTPRequestHandler):
         if session_id not in self.server.session_vars:
             self.server.session_vars[session_id] = (now + timedelta(seconds=_SESSION_TIMEOUT)), dict()
         else:
-            self.server.session_vars[session_id] =\
+            self.server.session_vars[session_id] = \
                 (now + timedelta(seconds=_SESSION_TIMEOUT), self.server.session_vars[session_id][1])
         # Return the session ID and timeout
         return session_id, self.server.session_vars[session_id][0]
@@ -181,6 +215,53 @@ class HttpHandler(BaseHTTPRequestHandler):
         if session_id in self.server.session_vars:
             del self.server.session_vars[session_id]
 
+    def _parse_pagelet_result(self,
+                              pagelet_res: Union[bytes,  # Response body as bytes
+                                                 str,  # Response body as str
+                                                 PageletResponse],  # Encapsulated or unresolved response body
+                              headers: Dict[str, str]) \
+            -> Tuple[int, bytes]:
+        """
+        Process the return value of a pagelet function call.
+
+        :param pagelet_res: The pagelet return value.
+        :param headers: The dict of HTTP response headers, needed for setting the redirect header.
+        :return: The HTTP Response status code (an int) and body (a bytes).
+        :raises TypeError: If the pagelet result was not in the expected form.
+        """
+        # The HTTP Response Status Code, defaults to 200 OK
+        hsc: int = 200
+        # The HTTP Response body, defaults to empty
+        data: bytes = bytes()
+
+        # If the response is a bytes object, it is used without further modification
+        if isinstance(pagelet_res, bytes):
+            data = pagelet_res
+
+        # If the response is a str object, it is encoded into a bytes object
+        elif isinstance(pagelet_res, str):
+            data = pagelet_res.encode('utf-8')
+
+        # If the response is a PageletResponse object, the status code is extracted.  Generation of the body depends
+        # on the subtype
+        elif isinstance(pagelet_res, PageletResponse):
+            hsc = pagelet_res.status
+
+            # If the object is a RedirectResponse instance, no body is needed
+            if isinstance(pagelet_res, RedirectResponse):
+                headers['Location'] = pagelet_res.location
+            # If the object is a TemplateRespinse instance, pass the Jinja2 environment instance for rendering
+            elif isinstance(pagelet_res, TemplateResponse):
+                # noinspection PyProtectedMember
+                data = pagelet_res._render(self.server.jinja_env)
+            # else: Empty body
+
+        else:
+            raise TypeError(f'Return value of pagelet not understood: {pagelet_res}')
+
+        # Return the resulting status code and body
+        return hsc, data
+
     def _handle(self, method: str, path: str, args: RequestArguments) -> None:
         """
         Handle a HTTP request by either dispatching it to the appropriate pagelet or by serving a static resource.
@@ -205,17 +286,13 @@ class HttpHandler(BaseHTTPRequestHandler):
         if path in _PAGELET_PATHS:
             # Prepare some headers.  Those can still be overwritten by the pagelet
             headers: Dict[str, str] = {
-                'Content-Type': 'text/html',
+                'Content-Type': 'text/html; charset=utf-8',
                 'Cache-Control': 'no-cache'
             }
             # Call the pagelet function
-            hsc, data = _PAGELET_PATHS[path](method, path, args, self.session_vars, headers)
+            pagelet_res = _PAGELET_PATHS[path](method, path, args, self.session_vars, headers)
-            # The pagelet may return None as data as a shorthand for an empty response
+            # Parse the pagelet's return value, vielding a HTTP status code and a response body
-            if data is None:
+            hsc, data = self._parse_pagelet_result(pagelet_res, headers)
-                data = bytes()
-            # If the pagelet returns a Python str, convert it to an UTF-8 encoded bytes object
-            if isinstance(data, str):
-                data = data.encode('utf-8')
             # Send the HTTP status code
             self.send_response(hsc)
             # Format the session cookie timeout string and send the session cookie header
@@ -272,18 +349,23 @@ class HttpHandler(BaseHTTPRequestHandler):
             path, args = parse_args(self.path)
             self._handle('GET', path, args)
         # Special handling for some errors
-        except PermissionError:
+        except HttpException as e:
-            self.send_response(403, 'Forbidden')
+            self.send_error(e.status, e.title, e.message)
-            self.end_headers()
-        except ValueError:
-            self.send_response(400, 'Bad Request')
-            self.end_headers()
-        except BaseException as e:
             print(e)
             traceback.print_tb(e.__traceback__)
+        except PermissionError as e:
+            self.send_error(403, 'Forbidden')
+            print(e)
+            traceback.print_tb(e.__traceback__)
+        except ValueError as e:
+            self.send_error(400, 'Bad Request')
+            print(e)
+            traceback.print_tb(e.__traceback__)
+        except BaseException as e:
             # Generic error handling
-            self.send_response(500, 'Internal Server Error')
+            self.send_error(500, 'Internal Server Error')
-            self.end_headers()
+            print(e)
+            traceback.print_tb(e.__traceback__)
 
     # noinspection PyPep8Naming
     def do_POST(self) -> None:
@@ -301,19 +383,21 @@ class HttpHandler(BaseHTTPRequestHandler):
             # Parse the request and hand it to the handle function
             self._handle('POST', path, args)
         # Special handling for some errors
-        except PermissionError:
+        except HttpException as e:
-            self.send_response(403, 'Forbidden')
+            self.send_error(e.status, e.title, e.message)
-            self.end_headers()
+            print(e)
-        except ValueError:
+            traceback.print_tb(e.__traceback__)
-            self.send_response(400, 'Bad Request')
+        except PermissionError as e:
-            self.end_headers()
+            self.send_error(403, 'Forbidden')
-        except TypeError:
+            print(e)
-            self.send_response(400, 'Bad Request')
+            traceback.print_tb(e.__traceback__)
-            self.end_headers()
+        except ValueError as e:
+            self.send_error(400, 'Bad Request')
+            print(e)
+            traceback.print_tb(e.__traceback__)
         except BaseException as e:
             # Generic error handling
-            self.send_response(500, 'Internal Server Error')
+            self.send_error(500, 'Internal Server Error')
-            self.end_headers()
             print(e)
             traceback.print_tb(e.__traceback__)
 

matemat/webserver/pagelets/admin.py

@@ -1,14 +1,12 @@
 
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import Any, Dict, Union
-
-from jinja2 import Environment, FileSystemLoader
 
 import os
 
-from matemat.webserver import pagelet, RequestArguments
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
 from matemat.db import MatematDatabase
 from matemat.primitives import User
-from matemat.exceptions import DatabaseConsistencyError
+from matemat.exceptions import DatabaseConsistencyError, HttpException
 
 
 @pagelet('/admin')
@@ -17,15 +15,13 @@ def admin(method: str,
           args: RequestArguments,
           session_vars: Dict[str, Any],
           headers: Dict[str, str]) \
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[str, bytes, PageletResponse]:
-    env = Environment(loader=FileSystemLoader('templates'))
     if 'authentication_level' not in session_vars or 'authenticated_user' not in session_vars:
-        headers['Location'] = '/login'
+        return RedirectResponse('/login')
-        return 301, None
     authlevel: int = session_vars['authentication_level']
     uid: int = session_vars['authenticated_user']
     if authlevel < 2:
-        return 403, None
+        raise HttpException(403)
 
     with MatematDatabase('test.db') as db:
         user = db.get_user(uid)
@@ -36,8 +32,7 @@ def admin(method: str,
 
         users = db.list_users()
         products = db.list_products()
-        template = env.get_template('admin.html')
+        return TemplateResponse('admin.html', authuser=user, authlevel=authlevel, users=users, products=products)
-        return 200, template.render(user=user, authlevel=authlevel, users=users, products=products)
 
 
 def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> None:

matemat/webserver/pagelets/buy.py

@@ -1,7 +1,6 @@
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import Any, Dict, Union
 
-from matemat.webserver import pagelet, RequestArguments
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse
-from matemat.primitives import User
 from matemat.db import MatematDatabase
 
 
@@ -11,10 +10,9 @@ def buy(method: str,
         args: RequestArguments,
         session_vars: Dict[str, Any],
         headers: Dict[str, str]) \
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[str, bytes, PageletResponse]:
     if 'authenticated_user' not in session_vars:
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, None
     with MatematDatabase('test.db') as db:
         uid: int = session_vars['authenticated_user']
         user = db.get_user(uid)
@@ -26,5 +24,4 @@ def buy(method: str,
             pid = int(str(args.pid))
             product = db.get_product(pid)
             db.increment_consumption(user, product, n)
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, None

matemat/webserver/pagelets/deposit.py

@@ -1,7 +1,6 @@
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import Any, Dict, Union
 
-from matemat.webserver import pagelet, RequestArguments
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse
-from matemat.primitives import User
 from matemat.db import MatematDatabase
 
 
@@ -11,15 +10,13 @@ def deposit(method: str,
             args: RequestArguments,
             session_vars: Dict[str, Any],
             headers: Dict[str, str]) \
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[str, bytes, PageletResponse]:
     if 'authenticated_user' not in session_vars:
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, None
     with MatematDatabase('test.db') as db:
         uid: int = session_vars['authenticated_user']
         user = db.get_user(uid)
         if 'n' in args:
             n = int(str(args.n))
             db.deposit(user, n)
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, None

matemat/webserver/pagelets/login.py

@@ -1,10 +1,8 @@
 
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import Any, Dict, Union
 
-from jinja2 import Environment, FileSystemLoader
+from matemat.exceptions import AuthenticationError, HttpException
-
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
-from matemat.exceptions import AuthenticationError
-from matemat.webserver import pagelet, RequestArguments
 from matemat.primitives import User
 from matemat.db import MatematDatabase
 
@@ -15,23 +13,18 @@ def login_page(method: str,
                args: RequestArguments,
                session_vars: Dict[str, Any],
                headers: Dict[str, str])\
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[bytes, str, PageletResponse]:
     if 'authenticated_user' in session_vars:
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, bytes()
-    env = Environment(loader=FileSystemLoader('templates'))
     if method == 'GET':
-        template = env.get_template('login.html')
+        return TemplateResponse('login.html')
-        return 200, template.render()
     elif method == 'POST':
         with MatematDatabase('test.db') as db:
             try:
                 user: User = db.login(str(args.username), str(args.password))
             except AuthenticationError:
-                headers['Location'] = '/login'
+                return RedirectResponse('/login')
-                return 301, bytes()
             session_vars['authenticated_user'] = user.id
             session_vars['authentication_level'] = 2
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, None
+    raise HttpException(405)
-    return 405, None

matemat/webserver/pagelets/logout.py

@@ -1,7 +1,7 @@
 
-from typing import Any, Dict, List, Optional, Tuple, Union
+from typing import Any, Dict, Union
 
-from matemat.webserver import pagelet, RequestArguments
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse
 
 
 @pagelet('/logout')
@@ -9,10 +9,9 @@ def logout(method: str,
            path: str,
            args: RequestArguments,
            session_vars: Dict[str, Any],
-           headers: Dict[str, str])\
+           headers: Dict[str, str]) \
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[bytes, str, PageletResponse]:
     if 'authenticated_user' in session_vars:
         del session_vars['authenticated_user']
     session_vars['authentication_level'] = 0
-    headers['Location'] = '/'
+    return RedirectResponse('/')
-    return 301, None

matemat/webserver/pagelets/main.py

@@ -1,9 +1,7 @@
 
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import Any, Dict, Union
 
-from jinja2 import Environment, FileSystemLoader
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, TemplateResponse
-
-from matemat.webserver import pagelet, RequestArguments
 from matemat.db import MatematDatabase
 
 
@@ -13,17 +11,14 @@ def main_page(method: str,
               args: RequestArguments,
               session_vars: Dict[str, Any],
               headers: Dict[str, str])\
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[bytes, str, PageletResponse]:
-    env = Environment(loader=FileSystemLoader('templates'))
     with MatematDatabase('test.db') as db:
         if 'authenticated_user' in session_vars:
             uid: int = session_vars['authenticated_user']
             authlevel: int = session_vars['authentication_level']
             user = db.get_user(uid)
             products = db.list_products()
-            template = env.get_template('productlist.html')
+            return TemplateResponse('productlist.html', authuser=user, products=products, authlevel=authlevel)
-            return 200, template.render(user=user, products=products, authlevel=authlevel)
         else:
             users = db.list_users()
-            template = env.get_template('userlist.html')
+            return TemplateResponse('userlist.html', users=users)
-            return 200, template.render(users=users)

matemat/webserver/pagelets/modproduct.py

@@ -1,13 +1,12 @@
-from typing import Any, Dict, Optional, Tuple, Union
 
-from jinja2 import Environment, FileSystemLoader
+from typing import Any, Dict, Union
 
 import os
 
-from matemat.webserver import pagelet, RequestArguments
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
 from matemat.db import MatematDatabase
 from matemat.primitives import Product
-from matemat.exceptions import DatabaseConsistencyError
+from matemat.exceptions import DatabaseConsistencyError, HttpException
 
 
 @pagelet('/modproduct')
@@ -16,22 +15,20 @@ def modproduct(method: str,
                args: RequestArguments,
                session_vars: Dict[str, Any],
                headers: Dict[str, str]) \
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[str, bytes, PageletResponse]:
-    env = Environment(loader=FileSystemLoader('templates'))
     if 'authentication_level' not in session_vars or 'authenticated_user' not in session_vars:
-        headers['Location'] = '/login'
+        return RedirectResponse('/login')
-        return 301, None
     authlevel: int = session_vars['authentication_level']
     auth_uid: int = session_vars['authenticated_user']
     if authlevel < 2:
-        return 403, None
+        raise HttpException(403)
 
     with MatematDatabase('test.db') as db:
         authuser = db.get_user(auth_uid)
         if not authuser.is_admin:
-            return 403, None
+            raise HttpException(403)
         if 'productid' not in args:
-            return 400, None
+            raise HttpException(400, '"productid" argument missing')
 
         modproduct_id = int(str(args.productid))
         product = db.get_product(modproduct_id)
@@ -39,11 +36,9 @@ def modproduct(method: str,
         if 'change' in args:
             handle_change(args, product, db)
             if str(args.change) == 'del':
-                headers['Location'] = '/admin'
+                return RedirectResponse('/admin')
-                return 301, None
 
-        template = env.get_template('modproduct.html')
+        return TemplateResponse('modproduct.html', authuser=authuser, product=product, authlevel=authlevel)
-        return 200, template.render(product=product, authlevel=authlevel)
 
 
 def handle_change(args: RequestArguments, product: Product, db: MatematDatabase) -> None:

matemat/webserver/pagelets/moduser.py

@@ -1,13 +1,12 @@
-from typing import Any, Dict, Optional, Tuple, Union
 
-from jinja2 import Environment, FileSystemLoader
+from typing import Any, Dict, Union
 
 import os
 
-from matemat.webserver import pagelet, RequestArguments
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
 from matemat.db import MatematDatabase
 from matemat.primitives import User
-from matemat.exceptions import DatabaseConsistencyError
+from matemat.exceptions import DatabaseConsistencyError, HttpException
 
 
 @pagelet('/moduser')
@@ -16,22 +15,20 @@ def moduser(method: str,
             args: RequestArguments,
             session_vars: Dict[str, Any],
             headers: Dict[str, str]) \
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[str, bytes, PageletResponse]:
-    env = Environment(loader=FileSystemLoader('templates'))
     if 'authentication_level' not in session_vars or 'authenticated_user' not in session_vars:
-        headers['Location'] = '/login'
+        return RedirectResponse('/login')
-        return 301, None
     authlevel: int = session_vars['authentication_level']
     auth_uid: int = session_vars['authenticated_user']
     if authlevel < 2:
-        return 403, None
+        raise HttpException(403)
 
     with MatematDatabase('test.db') as db:
         authuser = db.get_user(auth_uid)
         if not authuser.is_admin:
-            return 403, None
+            raise HttpException(403)
         if 'userid' not in args:
-            return 400, None
+            raise HttpException(400, '"userid" argument missing')
 
         moduser_id = int(str(args.userid))
         user = db.get_user(moduser_id)
@@ -39,11 +36,9 @@ def moduser(method: str,
         if 'change' in args:
             handle_change(args, user, db)
             if str(args.change) == 'del':
-                headers['Location'] = '/admin'
+                return RedirectResponse('/admin')
-                return 301, None
 
-        template = env.get_template('moduser.html')
+        return TemplateResponse('moduser.html', authuser=authuser, user=user, authlevel=authlevel)
-        return 200, template.render(user=user, authlevel=authlevel)
 
 
 def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> None:
@@ -86,7 +81,6 @@ def handle_change(args: RequestArguments, user: User, db: MatematDatabase) -> No
         if 'avatar' in args:
             avatar = bytes(args.avatar)
             if len(avatar) > 0:
-                os.makedirs('./static/img/thumbnails/products/', exist_ok=True)
+                os.makedirs('./static/img/thumbnails/users/', exist_ok=True)
-                with open(f'./static/img/thumbnails/products/{user.id}.png', 'wb') as f:
+                with open(f'./static/img/thumbnails/users/{user.id}.png', 'wb') as f:
                     f.write(avatar)
-

matemat/webserver/pagelets/touchkey.py

@@ -1,10 +1,8 @@
 
-from typing import Any, Dict, Optional, Tuple, Union
+from typing import Any, Dict, Union
 
-from jinja2 import Environment, FileSystemLoader
+from matemat.exceptions import AuthenticationError, HttpException
-
+from matemat.webserver import pagelet, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
-from matemat.exceptions import AuthenticationError
-from matemat.webserver import pagelet, RequestArguments
 from matemat.primitives import User
 from matemat.db import MatematDatabase
 
@@ -15,23 +13,18 @@ def touchkey_page(method: str,
                   args: RequestArguments,
                   session_vars: Dict[str, Any],
                   headers: Dict[str, str])\
-        -> Tuple[int, Optional[Union[str, bytes]]]:
+        -> Union[bytes, str, PageletResponse]:
     if 'authenticated_user' in session_vars:
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, bytes()
-    env = Environment(loader=FileSystemLoader('templates'))
     if method == 'GET':
-        template = env.get_template('touchkey.html')
+        return TemplateResponse('touchkey.html', username=str(args.username), uid=int(str(args.uid)))
-        return 200, template.render(username=str(args.username), uid=int(str(args.uid)))
     elif method == 'POST':
         with MatematDatabase('test.db') as db:
             try:
                 user: User = db.login(str(args.username), touchkey=str(args.touchkey))
             except AuthenticationError:
-                headers['Location'] = f'/touchkey?uid={str(args.uid)}&username={str(args.username)}&fail=1'
+                return RedirectResponse(f'/touchkey?uid={str(args.uid)}&username={str(args.username)}')
-                return 301, bytes()
             session_vars['authenticated_user'] = user.id
             session_vars['authentication_level'] = 1
-        headers['Location'] = '/'
+        return RedirectResponse('/')
-        return 301, None
+    raise HttpException(405)
-    return 405, None

matemat/webserver/requestargs.py

@@ -50,7 +50,7 @@ class RequestArguments(object):
         """
         return _View.of(self.__container[key])
 
-    def __iter__(self) -> Iterator['RequestArguments']:
+    def __iter__(self) -> Iterator['RequestArgument']:
         """
         Returns an iterator over the values in this instance.  Values are represented as immutable views.
 

matemat/webserver/responses.py

@@ -0,0 +1,63 @@
+
+from jinja2 import Environment, Template
+
+
+class PageletResponse:
+    """
+    Base class for pagelet return values that require more action than simply sending plain data.
+
+    An instance of this base class will result in an empty 200 OK response.
+    """
+
+    def __init__(self, status: int = 200):
+        """
+        Create an empty response.
+
+        :param status: The HTTP status code, defaults to 200 (OK).
+        """
+        self.status: int = status
+
+
+class RedirectResponse(PageletResponse):
+    """
+    A pagelet response that causes the server to redirect to another location, using a 301 Permanently Moved (uncached)
+    response status, and a Location header.
+    """
+
+    def __init__(self, location: str):
+        """
+        Create a redirection response with the given redirection location.
+
+        :param location: The location to redirect to.
+        """
+        super().__init__(status=301)
+        self.location: str = location
+
+
+class TemplateResponse(PageletResponse):
+    """
+    A pagelet response that causes the server to load a Jinja2 template and render it with the provided arguments, then
+    sending the result as response body, with a 200 OK response status.
+    """
+
+    def __init__(self, name: str, **kwargs):
+        """
+        Create a template response with the given template name and arguments.
+
+        :param name: Name of the template to load.
+        :param kwargs: Arguments for rendering the template, will be passed to jinja2.Template.render as is.
+        """
+        super().__init__()
+        self.name: str = name
+        self.kwargs = kwargs
+
+    def _render(self, jinja_env: Environment) -> bytes:
+        """
+        Load and render the template using the Jinja2 environment managed by the web server instance.  This method
+        should not be called by a pagelet.
+
+        :param jinja_env: The Jinja2 environment.
+        :return: An UTF-8 encoded bytes object containing the template rendering result.
+        """
+        template: Template = jinja_env.get_template(self.name)
+        return template.render(**self.kwargs).encode('utf-8')

matemat/webserver/test/abstract_httpd_test.py

@@ -9,6 +9,8 @@ from abc import ABC
 from datetime import datetime
 from http.server import HTTPServer
 
+import jinja2
+
 from matemat.webserver import pagelet, RequestArguments
 
 
@@ -16,6 +18,8 @@ class HttpResponse:
     """
     A really basic HTTP response container and parser class, just good enough for unit testing a HTTP server, if even.
 
+    DO NOT USE THIS OUTSIDE UNIT TESTING!
+
     Usage:
         response = HttpResponse()
         while response.parse_phase != 'done'
@@ -105,6 +109,10 @@ class MockServer:
         self.session_vars: Dict[str, Tuple[datetime, Dict[str, Any]]] = dict()
         # Webroot for statically served content
         self.webroot: str = webroot
+        # Jinja environment with a single, static template
+        self.jinja_env = jinja2.Environment(
+            loader=jinja2.DictLoader({'test.txt': 'Hello, {{ what }}!'})
+        )
 
 
 class MockSocket(bytes):
@@ -161,16 +169,16 @@ def test_pagelet(path: str):
                                             RequestArguments,
                                             Dict[str, Any],
                                             Dict[str, str]],
-                                           Tuple[int, Union[bytes, str]]]):
+                                           Union[bytes, str, Tuple[int, str]]]):
         @pagelet(path)
         def testing_wrapper(method: str,
                             path: str,
                             args: RequestArguments,
                             session_vars: Dict[str, Any],
                             headers: Dict[str, str]):
-            status, body = fun(method, path, args, session_vars, headers)
             headers['X-Test-Pagelet'] = fun.__name__
-            return status, body
+            result = fun(method, path, args, session_vars, headers)
+            return result
         return testing_wrapper
     return with_testing_headers
 

matemat/webserver/test/test_post.py

@@ -24,7 +24,7 @@ def post_test_pagelet(method: str,
                 dump += f'{a.name}: {a.get_str()}\n'
             else:
                 dump += f'{a.name}: {codecs.encode(a.get_bytes(), "hex").decode("utf-8")}\n'
-    return 200, dump
+    return dump
 
 
 class TestPost(AbstractHttpdTest):

matemat/webserver/test/test_serve.py

@@ -1,31 +1,62 @@
 
-from typing import Any, Dict
+from typing import Any, Dict, Union
 
 import os
 import os.path
-from matemat.webserver import HttpHandler, RequestArguments
+from matemat.exceptions import HttpException
+from matemat.webserver import HttpHandler, RequestArguments, PageletResponse, RedirectResponse, TemplateResponse
 from matemat.webserver.test.abstract_httpd_test import AbstractHttpdTest, test_pagelet
 
 
-@test_pagelet('/just/testing/serve_pagelet_ok')
+@test_pagelet('/just/testing/serve_pagelet_str')
-def serve_test_pagelet_ok(method: str,
+def serve_test_pagelet_str(method: str,
-                          path: str,
+                           path: str,
-                          args: RequestArguments,
+                           args: RequestArguments,
-                          session_vars: Dict[str, Any],
+                           session_vars: Dict[str, Any],
-                          headers: Dict[str, str]):
+                           headers: Dict[str, str]) -> Union[bytes, str, PageletResponse]:
     headers['Content-Type'] = 'text/plain'
-    return 200, 'serve test pagelet ok'
+    return 'serve test pagelet str'
 
 
+@test_pagelet('/just/testing/serve_pagelet_bytes')
+def serve_test_pagelet_bytes(method: str,
+                             path: str,
+                             args: RequestArguments,
+                             session_vars: Dict[str, Any],
+                             headers: Dict[str, str]) -> Union[bytes, str, PageletResponse]:
+    headers['Content-Type'] = 'application/octet-stream'
+    return b'serve\x80test\xffpagelet\xfebytes'
+
+
+@test_pagelet('/just/testing/serve_pagelet_redirect')
+def serve_test_pagelet_redirect(method: str,
+                                path: str,
+                                args: RequestArguments,
+                                session_vars: Dict[str, Any],
+                                headers: Dict[str, str]) -> Union[bytes, str, PageletResponse]:
+    return RedirectResponse('/foo/bar')
+
+
+@test_pagelet('/just/testing/serve_pagelet_template')
+def serve_test_pagelet_template(method: str,
+                                path: str,
+                                args: RequestArguments,
+                                session_vars: Dict[str, Any],
+                                headers: Dict[str, str]) -> Union[bytes, str, PageletResponse]:
+    headers['Content-Type'] = 'text/plain'
+    return TemplateResponse('test.txt', what='World')
+
+
+# noinspection PyTypeChecker
 @test_pagelet('/just/testing/serve_pagelet_fail')
 def serve_test_pagelet_fail(method: str,
                             path: str,
                             args: RequestArguments,
                             session_vars: Dict[str, Any],
-                            headers: Dict[str, str]):
+                            headers: Dict[str, str]) -> Union[bytes, str, PageletResponse]:
     session_vars['test'] = 'hello, world!'
     headers['Content-Type'] = 'text/plain'
-    return 500, 'serve test pagelet fail'
+    raise HttpException()
 
 
 class TestServe(AbstractHttpdTest):
@@ -44,17 +75,29 @@ class TestServe(AbstractHttpdTest):
             f.write('This should not be readable')
         os.chmod(forbidden, 0)
 
-    def test_serve_pagelet_ok(self):
+    def test_serve_pagelet_str(self):
         # Call the test pagelet that produces a 200 OK result
-        self.client_sock.set_request(b'GET /just/testing/serve_pagelet_ok HTTP/1.1\r\n\r\n')
+        self.client_sock.set_request(b'GET /just/testing/serve_pagelet_str HTTP/1.1\r\n\r\n')
         HttpHandler(self.client_sock, ('::1', 45678), self.server)
         packet = self.client_sock.get_response()
 
         # Make sure the correct pagelet was called
-        self.assertEqual('serve_test_pagelet_ok', packet.pagelet)
+        self.assertEqual('serve_test_pagelet_str', packet.pagelet)
         # Make sure the expected content is served
         self.assertEqual(200, packet.statuscode)
-        self.assertEqual(b'serve test pagelet ok', packet.body)
+        self.assertEqual(b'serve test pagelet str', packet.body)
+
+    def test_serve_pagelet_bytes(self):
+        # Call the test pagelet that produces a 200 OK result
+        self.client_sock.set_request(b'GET /just/testing/serve_pagelet_bytes HTTP/1.1\r\n\r\n')
+        HttpHandler(self.client_sock, ('::1', 45678), self.server)
+        packet = self.client_sock.get_response()
+
+        # Make sure the correct pagelet was called
+        self.assertEqual('serve_test_pagelet_bytes', packet.pagelet)
+        # Make sure the expected content is served
+        self.assertEqual(200, packet.statuscode)
+        self.assertEqual(b'serve\x80test\xffpagelet\xfebytes', packet.body)
 
     def test_serve_pagelet_fail(self):
         # Call the test pagelet that produces a 500 Internal Server Error result
@@ -62,11 +105,34 @@ class TestServe(AbstractHttpdTest):
         HttpHandler(self.client_sock, ('::1', 45678), self.server)
         packet = self.client_sock.get_response()
 
-        # Make sure the correct pagelet was called
+        # Make sure an error is raised
-        self.assertEqual('serve_test_pagelet_fail', packet.pagelet)
-        # Make sure the expected content is served
         self.assertEqual(500, packet.statuscode)
-        self.assertEqual(b'serve test pagelet fail', packet.body)
+
+    def test_serve_pagelet_redirect(self):
+        # Call the test pagelet that redirects to another path
+        self.client_sock.set_request(b'GET /just/testing/serve_pagelet_redirect HTTP/1.1\r\n\r\n')
+        HttpHandler(self.client_sock, ('::1', 45678), self.server)
+        packet = self.client_sock.get_response()
+
+        # Make sure the correct pagelet was called
+        self.assertEqual('serve_test_pagelet_redirect', packet.pagelet)
+        # Make sure the correct redirect is issued
+        self.assertEqual(301, packet.statuscode)
+        self.assertEqual('/foo/bar', packet.headers['Location'])
+        # Make sure the response body is empty
+        self.assertEqual(0, len(packet.body))
+
+    def test_serve_pagelet_template(self):
+        # Call the test pagelet that redirects to another path
+        self.client_sock.set_request(b'GET /just/testing/serve_pagelet_template HTTP/1.1\r\n\r\n')
+        HttpHandler(self.client_sock, ('::1', 45678), self.server)
+        packet = self.client_sock.get_response()
+
+        # Make sure the correct pagelet was called
+        self.assertEqual('serve_test_pagelet_template', packet.pagelet)
+        self.assertEqual(200, packet.statuscode)
+        # Make sure the response body was rendered correctly by the templating engine
+        self.assertEqual(b'Hello, World!', packet.body)
 
     def test_serve_static_ok(self):
         # Request a static resource

matemat/webserver/test/test_session.py

@@ -16,7 +16,7 @@ def session_test_pagelet(method: str,
                          headers: Dict[str, str]):
     session_vars['test'] = 'hello, world!'
     headers['Content-Type'] = 'text/plain'
-    return 200, 'session test'
+    return 'session test'
 
 
 class TestSession(AbstractHttpdTest):

matemat/webserver/util.py

@@ -97,7 +97,7 @@ def parse_args(request: str, postbody: Optional[bytes] = None, enctype: str = 't
     tokens = urllib.parse.urlparse(request)
     # Parse the GET arguments
     if len(tokens.query) == 0:
-        getargs = dict()
+        getargs: Dict[str, List[str]] = dict()
     else:
         getargs = urllib.parse.parse_qs(tokens.query, strict_parsing=True, keep_blank_values=True, errors='strict')
 
@@ -112,7 +112,7 @@ def parse_args(request: str, postbody: Optional[bytes] = None, enctype: str = 't
             # Parse the POST body
             pb: str = postbody.decode('utf-8')
             if len(pb) == 0:
-                postargs = dict()
+                postargs: Dict[str, List[str]] = dict()
             else:
                 postargs = urllib.parse.parse_qs(pb, strict_parsing=True, keep_blank_values=True, errors='strict')
             # Write all POST values into the dict, overriding potential duplicates from GET

templates/admin.html

@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 
 {% block header %}
-{% if user.is_admin %}
+{% if authuser.is_admin %}
 <h1>Administration</h1>
 {% else %}
 <h1>Settings</h1>
@@ -13,7 +13,7 @@
 
 {% include "admin_all.html" %}
 
-{% if user.is_admin %}
+{% if authuser.is_admin %}
 {% include "admin_restricted.html" %}
 {% endif %}
 

templates/admin_all.html

@@ -1,18 +1,18 @@
 <section id="admin-myaccount">
     <h2>My Account</h2>
 
-    <form id="admin-myaccount-form" method="post" action="/admin?change=account">
+    <form id="admin-myaccount-form" method="post" action="/admin?change=account" accept-charset="UTF-8">
         <label for="admin-myaccount-username">Username: </label>
-        <input id="admin-myaccount-username" type="text" name="username" value="{{ user.name }}" /><br/>
+        <input id="admin-myaccount-username" type="text" name="username" value="{{ authuser.name }}" /><br/>
 
         <label for="admin-myaccount-email">E-Mail: </label>
-        <input id="admin-myaccount-email" type="text" name="email" value="{% if user.email is not none %}{{ user.email }}{% endif %}" /><br/>
+        <input id="admin-myaccount-email" type="text" name="email" value="{% if authuser.email is not none %}{{ authuser.email }}{% endif %}" /><br/>
 
         <label for="admin-myaccount-ismember">Member: </label>
-        <input id="admin-myaccount-ismember" type="checkbox" disabled="disabled" {% if user.is_member %} checked="checked" {% endif %}/><br/>
+        <input id="admin-myaccount-ismember" type="checkbox" disabled="disabled" {% if authuser.is_member %} checked="checked" {% endif %}/><br/>
 
         <label for="admin-myaccount-isadmin">Admin: </label>
-        <input id="admin-myaccount-isadmin" type="checkbox" disabled="disabled" {% if user.is_admin %} checked="checked" {% endif %}/><br/>
+        <input id="admin-myaccount-isadmin" type="checkbox" disabled="disabled" {% if authuser.is_admin %} checked="checked" {% endif %}/><br/>
 
         <input type="submit" value="Save changes" />
     </form>
@@ -21,8 +21,8 @@
 <section id="admin-avatar">
     <h2>Avatar</h2>
 
-    <form id="admin-avatar-form" method="post" action="/admin?change=avatar" enctype="multipart/form-data">
+    <form id="admin-avatar-form" method="post" action="/admin?change=avatar" enctype="multipart/form-data" accept-charset="UTF-8">
-        <img src="/img/thumbnails/users/{{ user.id }}.png" alt="Avatar of {{ user.name }}" /><br/>
+        <img src="/img/thumbnails/users/{{ authuser.id }}.png" alt="Avatar of {{ authuser.name }}" /><br/>
 
         <label for="admin-avatar-avatar">Upload new file: </label>
         <input id="admin-avatar-avatar" type="file" name="avatar" accept="image/png" /><br/>
@@ -34,7 +34,7 @@
 <section id="admin-password">
     <h2>Password</h2>
 
-    <form id="admin-password-form" method="post" action="/admin?change=password">
+    <form id="admin-password-form" method="post" action="/admin?change=password" accept-charset="UTF-8">
         <label for="admin-password-oldpass">Current password: </label>
         <input id="admin-password-oldpass" type="password" name="oldpass" /><br/>
 
@@ -51,7 +51,7 @@
 <section id="admin-touchkey">
     <h2>Touchkey</h2>
 
-    <form id="admin-touchkey-form" method="post" action="/admin?change=touchkey">
+    <form id="admin-touchkey-form" method="post" action="/admin?change=touchkey" accept-charset="UTF-8">
         <label for="admin-touchkey-oldpass">Current password: </label>
         <input id="admin-touchkey-oldpass" type="password" name="oldpass" /><br/>
 

templates/admin_restricted.html

@@ -1,7 +1,7 @@
 <section id="admin-restricted-newuser">
     <h2>Create New User</h2>
 
-    <form id="admin-newuser-form" method="post" action="/admin?adminchange=newuser">
+    <form id="admin-newuser-form" method="post" action="/admin?adminchange=newuser" accept-charset="UTF-8">
         <label for="admin-newuser-username">Username: </label>
         <input id="admin-newuser-username" type="text" name="username" /><br/>
 
@@ -24,7 +24,7 @@
 <section id="admin-restricted-moduser">
     <h2>Modify User</h2>
 
-    <form id="admin-moduser-form" method="get" action="/moduser">
+    <form id="admin-moduser-form" method="get" action="/moduser" accept-charset="UTF-8">
         <label for="admin-moduser-userid">Username: </label>
         <select id="admin-moduser-userid" name="userid">
             {% for user in users %}
@@ -39,7 +39,7 @@
 <section id="admin-restricted-newproduct">
     <h2>Create New Product</h2>
 
-    <form id="admin-newproduct-form" method="post" action="/admin?adminchange=newproduct" enctype="multipart/form-data">
+    <form id="admin-newproduct-form" method="post" action="/admin?adminchange=newproduct" enctype="multipart/form-data" accept-charset="UTF-8">
         <label for="admin-newproduct-name">Name: </label>
         <input id="admin-newproduct-name" type="text" name="name" /><br/>
 
@@ -59,7 +59,7 @@
 <section id="admin-restricted-restock">
     <h2>Restock Product</h2>
 
-    <form id="admin-restock-form" method="post" action="/admin?adminchange=restock">
+    <form id="admin-restock-form" method="post" action="/admin?adminchange=restock" accept-charset="UTF-8">
         <label for="admin-restock-productid">Product: </label>
         <select id="admin-restock-productid" name="productid">
             {% for product in products %}
@@ -77,7 +77,7 @@
 <section id="admin-restricted-modproduct">
     <h2>Modify Product</h2>
 
-    <form id="admin-modproduct-form" method="get" action="/modproduct">
+    <form id="admin-modproduct-form" method="get" action="/modproduct" accept-charset="UTF-8">
         <label for="admin-modproduct-productid">Product: </label>
         <select id="admin-modproduct-productid" name="productid">
             {% for product in products %}

templates/base.html

@@ -11,10 +11,12 @@
 
     <a href="/">Home</a>
     {% if authlevel|default(0) > 1 %}
-        {% if user.is_admin %}
+        {% if authuser is defined %}
+            {% if authuser.is_admin %}
     <a href="/admin">Administration</a>
-        {% else %}
+            {% else %}
     <a href="/admin">Settings</a>
+            {% endif %}
         {% endif %}
     {% endif %}
     {% endblock %}

templates/login.html

@@ -8,7 +8,7 @@
 
 {% block main %}
 
-<form method="post" action="/login" id="loginform">
+<form method="post" action="/login" id="loginform" accept-charset="UTF-8">
     <label for="login-username">Username: </label>
     <input id="login-username" type="text" name="username" /><br/>
 

templates/modproduct.html

@@ -10,7 +10,7 @@
 <section id="modproduct">
     <h2>Modify {{ product.name }}</h2>
 
-    <form id="modproduct-form" method="post" action="/modproduct?change=update" enctype="multipart/form-data">
+    <form id="modproduct-form" method="post" action="/modproduct?change=update" enctype="multipart/form-data" accept-charset="UTF-8">
         <label for="modproduct-name">Name: </label>
         <input id="modproduct-name" type="text" name="name" value="{{ product.name }}" /><br/>
 
@@ -33,8 +33,8 @@
         <input type="submit" value="Save changes">
     </form>
 
-    <form id="modproduct-delproduct-form" method="post" action="/modproduct?change=del">
+    <form id="modproduct-delproduct-form" method="post" action="/modproduct?change=del" accept-charset="UTF-8">
-        <input id="modproduct-delproduct-userid" type="hidden" name="productid" value="{{ product.id }}" /><br/>
+        <input id="modproduct-delproduct-productid" type="hidden" name="productid" value="{{ product.id }}" /><br/>
         <input type="submit" value="Delete product" />
     </form>
 

templates/moduser.html

@@ -10,7 +10,7 @@
 <section id="moduser-account">
     <h2>Modify {{ user.name }}</h2>
 
-    <form id="moduser-account-form" method="post" action="/moduser?change=update" enctype="multipart/form-data">
+    <form id="moduser-account-form" method="post" action="/moduser?change=update" enctype="multipart/form-data" accept-charset="UTF-8">
         <label for="moduser-account-username">Username: </label>
         <input id="moduser-account-username" type="text" name="username" value="{{ user.name }}" /><br/>
 
@@ -39,7 +39,7 @@
         <input type="submit" value="Save changes">
     </form>
 
-    <form id="moduser-deluser-form" method="post" action="/moduser?change=del">
+    <form id="moduser-deluser-form" method="post" action="/moduser?change=del" accept-charset="UTF-8">
         <input id="moduser-deluser-userid" type="hidden" name="userid" value="{{ user.id }}" /><br/>
         <input type="submit" value="Delete user" />
     </form>

templates/productlist.html

@@ -1,7 +1,7 @@
 {% extends "base.html" %}
 
 {% block header %}
-<h1>Welcome, {{ user.name }}</h1>
+<h1>Welcome, {{ authuser.name }}</h1>
 
 {{ super() }}
 
@@ -9,7 +9,7 @@
 
 {% block main %}
 
-Your balance: {{ user.balance }}
+Your balance: {{ authuser.balance }}
 
 <a href="/deposit?n=100">Deposit CHF 1</a>
 <a href="/deposit?n=1000">Deposit CHF 10</a>
@@ -19,7 +19,7 @@ Your balance: {{ user.balance }}
     <a href="/buy?pid={{ product.id }}">
         <span class="thumblist-title">{{ product.name }}</span>
         <span class="thumblist-detail">Price:
-            {% if user.is_member %}
+            {% if authuser.is_member %}
             {{ product.price_member }}
             {% else %}
             {{ product.price_non_member }}

templates/touchkey.html

@@ -18,7 +18,7 @@
 {% block main %}
 {% include "touchkey.svg" %}
 
-<form method="post" action="/touchkey" id="loginform">
+<form method="post" action="/touchkey" id="loginform" accept-charset="UTF-8">
     <input type="hidden" name="uid" value="{{ uid }}" />
     <input type="hidden" name="username" value="{{ username }}" />
     <input type="hidden" name="touchkey" value="" id="loginform-touchkey-value" />