From 5535ea5fb5aa1a3613b9116440ec21b08e3cd077 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laura=20Kl=C3=BCnder?= Date: Tue, 4 Oct 2016 14:19:55 +0200 Subject: [PATCH] refactor finalize/oauth flow --- src/c3nav/editor/hosters/base.py | 2 +- .../templates/editor/feature_success.html | 2 +- .../editor/templates/editor/finalize.html | 3 +- ...auth_callback.html => oauth_callback.html} | 0 src/c3nav/editor/urls.py | 7 +--- src/c3nav/editor/views.py | 38 +++++-------------- 6 files changed, 16 insertions(+), 36 deletions(-) rename src/c3nav/editor/templates/editor/{finalize_oauth_callback.html => oauth_callback.html} (100%) diff --git a/src/c3nav/editor/hosters/base.py b/src/c3nav/editor/hosters/base.py index 91c28d96..97f142ef 100644 --- a/src/c3nav/editor/hosters/base.py +++ b/src/c3nav/editor/hosters/base.py @@ -18,7 +18,7 @@ class Hoster(ABC): return Package.objects.filter(home_repo__startswith=self.base_url) def _get_callback_uri(self, request): - return request.build_absolute_uri(reverse('editor.finalize.oauth.callback', kwargs={'hoster': self.name})) + return request.build_absolute_uri(reverse('editor.oauth.callback', kwargs={'hoster': self.name})) def _get_session_data(self, request): request.session.modified = True diff --git a/src/c3nav/editor/templates/editor/feature_success.html b/src/c3nav/editor/templates/editor/feature_success.html index 48db8c46..c2a9ebae 100644 --- a/src/c3nav/editor/templates/editor/feature_success.html +++ b/src/c3nav/editor/templates/editor/feature_success.html @@ -3,7 +3,7 @@
{% csrf_token %} - + Redirecting…
diff --git a/src/c3nav/editor/templates/editor/finalize.html b/src/c3nav/editor/templates/editor/finalize.html index 97308b80..083b1ada 100644 --- a/src/c3nav/editor/templates/editor/finalize.html +++ b/src/c3nav/editor/templates/editor/finalize.html @@ -42,9 +42,10 @@

Sign in with {{ hoster.title }}

Please sign in to continue and propose your edit.

{% endif %} -
+ {% csrf_token %} +


diff --git a/src/c3nav/editor/templates/editor/finalize_oauth_callback.html b/src/c3nav/editor/templates/editor/oauth_callback.html similarity index 100% rename from src/c3nav/editor/templates/editor/finalize_oauth_callback.html rename to src/c3nav/editor/templates/editor/oauth_callback.html diff --git a/src/c3nav/editor/urls.py b/src/c3nav/editor/urls.py index d6502692..fb8f8f23 100644 --- a/src/c3nav/editor/urls.py +++ b/src/c3nav/editor/urls.py @@ -1,15 +1,12 @@ from django.conf.urls import url from django.views.generic import TemplateView -from c3nav.editor.views import (edit_feature, finalize, finalize_oauth_callback, finalize_oauth_progress, - finalize_oauth_redirect) +from c3nav.editor.views import edit_feature, finalize, oauth_callback urlpatterns = [ url(r'^$', TemplateView.as_view(template_name='editor/map.html'), name='editor.index'), url(r'^features/(?P[^/]+)/add/$', edit_feature, name='editor.feature.add'), url(r'^features/edit/(?P[^/]+)/$', edit_feature, name='editor.feature.edit'), url(r'^finalize/$', finalize, name='editor.finalize'), - url(r'^finalize/oauth/$', finalize_oauth_redirect, name='editor.finalize.oauth'), - url(r'^finalize/oauth/progress$', finalize_oauth_progress, name='editor.finalize.oauth.progress'), - url(r'^finalize/oauth/(?P[^/]+)/callback$', finalize_oauth_callback, name='editor.finalize.oauth.callback') + url(r'^oauth/(?P[^/]+)/callback$', oauth_callback, name='editor.oauth.callback') ] diff --git a/src/c3nav/editor/views.py b/src/c3nav/editor/views.py index 1b67beb0..91508c08 100644 --- a/src/c3nav/editor/views.py +++ b/src/c3nav/editor/views.py @@ -99,7 +99,8 @@ def edit_feature(request, feature_type=None, name=None): def finalize(request): if 'data' not in request.POST: raise SuspiciousOperation('Missing data.') - data = signing.loads(request.POST['data']) + raw_data = request.POST['data'] + data = signing.loads(raw_data) if data['type'] != 'editor.edit': raise SuspiciousOperation('Wrong data type.') @@ -109,8 +110,12 @@ def finalize(request): if package is not None: hoster = get_hoster_for_package(package) - if request.POST.get('check'): + action = request.POST.get('action') + if action == 'check': hoster.check_state(request) + elif action == 'oauth': + hoster.set_tmp_data(request, raw_data) + return redirect(hoster.get_auth_uri(request)) hoster_state = hoster.get_state(request) hoster_error = hoster.get_error(request) if hoster_state == 'logged_out' else None @@ -123,7 +128,7 @@ def finalize(request): form = CommitForm({'commit_msg': data['commit_msg']}) return render(request, 'editor/finalize.html', { - 'data': request.POST['data'], + 'data': raw_data, 'action': data['action'], 'commit_id': data['commit_id'], 'commit_form': form, @@ -136,30 +141,7 @@ def finalize(request): }) -@require_POST -def finalize_oauth_progress(request): - pass - - -@require_POST -def finalize_oauth_redirect(request): - if 'data' not in request.POST: - raise SuspiciousOperation('Missing data.') - data = signing.loads(request.POST['data']) - - if data['type'] != 'editor.edit': - raise SuspiciousOperation('Wrong data type.') - - package = Package.objects.filter(name=data['package_name']).first() - hoster = None - if package is not None: - hoster = get_hoster_for_package(package) - - hoster.set_tmp_data(request, data) - return redirect(hoster.get_auth_uri(request)) - - -def finalize_oauth_callback(request, hoster): +def oauth_callback(request, hoster): hoster = hosters.get(hoster) if hoster is None: raise Http404 @@ -167,4 +149,4 @@ def finalize_oauth_callback(request, hoster): data = hoster.get_tmp_data(request) hoster.handle_callback_request(request) - return render(request, 'editor/finalize_oauth_callback.html', {'data': data}) + return render(request, 'editor/oauth_callback.html', {'data': data})