2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

don't use tokens as primary keys

Browse source
This commit is contained in:
Laura Klünder 2017-12-18 14:54:45 +01:00
parent afb23e5865
commit 64664fbc66
5 changed files with 50 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/c3nav/control/views.py
View file

@ -140,7 +140,7 @@ def grant_access(request):
@control_panel_view @control_panel_view
def grant_access_qr(request, token): def grant_access_qr(request, token):
with transaction.atomic(): with transaction.atomic():
token = AccessPermissionToken.objects.select_for_update().get(id=token, author=request.user) token = AccessPermissionToken.objects.select_for_update().get(token=token, author=request.user)
if token.redeemed: if token.redeemed:
messages.success(request, _('Access successfully granted.')) messages.success(request, _('Access successfully granted.'))
token = None token = None
@ -165,7 +165,7 @@ def grant_access_qr(request, token):
token.bump() token.bump()
token.save() token.save()
url = reverse('site.access.redeem', kwargs={'token': str(token.id)}) url = reverse('site.access.redeem', kwargs={'token': str(token.token)})
return render(request, 'control/access_qr.html', { return render(request, 'control/access_qr.html', {
'url': url, 'url': url,
'url_qr': reverse('site.qr', kwargs={'path': url}), 'url_qr': reverse('site.qr', kwargs={'path': url}),

43
src/c3nav/mapdata/migrations/0060_accesspermissiontoken_id.py Normal file
View file

@ -0,0 +1,43 @@
# -*- coding: utf-8 -*-
# Generated by Django 1.11.7 on 2017-12-18 13:49
from __future__ import unicode_literals
from django.db import migrations, models
import django.db.models.deletion
import uuid
def remove_all_tokens(apps, schema_editor):
apps.get_model('mapdata', 'AccessPermissionToken').objects.all().delete()
class Migration(migrations.Migration):
dependencies = [
('mapdata', '0059_multiple_accesspermissions'),
]
operations = [
migrations.RunPython(remove_all_tokens, remove_all_tokens),
migrations.RemoveField(
model_name='accesspermission',
name='token',
),
migrations.AddField(
model_name='accesspermissiontoken',
name='token',
field=models.UUIDField(default=uuid.uuid4, editable=False, unique=True),
),
migrations.AlterField(
model_name='accesspermissiontoken',
name='id',
field=models.AutoField(primary_key=True, serialize=False),
),
migrations.AddField(
model_name='accesspermission',
name='token',
field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE,
related_name='accesspermissions', to='mapdata.AccessPermissionToken',
verbose_name='Access permission token'),
),
]

2
src/c3nav/mapdata/models/access.py
View file

@ -40,7 +40,7 @@ AccessPermissionTokenItem = namedtuple('AccessPermissionTokenItem', ('pk', 'expi
class AccessPermissionToken(models.Model): class AccessPermissionToken(models.Model):
id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False) token = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
author = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.PROTECT, author = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.PROTECT,
related_name='created_accesspermission_tokens', related_name='created_accesspermission_tokens',
verbose_name=_('author')) verbose_name=_('author'))

2
src/c3nav/mapdata/models/geometry/space.py
View file

@ -9,7 +9,7 @@ from django.utils.text import format_lazy
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from shapely.geometry import CAP_STYLE, JOIN_STYLE, mapping from shapely.geometry import CAP_STYLE, JOIN_STYLE, mapping
from c3nav.mapdata.fields import GeometryField, JSONField from c3nav.mapdata.fields import GeometryField, JSONField, I18nField
from c3nav.mapdata.models.geometry.base import GeometryMixin from c3nav.mapdata.models.geometry.base import GeometryMixin
from c3nav.mapdata.models.locations import SpecificLocation from c3nav.mapdata.models.locations import SpecificLocation
from c3nav.mapdata.utils.cache.changes import changed_geometries from c3nav.mapdata.utils.cache.changes import changed_geometries

6
src/c3nav/site/views.py
View file

@ -144,7 +144,7 @@ def redeem_token_after_login(request):
return return
try: try:
token = AccessPermissionToken.objects.get(id=token) token = AccessPermissionToken.objects.get(token=token)
except AccessPermissionToken.DoesNotExist: except AccessPermissionToken.DoesNotExist:
return return
@ -244,7 +244,7 @@ def account_view(request):
def access_redeem_view(request, token): def access_redeem_view(request, token):
with transaction.atomic(): with transaction.atomic():
try: try:
token = AccessPermissionToken.objects.select_for_update().get(id=token, redeemed=False, token = AccessPermissionToken.objects.select_for_update().get(token=token, redeemed=False,
valid_until__gte=timezone.now()) valid_until__gte=timezone.now())
except AccessPermissionToken.DoesNotExist: except AccessPermissionToken.DoesNotExist:
messages.error(request, _('This token does not exist or was already redeemed.')) messages.error(request, _('This token does not exist or was already redeemed.'))
@ -258,7 +258,7 @@ def access_redeem_view(request, token):
if not request.user.is_authenticated: if not request.user.is_authenticated:
messages.info(request, _('You need to log in to unlock areas.')) messages.info(request, _('You need to log in to unlock areas.'))
request.session['redeem_token_on_login'] = str(token.id) request.session['redeem_token_on_login'] = str(token.token)
return redirect('site.login') return redirect('site.login')
token.redeemed_by = request.user token.redeemed_by = request.user