From 1dbb2c6ed50bf0dce81e26301e671d2f4ff1d52c Mon Sep 17 00:00:00 2001 From: Jessica McKellar Date: Sun, 2 Dec 2012 14:51:51 -0500 Subject: [PATCH] decorators: split authenticated_json_view into POST and non-POST versions. (imported from commit cdcfdb51c379c07e94ebc763cf925e6a73747fc0) --- zephyr/decorator.py | 25 ++++++++++++++++++------- zephyr/views.py | 26 +++++++++++++------------- 2 files changed, 31 insertions(+), 20 deletions(-) diff --git a/zephyr/decorator.py b/zephyr/decorator.py index 01e07989ec..ee32e39390 100644 --- a/zephyr/decorator.py +++ b/zephyr/decorator.py @@ -67,22 +67,33 @@ def authenticated_api_view(view_func): return view_func(request, user_profile, *args, **kwargs) return _wrapped_view_func +def authenticate_log_and_execute_json(request, client, view_func, *args, **kwargs): + if not request.user.is_authenticated(): + return json_error("Not logged in", status=401) + request._client = client + user_profile = request.user.userprofile + update_user_activity(request, user_profile, client) + return view_func(request, user_profile, *args, **kwargs) + # Checks if the request is a POST request and that the user is logged # in. If not, return an error (the @login_required behavior of # redirecting to a login page doesn't make sense for json views) -def authenticated_json_view(view_func): +def authenticated_json_post_view(view_func): @require_post @has_request_variables @wraps(view_func) def _wrapped_view_func(request, client=POST(default=get_client("website"), converter=get_client), *args, **kwargs): - if not request.user.is_authenticated(): - return json_error("Not logged in", status=401) - request._client = client - user_profile = request.user.userprofile - update_user_activity(request, user_profile, client) - return view_func(request, user_profile, *args, **kwargs) + return authenticate_log_and_execute_json(request, client, view_func, *args, **kwargs) + return _wrapped_view_func + +def authenticated_json_view(view_func): + @wraps(view_func) + def _wrapped_view_func(request, + client=get_client("website"), + *args, **kwargs): + return authenticate_log_and_execute_json(request, client, view_func, *args, **kwargs) return _wrapped_view_func # These views are used by the main Django server to notify the Tornado server diff --git a/zephyr/views.py b/zephyr/views.py index c5acd408bd..2212c5c089 100644 --- a/zephyr/views.py +++ b/zephyr/views.py @@ -21,7 +21,7 @@ from zephyr.forms import RegistrationForm, HomepageForm, is_unique, \ from django.views.decorators.csrf import csrf_exempt from zephyr.decorator import asynchronous, require_post, \ - authenticated_api_view, authenticated_json_view, \ + authenticated_api_view, authenticated_json_post_view, \ internal_notify_view, RespondAsynchronously, \ has_request_variables, POST from zephyr.lib.query import last_n @@ -202,7 +202,7 @@ def home(request): def api_update_pointer(request, user_profile, updater=POST('client_id')): return update_pointer_backend(request, user_profile, updater) -@authenticated_json_view +@authenticated_json_post_view def json_update_pointer(request, user_profile): return update_pointer_backend(request, user_profile, request.session.session_key) @@ -228,7 +228,7 @@ def update_pointer_backend(request, user_profile, updater, pointer=POST(converte return json_success() -@authenticated_json_view +@authenticated_json_post_view def json_get_old_messages(request, user_profile): return get_old_messages_backend(request, user_profile=user_profile, apply_markdown=True) @@ -290,7 +290,7 @@ def get_old_messages_backend(request, anchor = POST(converter=to_non_negative_in return json_success(ret) @asynchronous -@authenticated_json_view +@authenticated_json_post_view def json_get_updates(request, user_profile, handler): client_id = request.session.session_key return get_updates_backend(request, user_profile, handler, client_id, @@ -470,7 +470,7 @@ def api_get_profile(request, user_profile): def api_send_message(request, user_profile): return send_message_backend(request, user_profile, request._client) -@authenticated_json_view +@authenticated_json_post_view def json_send_message(request, user_profile): return send_message_backend(request, user_profile, request._client) @@ -725,7 +725,7 @@ def gather_subscriptions(user_profile): def api_list_subscriptions(request, user_profile): return json_success({"subscriptions": gather_subscriptions(user_profile)}) -@authenticated_json_view +@authenticated_json_post_view def json_list_subscriptions(request, user_profile): return json_success({"subscriptions": gather_subscriptions(user_profile)}) @@ -733,7 +733,7 @@ def json_list_subscriptions(request, user_profile): def api_remove_subscriptions(request, user_profile): return remove_subscriptions_backend(request, user_profile) -@authenticated_json_view +@authenticated_json_post_view def json_remove_subscriptions(request, user_profile): return remove_subscriptions_backend(request, user_profile) @@ -767,7 +767,7 @@ def valid_stream_name(name): def api_add_subscriptions(request, user_profile): return add_subscriptions_backend(request, user_profile) -@authenticated_json_view +@authenticated_json_post_view def json_add_subscriptions(request, user_profile): return add_subscriptions_backend(request, user_profile) @@ -797,7 +797,7 @@ def add_subscriptions_backend(request, user_profile, return json_success(result) -@authenticated_json_view +@authenticated_json_post_view @has_request_variables def json_change_settings(request, user_profile, full_name=POST, old_password=POST, new_password=POST, @@ -823,7 +823,7 @@ def json_change_settings(request, user_profile, full_name=POST, return json_success(result) -@authenticated_json_view +@authenticated_json_post_view @has_request_variables def json_stream_exists(request, user_profile, stream=POST): if not valid_stream_name(stream): @@ -837,7 +837,7 @@ def json_stream_exists(request, user_profile, stream=POST): active=True).exists() return json_success(result) -@authenticated_json_view +@authenticated_json_post_view def json_stream_colors(request, user_profile): subscriptions = Subscription.objects.filter(user_profile=user_profile, active=True) stream_subs = [sub for sub in subscriptions if sub.recipient.type == Recipient.STREAM] @@ -846,7 +846,7 @@ def json_stream_colors(request, user_profile): return json_success({"stream_colors": stream_colors}) -@authenticated_json_view +@authenticated_json_post_view @has_request_variables def json_stream_colorize(request, user_profile, stream_name=POST, color=POST): stream = get_stream(stream_name, user_profile.realm) @@ -874,7 +874,7 @@ def api_fetch_api_key(request, username=POST, password=POST): return json_error("Your account has been disabled.", status=403) return json_success({"api_key": user.userprofile.api_key}) -@authenticated_json_view +@authenticated_json_post_view @has_request_variables def json_fetch_api_key(request, user_profile, password=POST): if not request.user.check_password(password):