mirror of https://github.com/zulip/zulip.git
Move view decorators into decorator.py
(imported from commit 737cff552b395493f44864ac06e901b0ba17fa29)
This commit is contained in:
Zev Benjamin
parent
b278db110f
commit
dc8c54e6db
|
|
@ -1,3 +1,7 @@
|
||||||
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
|
from zephyr.models import UserProfile
|
||||||
|
from zephyr.lib.response import json_success, json_error
|
||||||
|
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
|
||||||
import types
|
import types
|
||||||
|
|
@ -24,3 +28,40 @@ def asynchronous(method):
|
||||||
if getattr(method, 'csrf_exempt', False):
|
if getattr(method, 'csrf_exempt', False):
|
||||||
wrapper.csrf_exempt = True
|
wrapper.csrf_exempt = True
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
||||||
|
def require_post(view_func):
|
||||||
|
@wraps(view_func)
|
||||||
|
def _wrapped_view_func(request, *args, **kwargs):
|
||||||
|
if request.method != "POST":
|
||||||
|
return json_error('This form can only be submitted by POST.')
|
||||||
|
return view_func(request, *args, **kwargs)
|
||||||
|
return _wrapped_view_func
|
||||||
|
|
||||||
|
# authenticated_api_view will add the authenticated user's user_profile to
|
||||||
|
# the view function's arguments list, since we have to look it up
|
||||||
|
# anyway.
|
||||||
|
def authenticated_api_view(view_func):
|
||||||
|
@csrf_exempt
|
||||||
|
@require_post
|
||||||
|
@wraps(view_func)
|
||||||
|
def _wrapped_view_func(request, *args, **kwargs):
|
||||||
|
try:
|
||||||
|
user_profile = UserProfile.objects.get(user__email=request.POST.get("email"))
|
||||||
|
except UserProfile.DoesNotExist:
|
||||||
|
return json_error("Invalid user")
|
||||||
|
if user_profile is None or request.POST.get("api-key") != user_profile.api_key:
|
||||||
|
return json_error('Invalid API user/key pair.')
|
||||||
|
return view_func(request, user_profile, *args, **kwargs)
|
||||||
|
return _wrapped_view_func
|
||||||
|
|
||||||
|
# Checks if the request is a POST request and that the user is logged
|
||||||
|
# in. If not, return an error (the @login_required behavior of
|
||||||
|
# redirecting to a login page doesn't make sense for json views)
|
||||||
|
def authenticated_json_view(view_func):
|
||||||
|
@require_post
|
||||||
|
@wraps(view_func)
|
||||||
|
def _wrapped_view_func(request, *args, **kwargs):
|
||||||
|
if not request.user.is_authenticated():
|
||||||
|
return json_error("Not logged in")
|
||||||
|
return view_func(request, *args, **kwargs)
|
||||||
|
return _wrapped_view_func
|
||||||
|
|
|
||||||
|
|
@ -19,15 +19,14 @@ from zephyr.forms import RegistrationForm, HomepageForm, is_unique, \
|
||||||
is_active
|
is_active
|
||||||
from django.views.decorators.csrf import csrf_exempt
|
from django.views.decorators.csrf import csrf_exempt
|
||||||
|
|
||||||
from zephyr.decorator import asynchronous
|
from zephyr.decorator import asynchronous, require_post, \
|
||||||
|
authenticated_api_view, authenticated_json_view
|
||||||
from zephyr.lib.query import last_n
|
from zephyr.lib.query import last_n
|
||||||
from zephyr.lib.avatar import gravatar_hash
|
from zephyr.lib.avatar import gravatar_hash
|
||||||
from zephyr.lib.response import json_success, json_error
|
from zephyr.lib.response import json_success, json_error
|
||||||
|
|
||||||
from confirmation.models import Confirmation
|
from confirmation.models import Confirmation
|
||||||
|
|
||||||
from functools import wraps
|
|
||||||
|
|
||||||
import datetime
|
import datetime
|
||||||
import simplejson
|
import simplejson
|
||||||
import socket
|
import socket
|
||||||
|
|
@ -40,43 +39,6 @@ import base64
|
||||||
|
|
||||||
SERVER_GENERATION = int(time.time())
|
SERVER_GENERATION = int(time.time())
|
||||||
|
|
||||||
def require_post(view_func):
|
|
||||||
@wraps(view_func)
|
|
||||||
def _wrapped_view_func(request, *args, **kwargs):
|
|
||||||
if request.method != "POST":
|
|
||||||
return json_error('This form can only be submitted by POST.')
|
|
||||||
return view_func(request, *args, **kwargs)
|
|
||||||
return _wrapped_view_func
|
|
||||||
|
|
||||||
# authenticated_api_view will add the authenticated user's user_profile to
|
|
||||||
# the view function's arguments list, since we have to look it up
|
|
||||||
# anyway.
|
|
||||||
def authenticated_api_view(view_func):
|
|
||||||
@csrf_exempt
|
|
||||||
@require_post
|
|
||||||
@wraps(view_func)
|
|
||||||
def _wrapped_view_func(request, *args, **kwargs):
|
|
||||||
try:
|
|
||||||
user_profile = UserProfile.objects.get(user__email=request.POST.get("email"))
|
|
||||||
except UserProfile.DoesNotExist:
|
|
||||||
return json_error("Invalid user")
|
|
||||||
if user_profile is None or request.POST.get("api-key") != user_profile.api_key:
|
|
||||||
return json_error('Invalid API user/key pair.')
|
|
||||||
return view_func(request, user_profile, *args, **kwargs)
|
|
||||||
return _wrapped_view_func
|
|
||||||
|
|
||||||
# Checks if the request is a POST request and that the user is logged
|
|
||||||
# in. If not, return an error (the @login_required behavior of
|
|
||||||
# redirecting to a login page doesn't make sense for json views)
|
|
||||||
def authenticated_json_view(view_func):
|
|
||||||
@require_post
|
|
||||||
@wraps(view_func)
|
|
||||||
def _wrapped_view_func(request, *args, **kwargs):
|
|
||||||
if not request.user.is_authenticated():
|
|
||||||
return json_error("Not logged in")
|
|
||||||
return view_func(request, *args, **kwargs)
|
|
||||||
return _wrapped_view_func
|
|
||||||
|
|
||||||
def get_stream(stream_name, realm):
|
def get_stream(stream_name, realm):
|
||||||
try:
|
try:
|
||||||
return Stream.objects.get(name__iexact=stream_name, realm=realm)
|
return Stream.objects.get(name__iexact=stream_name, realm=realm)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue