From 9110316707b005d0a1022d72ed37bf5bcdfe8531 Mon Sep 17 00:00:00 2001 From: akuryou Date: Mon, 24 Mar 2014 15:41:49 +0100 Subject: [PATCH 1/2] remove spaces --- tos/views.py | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tos/views.py b/tos/views.py index aef0e77..c84e4e1 100644 --- a/tos/views.py +++ b/tos/views.py @@ -26,13 +26,13 @@ class TosView(TemplateView): def _redirect_to(redirect_to): """ Moved redirect_to logic here to avoid duplication in views""" - + # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL - # Heavier security check -- redirects to http://example.com should - # not be allowed, but things like /view/?param=http://example.com + # Heavier security check -- redirects to http://example.com should + # not be allowed, but things like /view/?param=http://example.com # should be allowed. This regex checks if there is a '//' *before* a # question mark. elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to): @@ -49,11 +49,11 @@ def check_tos(request, template_name='tos/tos_check.html', if request.method=="POST": if request.POST.get("accept", "") == "accept": user = request.session['tos_user'] - + # Save the user agreement to the new TOS UserAgreement.objects.create(terms_of_service=tos, user=user) - - # Log the user in + + # Log the user in auth_login(request, user) if request.session.test_cookie_worked(): @@ -69,11 +69,11 @@ def check_tos(request, template_name='tos/tos_check.html', redirect_field_name: redirect_to, }, context_instance=RequestContext(request)) - - - + + + @csrf_protect -@never_cache +@never_cache def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): @@ -86,7 +86,7 @@ def login(request, template_name='registration/login.html', if form.is_valid(): redirect_to = _redirect_to(redirect_to) - + # Okay, security checks complete. Check to see if user agrees to terms user = form.get_user() if has_user_agreed_latest_tos(user): @@ -98,18 +98,18 @@ def login(request, template_name='registration/login.html', request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) - + else: # user has not yet agreed to latest tos # force them to accept or refuse - + request.session['tos_user'] = user - - + + return render_to_response('tos/tos_check.html', { redirect_field_name: redirect_to, 'tos': TermsOfService.objects.get_current_tos() - }, context_instance=RequestContext(request)) + }, context_instance=RequestContext(request)) else: form = authentication_form(request) From 67c8b702b57eb6081e7f2dbebaa82530b3b8c80e Mon Sep 17 00:00:00 2001 From: akuryou Date: Mon, 24 Mar 2014 15:48:23 +0100 Subject: [PATCH 2/2] store user id in session not the whole user object --- tos/views.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tos/views.py b/tos/views.py index c84e4e1..fa5feff 100644 --- a/tos/views.py +++ b/tos/views.py @@ -2,6 +2,7 @@ from django.views.generic import TemplateView import re from django.conf import settings from django.contrib import messages +from django.contrib.auth import get_user_model from django.contrib.auth import login as auth_login from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth.forms import AuthenticationForm @@ -48,7 +49,7 @@ def check_tos(request, template_name='tos/tos_check.html', tos = TermsOfService.objects.get_current_tos() if request.method=="POST": if request.POST.get("accept", "") == "accept": - user = request.session['tos_user'] + user = get_user_model().objects.get(pk=request.session['tos_user']) # Save the user agreement to the new TOS UserAgreement.objects.create(terms_of_service=tos, user=user) @@ -103,7 +104,7 @@ def login(request, template_name='registration/login.html', # user has not yet agreed to latest tos # force them to accept or refuse - request.session['tos_user'] = user + request.session['tos_user'] = user.pk return render_to_response('tos/tos_check.html', {