altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

Applied a patch from rcross@amsl.com, which fixes a problem associated with the recent Secretariat auth changes and the not-so-ideal use of sessions in the sec code.

Browse source 
- Legacy-Id: 7594
This commit is contained in:
Henrik Levkowetz 2014-04-12 18:05:00 +00:00
parent e1d5792e02
commit 9ce5280229
3 changed files with 18 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ietf/secr/announcement/views.py
View file

@ -6,7 +6,7 @@ from django.template import RequestContext
from ietf.group.models import Role
from ietf.ietfauth.utils import has_role
from ietf.secr.announcement.forms import AnnounceForm
from ietf.secr.utils.decorators import check_for_cancel
from ietf.secr.utils.decorators import check_for_cancel, clear_non_auth
from ietf.utils.mail import send_mail_text
# -------------------------------------------------
@ -89,7 +89,7 @@ def confirm(request):
extra=extra)
# clear session
request.session.clear()
clear_non_auth(request.session)
messages.success(request, 'The announcement was sent.')
return redirect('announcement')

13
ietf/secr/drafts/views.py
View file

@ -25,6 +25,7 @@ from ietf.secr.drafts.forms import ( AddModelForm, AuthorForm, BaseRevisionModel
from ietf.secr.proceedings.proc_utils import get_progress_stats
from ietf.secr.sreq.views import get_meeting
from ietf.secr.utils.ams_utils import get_base
from ietf.secr.utils.decorators import clear_non_auth
from ietf.secr.utils.document import get_rfc_num, get_start_date
from ietf.submit.models import Submission, Preapproval, DraftSubmissionStateName, SubmissionEvent
from ietf.utils.draft import Draft
@ -514,7 +515,7 @@ def add(request):
* form
'''
request.session.clear()
clear_non_auth(request.session)
if request.method == 'POST':
button_text = request.POST.get('submit', '')
@ -699,7 +700,7 @@ def confirm(request, id):
if button_text == 'Cancel':
# TODO do cancel functions from session (ie remove uploaded files?)
# clear session data
request.session.clear()
clear_non_auth(request.session)
return redirect('drafts_view', id=id)
action = request.session['action']
@ -719,7 +720,7 @@ def confirm(request, id):
func(draft,request)
# clear session data
request.session.clear()
clear_non_auth(request.session)
messages.success(request, '%s action performed successfully!' % action)
return redirect('drafts_view', id=id)
@ -818,7 +819,7 @@ def email(request, id):
button_text = request.POST.get('submit', '')
if button_text == 'Cancel':
# clear session data
request.session.clear()
clear_non_auth(request.session)
return redirect('drafts_view', id=id)
form = EmailForm(request.POST)
@ -1061,7 +1062,7 @@ def search(request):
'''
results = []
request.session.clear()
clear_non_auth(request.session)
if request.method == 'POST':
form = SearchForm(request.POST)
@ -1172,7 +1173,7 @@ def view(request, id):
* draft, area, id_tracker_state
'''
draft = get_object_or_404(Document, name=id)
#request.session.clear()
#clear_non_auth(request.session)
# TODO fix in Django 1.2
# some boolean state variables for use in the view.html template to manage display

10
ietf/secr/utils/decorators.py
View file

@ -10,6 +10,14 @@ from ietf.meeting.models import Session
from ietf.secr.utils.meeting import get_timeslot
def clear_non_auth(session):
"""
Clears non authentication related keys from the session object
"""
for key in session.keys():
if not key.startswith('_auth'):
del session[key]
def check_for_cancel(redirect_url):
"""
Decorator to make a view redirect to the given url if the reuqest is a POST which contains
@ -19,7 +27,7 @@ def check_for_cancel(redirect_url):
@wraps(func)
def inner(request, *args, **kwargs):
if request.method == 'POST' and request.POST.get('submit',None) == 'Cancel':
request.session.clear()
clear_non_auth(request.session)
return HttpResponseRedirect(redirect_url)
return func(request, *args, **kwargs)
return inner