aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2022-01-05 14:45:42 +0100
committerAndrea Lepori <alepori@student.ethz.ch>2022-01-05 14:46:03 +0100
commit5f1926c0be89d40764a9a2b361ac6c03ba24bcaf (patch)
treefefc24f97e48924a93212a31fad6a19efb78fa4f
parentedit password working (diff)
downloadscout-subs-5f1926c0be89d40764a9a2b361ac6c03ba24bcaf.tar.gz
scout-subs-5f1926c0be89d40764a9a2b361ac6c03ba24bcaf.zip
check oauth when creating/editing documents
Diffstat (limited to '')
-rw-r--r--accounts/views.py67
-rw-r--r--client/views.py15
-rw-r--r--version.txt2
3 files changed, 42 insertions, 42 deletions
diff --git a/accounts/views.py b/accounts/views.py
index 2f291c6..4c5f006 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -58,6 +58,28 @@ def oauth_login(request):
return hitobito.authorize_redirect(request, redirect_uri)
+def copy_from_midata(request, usercode):
+ resp = get_oauth_data(usercode.midata_token)
+
+ if resp.status_code != 200:
+ logout(request)
+ return False
+
+ resp_data = resp.json()
+
+ request.user.first_name = resp_data["first_name"]
+ request.user.last_name = resp_data["last_name"]
+ request.user.email = resp_data["email"]
+ request.user.save()
+
+ usercode.via = resp_data["address"]
+ usercode.cap = resp_data["zip_code"]
+ usercode.country = resp_data["town"]
+ usercode.born_date = dateparser.parse(resp_data["birthday"])
+ usercode.save()
+
+ return True
+
# callback after acquiring token
def auth(request):
token = hitobito.authorize_access_token(request)
@@ -72,18 +94,11 @@ def auth(request):
# user exist
login(request, usercode[0].user)
- request.user.first_name = resp_data["first_name"]
- request.user.last_name = resp_data["last_name"]
- request.user.email = resp_data["email"]
- request.user.save()
-
- usercode[0].via = resp_data["address"]
- usercode[0].cap = resp_data["zip_code"]
- usercode[0].country = resp_data["town"]
- usercode[0].born_date = dateparser.parse(resp_data["birthday"])
usercode[0].midata_token = token["access_token"]
usercode[0].save()
+ copy_from_midata(request, usercode[0])
+
return HttpResponseRedirect(request.GET["next"])
# create new user
@@ -97,20 +112,12 @@ def auth(request):
medic = MedicalData()
medic.save()
- userCode = UserCode(user=user, code=code, medic=medic, midata_id=resp_data["id"], midata_token=token["access_token"])
- user.first_name = resp_data["first_name"]
- user.last_name = resp_data["last_name"]
- user.email = resp_data["email"]
- user.save()
-
- userCode.via = resp_data["address"]
- userCode.cap = resp_data["zip_code"]
- userCode.country = resp_data["town"]
- userCode.born_date = dateparser.parse(resp_data["birthday"])
- userCode.save()
+ usercode = UserCode(user=user, code=code, medic=medic, midata_id=resp_data["id"], midata_token=token["access_token"])
login(request, user)
+ copy_from_midata(request, usercode)
+
return HttpResponseRedirect(request.GET["next"])
# send to hitobito request to get token
@@ -509,25 +516,9 @@ def personal_wrapper(request, errors):
# get user info from midata
if midata_user:
- resp = get_oauth_data(usercode.midata_token)
-
- if resp.status_code != 200:
- logout(request)
- return HttpResponseRedirect(request.path_info)
-
- resp_data = resp.json()
-
midata_disable = " readonly disabled"
- request.user.first_name = resp_data["first_name"]
- request.user.last_name = resp_data["last_name"]
- request.user.email = resp_data["email"]
- request.user.save()
-
- usercode.via = resp_data["address"]
- usercode.cap = resp_data["zip_code"]
- usercode.country = resp_data["town"]
- usercode.born_date = dateparser.parse(resp_data["birthday"])
- usercode.save()
+ if not copy_from_midata(request, usercode):
+ return HttpResponseRedirect(request.path_info)
usable_password = request.user.has_usable_password()
diff --git a/client/views.py b/client/views.py
index 44820be..467fee6 100644
--- a/client/views.py
+++ b/client/views.py
@@ -4,6 +4,7 @@ from django.db.models import Q
from django.http import HttpResponseRedirect, FileResponse
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
+from accounts.views import copy_from_midata
from io import BytesIO
import pdfkit
@@ -122,6 +123,12 @@ def index(request):
@login_required
def create(request):
context = {}
+ usercode = UserCode.objects.filter(user=request.user)[0]
+
+ if usercode.midata_id > 0:
+ if not copy_from_midata(request, usercode):
+ return HttpResponseRedirect(request.path_info)
+
# group name and obj
parent_groups = request.user.groups.values_list('name', flat=True)
@@ -190,7 +197,6 @@ def create(request):
return
# set default values
- usercode = UserCode.objects.filter(user=request.user)[0]
code = 0
status = "wait"
personal_data = None
@@ -245,6 +251,11 @@ def edit(request):
@login_required
def edit_wrapper(request, context):
if request.method == "POST":
+ usercode = UserCode.objects.filter(user=request.user)[0]
+ if usercode.midata_id > 0:
+ if not copy_from_midata(request, usercode):
+ return HttpResponseRedirect(request.path_info)
+
if "action" not in request.POST.keys():
# get document
document = Document.objects.get(id=request.POST["doc"])
@@ -258,8 +269,6 @@ def edit_wrapper(request, context):
document.save(update_fields=["compilation_date"])
# save again all data
- usercode = UserCode.objects.filter(user=document.user)[0]
-
if document.document_type.personal_data:
personal_data = PersonalData(email=request.user.email, parent_name=usercode.parent_name, via=usercode.via, cap=usercode.cap, country=usercode.country,
nationality=usercode.nationality, born_date=usercode.born_date, home_phone=usercode.home_phone, phone=usercode.phone, school=usercode.school, year=usercode.year, avs_number=usercode.avs_number)
diff --git a/version.txt b/version.txt
index 5d4e9ed..bab59e6 100644
--- a/version.txt
+++ b/version.txt
@@ -1,2 +1,2 @@
version=0.4
-rev=15
+rev=16