From 5f1926c0be89d40764a9a2b361ac6c03ba24bcaf Mon Sep 17 00:00:00 2001 From: Andrea Lepori Date: Wed, 5 Jan 2022 14:45:42 +0100 Subject: check oauth when creating/editing documents --- accounts/views.py | 67 ++++++++++++++++++++++++------------------------------- client/views.py | 15 ++++++++++--- version.txt | 2 +- 3 files changed, 42 insertions(+), 42 deletions(-) diff --git a/accounts/views.py b/accounts/views.py index 2f291c6..4c5f006 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -58,6 +58,28 @@ def oauth_login(request): return hitobito.authorize_redirect(request, redirect_uri) +def copy_from_midata(request, usercode): + resp = get_oauth_data(usercode.midata_token) + + if resp.status_code != 200: + logout(request) + return False + + resp_data = resp.json() + + request.user.first_name = resp_data["first_name"] + request.user.last_name = resp_data["last_name"] + request.user.email = resp_data["email"] + request.user.save() + + usercode.via = resp_data["address"] + usercode.cap = resp_data["zip_code"] + usercode.country = resp_data["town"] + usercode.born_date = dateparser.parse(resp_data["birthday"]) + usercode.save() + + return True + # callback after acquiring token def auth(request): token = hitobito.authorize_access_token(request) @@ -72,18 +94,11 @@ def auth(request): # user exist login(request, usercode[0].user) - request.user.first_name = resp_data["first_name"] - request.user.last_name = resp_data["last_name"] - request.user.email = resp_data["email"] - request.user.save() - - usercode[0].via = resp_data["address"] - usercode[0].cap = resp_data["zip_code"] - usercode[0].country = resp_data["town"] - usercode[0].born_date = dateparser.parse(resp_data["birthday"]) usercode[0].midata_token = token["access_token"] usercode[0].save() + copy_from_midata(request, usercode[0]) + return HttpResponseRedirect(request.GET["next"]) # create new user @@ -97,20 +112,12 @@ def auth(request): medic = MedicalData() medic.save() - userCode = UserCode(user=user, code=code, medic=medic, midata_id=resp_data["id"], midata_token=token["access_token"]) - user.first_name = resp_data["first_name"] - user.last_name = resp_data["last_name"] - user.email = resp_data["email"] - user.save() - - userCode.via = resp_data["address"] - userCode.cap = resp_data["zip_code"] - userCode.country = resp_data["town"] - userCode.born_date = dateparser.parse(resp_data["birthday"]) - userCode.save() + usercode = UserCode(user=user, code=code, medic=medic, midata_id=resp_data["id"], midata_token=token["access_token"]) login(request, user) + copy_from_midata(request, usercode) + return HttpResponseRedirect(request.GET["next"]) # send to hitobito request to get token @@ -509,25 +516,9 @@ def personal_wrapper(request, errors): # get user info from midata if midata_user: - resp = get_oauth_data(usercode.midata_token) - - if resp.status_code != 200: - logout(request) - return HttpResponseRedirect(request.path_info) - - resp_data = resp.json() - midata_disable = " readonly disabled" - request.user.first_name = resp_data["first_name"] - request.user.last_name = resp_data["last_name"] - request.user.email = resp_data["email"] - request.user.save() - - usercode.via = resp_data["address"] - usercode.cap = resp_data["zip_code"] - usercode.country = resp_data["town"] - usercode.born_date = dateparser.parse(resp_data["birthday"]) - usercode.save() + if not copy_from_midata(request, usercode): + return HttpResponseRedirect(request.path_info) usable_password = request.user.has_usable_password() diff --git a/client/views.py b/client/views.py index 44820be..467fee6 100644 --- a/client/views.py +++ b/client/views.py @@ -4,6 +4,7 @@ from django.db.models import Q from django.http import HttpResponseRedirect, FileResponse from django.contrib.auth.decorators import login_required from django.shortcuts import render +from accounts.views import copy_from_midata from io import BytesIO import pdfkit @@ -122,6 +123,12 @@ def index(request): @login_required def create(request): context = {} + usercode = UserCode.objects.filter(user=request.user)[0] + + if usercode.midata_id > 0: + if not copy_from_midata(request, usercode): + return HttpResponseRedirect(request.path_info) + # group name and obj parent_groups = request.user.groups.values_list('name', flat=True) @@ -190,7 +197,6 @@ def create(request): return # set default values - usercode = UserCode.objects.filter(user=request.user)[0] code = 0 status = "wait" personal_data = None @@ -245,6 +251,11 @@ def edit(request): @login_required def edit_wrapper(request, context): if request.method == "POST": + usercode = UserCode.objects.filter(user=request.user)[0] + if usercode.midata_id > 0: + if not copy_from_midata(request, usercode): + return HttpResponseRedirect(request.path_info) + if "action" not in request.POST.keys(): # get document document = Document.objects.get(id=request.POST["doc"]) @@ -258,8 +269,6 @@ def edit_wrapper(request, context): document.save(update_fields=["compilation_date"]) # save again all data - usercode = UserCode.objects.filter(user=document.user)[0] - if document.document_type.personal_data: personal_data = PersonalData(email=request.user.email, parent_name=usercode.parent_name, via=usercode.via, cap=usercode.cap, country=usercode.country, nationality=usercode.nationality, born_date=usercode.born_date, home_phone=usercode.home_phone, phone=usercode.phone, school=usercode.school, year=usercode.year, avs_number=usercode.avs_number) diff --git a/version.txt b/version.txt index 5d4e9ed..bab59e6 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ version=0.4 -rev=15 +rev=16 -- cgit v1.2.1