def test_redirect_for_login(default_fxa_login_url): login_url = 'https://example.com/login' default_fxa_login_url.return_value = login_url request = mock.MagicMock() response = utils.redirect_for_login(request) default_fxa_login_url.assert_called_with(request) assert response['location'] == login_url
def test_redirect_for_login_migration_over(login_link): login_url = 'https://example.com/login' login_link.return_value = login_url request = mock.MagicMock() response = utils.redirect_for_login(request) login_link.assert_called_with(request) assert response['location'] == login_url
def login(request): # If someone is already auth'd then they're getting directed to login() # because they don't have sufficient permissions. if request.user.is_authenticated: raise PermissionDenied else: return redirect_for_login(request)
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated: return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership( request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat(request, 'bandwagon/collection_detail.html', {'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'tags': tags, 'user_perms': user_perms})
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership( request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat(request, 'bandwagon/collection_detail.html', {'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'tags': tags, 'user_perms': user_perms})
def wrapper(request, *args, **kw): if request.user.is_authenticated(): return func(request, *args, **kw) else: if redirect: return redirect_for_login(request) else: return http.HttpResponse(status=401)
def login(request): # if the user has permission, just send them to the index page if request.method == 'GET' and admin.site.has_permission(request): return redirect('admin:index') # otherwise, they're logged in but don't have permission return a 403. elif request.user.is_authenticated: raise PermissionDenied else: return redirect_for_login(request)
def wrapper(request, username, *args, **kw): """ If the author is `mine` then show the current user's collection (or something). """ if username == 'mine': if not request.user.is_authenticated(): return redirect_for_login(request) username = request.user.username return f(request, username, *args, **kw)
def test_redirect_for_login(): request = RequestFactory().get('/somewhere') request.session = {'fxa_state': 'fake-state'} response = utils.redirect_for_login(request) assert response['location'] == utils.fxa_login_url( config=FXA_CONFIG['default'], state=request.session['fxa_state'], next_path='/somewhere', action='signin', )
def wrapper(request, *args, **kw): # Prevent circular ref in accounts.utils from olympia.accounts.utils import redirect_for_login if request.user.is_authenticated(): return func(request, *args, **kw) else: if redirect: return redirect_for_login(request) else: return http.HttpResponse(status=401)
def wrapper(request, *args, **kw): # Prevent circular ref in accounts.utils from olympia.accounts.utils import redirect_for_login if request.user.is_authenticated: return func(request, *args, **kw) else: if redirect: return redirect_for_login(request) else: return http.HttpResponse(status=401)
def wrapper(request, user_id, *args, **kw): """ If the author is `mine` then show the current user's collection (or something). """ # Prevent circular ref in accounts.utils from olympia.accounts.utils import redirect_for_login if user_id == 'mine': if not request.user.is_authenticated: return redirect_for_login(request) user_id = request.user.id return f(request, user_id, *args, **kw)
def wrapper(request, username, *args, **kw): """ If the author is `mine` then show the current user's collection (or something). """ # Prevent circular ref in accounts.utils from olympia.accounts.utils import redirect_for_login if username == 'mine': if not request.user.is_authenticated(): return redirect_for_login(request) username = request.user.username return f(request, username, *args, **kw)
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied if request.GET.get('format') == 'rss': return http.HttpResponsePermanentRedirect(collection.feed_url()) base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter(Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({collection.flush_key(): keys}) if collection.author_id: qs = Collection.objects.listed().filter(author=collection.author) others = amo.utils.randslice(qs, limit=4, exclude=collection.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership(request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat( request, 'bandwagon/collection_detail.html', { 'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms })
def __call__(self, request): # API requests are validated in SessionIDAuthentication if not getattr(request, 'is_api', False): if SESSION_KEY not in request.session: # Without SESSION_KEY the session is definately anonymous so assume that request.user = AnonymousUser() else: try: check_and_update_fxa_access_token(request) except IdentificationError: log.info( f'Failed refreshing access_token for {request.user.id}' ) return redirect_for_login(request) return self.get_response(request)
def collection_detail(request, username, slug): collection = get_collection(request, username, slug) if not collection.listed: if not request.user.is_authenticated(): return redirect_for_login(request) if not acl.check_collection_ownership(request, collection): raise PermissionDenied if request.GET.get('format') == 'rss': return http.HttpResponsePermanentRedirect(collection.feed_url()) base = Addon.objects.valid() & collection.addons.all() filter = CollectionAddonFilter(request, base, key='sort', default='popular') notes = get_notes(collection) # Go directly to CollectionAddon for the count to avoid joins. count = CollectionAddon.objects.filter( Addon.objects.all().valid_q( amo.VALID_ADDON_STATUSES, prefix='addon__'), collection=collection.id) addons = paginate(request, filter.qs, per_page=15, count=count.count()) # The add-on query is not related to the collection, so we need to manually # hook them up for invalidation. Bonus: count invalidation. keys = [addons.object_list.flush_key(), count.flush_key()] caching.invalidator.add_to_flush_list({collection.flush_key(): keys}) if collection.author_id: qs = Collection.objects.listed().filter(author=collection.author) others = amo.utils.randslice(qs, limit=4, exclude=collection.id) else: others = [] # `perms` is defined in django.contrib.auth.context_processors. Gotcha! user_perms = { 'view_stats': acl.check_ownership( request, collection, require_owner=False), } tags = Tag.objects.filter( id__in=collection.top_tags) if collection.top_tags else [] return render_cat(request, 'bandwagon/collection_detail.html', {'collection': collection, 'filter': filter, 'addons': addons, 'notes': notes, 'author_collections': others, 'tags': tags, 'user_perms': user_perms})