0001-forms-force-authentication-on-user-drafts-37095.patch
tests/test_form_pages.py | ||
---|---|---|
1559 | 1559 |
resp = resp.forms[0].submit() |
1560 | 1560 |
assert formdef.data_class().get(formdata_id).evolution[-1].comment == 'hello world' |
1561 | 1561 | |
1562 |
# and check we can also get back to it as anonymous
|
|
1562 |
# check we can't get back to it as anonymous
|
|
1563 | 1563 |
app = get_app(pub) |
1564 | 1564 |
resp = app.get('/') |
1565 | 1565 |
resp.forms[0]['code'] = tracking_code |
1566 | 1566 |
resp = resp.forms[0].submit() |
1567 | 1567 |
assert resp.location == 'http://example.net/code/%s/load' % tracking_code |
1568 | 1568 |
resp = resp.follow() |
1569 |
assert resp.location == 'http://example.net/test/%s' % formdata_id |
|
1570 |
resp = resp.follow() |
|
1571 |
resp = resp.follow() |
|
1572 |
assert 'form_comment' in resp.text # makes sure user is treated as submitter |
|
1569 |
assert resp.location == 'http://example.net/login/?ReturnUrl=http://example.net/test/%s' % formdata_id |
|
1573 | 1570 | |
1574 | 1571 |
# and check a bot is not allowed to get it |
1575 | 1572 |
app = get_app(pub) |
wcs/forms/root.py | ||
---|---|---|
174 | 174 |
raise errors.TraversalError() |
175 | 175 |
if BotFilter.is_bot(): |
176 | 176 |
raise errors.AccessForbiddenError() |
177 | ||
178 |
formdata_url = formdata.get_url().rstrip('/') |
|
179 |
if formdata.user_id and not get_request().user: |
|
180 |
# anonymous user asked to load a tracking code associated with an user, |
|
181 |
# don't load, ask for authentication instead |
|
182 |
return redirect('/login/?ReturnUrl=%s' % formdata_url) |
|
177 | 183 |
get_session().mark_anonymous_formdata(formdata) |
178 |
return redirect(formdata.get_url().rstrip('/'))
|
|
184 |
return redirect(formdata_url)
|
|
179 | 185 | |
180 | 186 | |
181 | 187 |
class TrackingCodesDirectory(Directory): |
182 |
- |