Project

General

Profile

0001-misc-create-session-substitution-variables-from-quer.patch

Frédéric Péters, 17 August 2015 05:04 PM

Download (5.16 KB)

View differences:

Subject: [PATCH] misc: create session substitution variables from query string
 (#7858)

 tests/test_form_pages.py | 45 +++++++++++++++++++++++++++++++++++++++++++++
 wcs/qommon/sessions.py   | 32 ++++++++++++++++++++++++++++++++
 wcs/root.py              |  1 +
 3 files changed, 78 insertions(+)
tests/test_form_pages.py
1 1
import pytest
2 2
import hashlib
3
import os
3 4

  
4 5
from wcs.qommon.ident.password_accounts import PasswordAccount
5 6
from wcs.formdef import FormDef
......
884 885
            '0_structured': [
885 886
                {'id': '1', 'more': 'foo', 'text': 'un'},
886 887
                {'id': '3', 'more': 'baz', 'text': 'trois'}]}
888

  
889
def test_form_page_query_string_prefill(pub):
890
    user = create_user(pub)
891
    formdef = create_formdef()
892
    formdef.data_class().wipe()
893
    formdef.fields = [fields.StringField(id='0', label='string',
894
        prefill={'type': 'formula', 'value': 'session_var_foo'})]
895
    formdef.store()
896

  
897
    # check it's empty if it doesn't exist
898
    resp = get_app(pub).get('/test/')
899
    assert resp.forms[0]['f0'].value == ''
900

  
901
    # check it's not set if it's not whitelisted
902
    resp = get_app(pub).get('/?session_var_foo=hello')
903
    resp = resp.click('test')
904
    assert resp.forms[0]['f0'].value == ''
905

  
906
    # check it works
907
    open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w').write('''[options]
908
query_string_allowed_vars = foo,bar
909
''')
910

  
911
    resp = get_app(pub).get('/?session_var_foo=hello')
912
    resp = resp.click('test')
913
    assert resp.forms[0]['f0'].value == 'hello'
914

  
915
    # check it survives a login
916
    resp = get_app(pub).get('/?session_var_foo=hello2')
917
    resp = resp.click('Login')
918
    resp = resp.follow()
919
    resp.forms[0]['username'] = 'foo'
920
    resp.forms[0]['password'] = 'foo'
921
    resp = resp.forms[0].submit()
922
    resp = resp.follow()
923
    resp = resp.click('test')
924
    assert resp.forms[0]['f0'].value == 'hello2'
925

  
926
    # check repeated options are ignored
927
    resp = get_app(pub).get('/?session_var_foo=hello&session_var_foo=hello2')
928
    resp = resp.click('test')
929
    assert resp.forms[0]['f0'].value == ''
930

  
931
    os.unlink(os.path.join(pub.app_dir, 'site-options.cfg'))
wcs/qommon/sessions.py
80 80
    ident_idp_token = None
81 81
    tempfiles = None
82 82
    jsonp_display_values = None
83
    extra_variables = None
83 84

  
84 85
    username = None # only set on password authentication
85 86

  
......
92 93
            self.ident_idp_token or \
93 94
            self.tempfiles or \
94 95
            self.jsonp_display_values or \
96
            self.extra_variables or \
95 97
            CaptchaSession.has_info(self) or \
96 98
            QuixoteSession.has_info(self)
97 99
    is_dirty = has_info
......
205 207
        value.fp = open(filename)
206 208
        return value
207 209

  
210
    def add_extra_variable(self, key, value):
211
        if not self.extra_variables:
212
            self.extra_variables = {}
213
        self.extra_variables[key] = value
214

  
215
    def start_request(self):
216
        # feed session with specific query string parameters
217
        request = get_request()
218
        if request.get_method() == 'GET' and request.form:
219
            query_string_allowed_vars = get_publisher().get_site_option(
220
                    'query_string_allowed_vars') or ''
221
            query_string_allowed_vars = [x.strip() for x in
222
                    query_string_allowed_vars.split(',')]
223
            for k, v in request.form.items():
224
                if k.startswith('session_var_'):
225
                    session_variable = str(k[len('session_var_'):])
226
                    if session_variable in query_string_allowed_vars and (
227
                            isinstance(v, str)):
228
                        self.add_extra_variable(session_variable, v)
229
                    del request.form[k]
230

  
231
        return QuixoteSession.start_request(self)
232

  
233
    def get_substitution_variables(self, prefix='session_var_'):
234
        d = {}
235
        if self.extra_variables:
236
            for k, v in self.extra_variables.items():
237
                d[prefix + k] = v
238
        return d
239

  
208 240

  
209 241
class QommonSessionManager(QuixoteSessionManager):
210 242
    def start_request(self):
wcs/root.py
283 283
        if not hasattr(response, 'breadcrumb'):
284 284
            response.breadcrumb = [ ('', _('Home')) ]
285 285

  
286
        get_publisher().substitutions.feed(get_session())
286 287
        get_publisher().substitutions.feed(get_request().user)
287 288
        get_publisher().substitutions.feed(NamedDataSource)
288 289

  
289
-