From c19c1afb1096a7c1b979c35586bb480939ab6b21 Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Wed, 6 Jan 2016 19:10:05 +0100
Subject: [PATCH] handle user association the right way (#9527)

---
 mandayejs/mandaye/forms.py                         | 16 ++----
 .../mandaye/migrations/0007_auto_20160106_1746.py  | 20 ++++++++
 mandayejs/mandaye/models.py                        |  2 +-
 mandayejs/mandaye/views.py                         | 60 ++++++++++++----------
 4 files changed, 58 insertions(+), 40 deletions(-)
 create mode 100644 mandayejs/mandaye/migrations/0007_auto_20160106_1746.py

diff --git a/mandayejs/mandaye/forms.py b/mandayejs/mandaye/forms.py
index 2baff3a..fcba869 100644
--- a/mandayejs/mandaye/forms.py
+++ b/mandayejs/mandaye/forms.py
@@ -13,15 +13,17 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from __future__ import absolute_import
 
 from django import forms
+from django.conf import settings
 
+from mandayejs.mandaye.models import UserCredentials
 
 class FormFactory(forms.Form):
     def __init__(self, *args, **kwargs): 
-        fields = kwargs.pop('locators', None)
         super(FormFactory, self).__init__(*args, **kwargs)
-        
+        fields = getattr(settings, 'SITE_LOCATORS', [])
         if fields : 
             for field in fields :
                 if field['kind'] == 'string':
@@ -42,13 +44,3 @@ class FormFactory(forms.Form):
                             help_text=field['help']
                     )
 
-    def is_valid(self,):
-        is_valid = super(FormFactory, self).is_valid()
-        if not is_valid:
-            return is_valid
-
-        if self.data == {}:
-            return False
-
-        return is_valid
-
diff --git a/mandayejs/mandaye/migrations/0007_auto_20160106_1746.py b/mandayejs/mandaye/migrations/0007_auto_20160106_1746.py
new file mode 100644
index 0000000..4f7082e
--- /dev/null
+++ b/mandayejs/mandaye/migrations/0007_auto_20160106_1746.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mandaye', '0006_usercredentials_linked'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='usercredentials',
+            name='linked',
+            field=models.BooleanField(default=False, verbose_name='associated'),
+            preserve_default=True,
+        ),
+    ]
diff --git a/mandayejs/mandaye/models.py b/mandayejs/mandaye/models.py
index ee087e9..4eb0201 100644
--- a/mandayejs/mandaye/models.py
+++ b/mandayejs/mandaye/models.py
@@ -23,7 +23,7 @@ from django.utils.translation import ugettext_lazy as _
 class UserCredentials(models.Model):
     user = models.ForeignKey('auth.User')
     locators = JSONField(_('locators'), default={}, blank=True) 
-    linked = models.BooleanField(_('associated'), default=True, blank=True)
+    linked = models.BooleanField(_('associated'), default=False, blank=True)
 
     class Meta:
         unique_together = ('user',)
diff --git a/mandayejs/mandaye/views.py b/mandayejs/mandaye/views.py
index 4b36d65..f8546a1 100644
--- a/mandayejs/mandaye/views.py
+++ b/mandayejs/mandaye/views.py
@@ -84,8 +84,7 @@ def post_login(request, *args, **kwargs):
         user = get_user_model().objects.get(username=request.user.username)
         logger.debug(user)
         credentials = UserCredentials.objects.get(
-                user=user,
-                linked=True)
+                user=user)
         logger.debug(credentials)
     except (UserCredentials.DoesNotExist,):
         return HttpResponseRedirect(resolve_url('associate'))
@@ -97,27 +96,30 @@ def post_login(request, *args, **kwargs):
 @login_required
 @csrf_exempt
 def associate(request, *args, **kwargs):
-    if request.POST:
-        credentials, created = UserCredentials.objects.get_or_create(user=request.user)
-        credentials.locators = request.POST
-        credentials.linked = True
-        credentials.save()
-        form = FormFactory(request.POST, auto_id=True, locators=settings.SITE_LOCATORS)
-    else:
-        form = FormFactory(auto_id=True, locators=settings.SITE_LOCATORS)
-    if not form.is_valid():
-        site_static_root = getattr(settings, 'SITE_STATIC_ROOT_PATH', '')
-        associate_static = getattr(settings, 'SITE_ASSOCIATE_STATIC',
-                                   {'css':'', 'js':''})
-
-        response = render(request, 'mandaye/associate.html', {
-                    'form': form,
-                    'associate_js': os.path.join(site_static_root, associate_static['js']),
-                    'associate_css': os.path.join(site_static_root, associate_static['css'])
-                })
-        return response
+    if request.method == 'POST':
+
+        form = FormFactory(request.POST, auto_id=True)
+        if form.is_valid():
+            credentials, created = UserCredentials.objects.get_or_create(user=request.user)
+            credentials.locators = request.POST
+            credentials.linked = False
+            credentials.save()        
+
+            return HttpResponseRedirect(resolve_url('post-login'))
+    else :
+        form = FormFactory(auto_id=True)
+
+    site_static_root = getattr(settings, 'SITE_STATIC_ROOT_PATH', '')
+    associate_static = getattr(settings, 'SITE_ASSOCIATE_STATIC',
+                           {'css':'', 'js':''})
+
+    response = render(request, 'mandaye/associate.html', {
+        'form': form,
+        'associate_js': os.path.join(site_static_root, associate_static['js']),
+        'associate_css': os.path.join(site_static_root, associate_static['css'])        
+    })
+    return response
 
-    return HttpResponseRedirect(resolve_url('post-login'))
 
 @login_required
 def dissociate(request, *args, **kwargs):
@@ -150,17 +152,21 @@ def post_login_do(request, *args, **kwargs):
     logger.debug(login_info)
     result = exec_phantom(login_info)
     logger.debug(result)
+
+    User = get_user_model()
+    user = User.objects.get(username=request.user.username)
+    c_user = user.usercredentials_set.get()
+
     if result.get('result') != 'ok':
         logger.debug('authentication failed')
-        User = get_user_model()
-        user = User.objects.get(username=request.user.username)
-        c_user = user.usercredentials_set.get()
-        c_user.linked = False
-        c_user.save()
+        
+        
         logger.debug("redirecting to {}".format(resolve_url('associate')))
         messages.error(request, _('wrong user credentials'))
         url = resolve_url('associate')
     else:
+        c_user.linked = True
+        c_user.save()
         url = getattr(settings, 'SITE_HOME_PATH', '/')
 
     template = Template('<script type="text/javascript">\
-- 
2.6.4