entrouvert
/
auf-auf-django-secretquestions
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

pep8 100% ok

This commit is contained in:
Olivier Larchevêque 2013-08-09 14:10:54 -04:00
parent d30aaaa84e
commit 61c29f1a3e
9 changed files with 53 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
secretquestions/decorators.py
View File

@ -11,23 +11,28 @@ from django.contrib import messages
from .views import SecretQuestionWizard
from .conf import SQ_SESSION_KEY, SQ_TOKEN_TTL
def secret_questions_required(view, ttl=SQ_TOKEN_TTL):
def _wrapped(request, *args, **kwargs):
session_token, url, date = request.session.get(SQ_SESSION_KEY,
(None, None, datetime.now()))
session_token, url, date = request.session.get(SQ_SESSION_KEY,
(None,
None,
datetime.now()
))
get_token = request.GET.get(SQ_SESSION_KEY, None)
date_max = date + timedelta(seconds=ttl)
if session_token is None or get_token is None:
wiz = SecretQuestionWizard(request)
return wiz(request, *args, **kwargs)
if date_max < datetime.now() or \
not request.get_full_path().startswith(url):
if request.method == "POST":
messages.error(request, _("Your modifications were canceled."))
url = request.get_full_path()
clean_url = re.sub("(.*)%s=[a..z0..9]*(.*)" % SQ_SESSION_KEY, "\\1", url)
regex_no_session_key = "(.*)%s=[a..z0..9]*(.*)" % SQ_SESSION_KEY
clean_url = re.sub(regex_no_session_key, "\\1", url)
return redirect(clean_url)
if session_token == get_token:

21
secretquestions/forms.py
View File

@ -28,11 +28,12 @@ class AnswerForm(ModelForm):
return crypt_answer(data)
_FreeAnswerFormSet = modelformset_factory(Answer, form=AnswerForm,
fields=("question", "secret"),
extra=MAX_SECRET_QUESTIONS,
max_num=MAX_SECRET_QUESTIONS,
can_delete=False)
_FreeAnswerFormSet = modelformset_factory(Answer,
form=AnswerForm,
fields=("question", "secret"),
extra=MAX_SECRET_QUESTIONS,
max_num=MAX_SECRET_QUESTIONS,
can_delete=False)
class AnswerFormSet(_FreeAnswerFormSet):
@ -56,11 +57,11 @@ class AnswerFormSet(_FreeAnswerFormSet):
except:
question = None
if question is None:
raise forms.ValidationError(
_("All questions have to be selected."))
error_msg = _("All questions have to be selected.")
raise forms.ValidationError(error_msg)
if question in questions:
raise forms.ValidationError(
_("Each question has to be different."))
error_msg = _("Each question has to be different.")
raise forms.ValidationError(error_msg)
questions.append(question)
return super(AnswerFormSet, self).clean()
@ -79,7 +80,7 @@ class UsernameForm(forms.Form):
class QuestionForm(forms.Form):
raw_answer = forms.CharField()
def clean_raw_answer(self):
data = self.cleaned_data['raw_answer']
if not check_answer(data, self.answer.secret):

1
secretquestions/models.py
View File

@ -16,6 +16,7 @@ def crypt_answer(raw):
def check_answer(raw, crypted):
return check_password(raw, crypted)
class Question(models.Model):
text = models.CharField(max_length=255)

3
secretquestions/tests/common.py
View File

@ -7,6 +7,7 @@ from django.contrib.auth.models import User
from secretquestions.models import Question
class SecretQuestionTest(TestCase):
client = Client()
@ -27,5 +28,3 @@ class SecretQuestionTest(TestCase):
self.question2 = Question.objects.create(text="question2")
self.question3 = Question.objects.create(text="question3")
self.questions = (self.question1, self.question2, self.question3)

26
secretquestions/tests/configuration.py
View File

@ -28,7 +28,7 @@ class ConfigurationTest(SecretQuestionTest):
Check if setup page is accessible from authenticated people
"""
self.assertEqual(self.client.login(username=self.username,
password=self.password), True)
password=self.password), True)
url = reverse('sq_setup')
response = self.client.get(url)
@ -40,39 +40,36 @@ class ConfigurationTest(SecretQuestionTest):
"""
raw_password = 'xxx'
self.assertEqual(self.client.login(username=self.username,
password=self.password), True)
password=self.password), True)
url = reverse('sq_setup')
data = {
'form-TOTAL_FORMS': u'1',
data = {'form-TOTAL_FORMS': u'1',
'form-INITIAL_FORMS': u'0',
'form-MAX_NUM_FORMS': u'',
'form-0-question': self.question1.id,
'form-0-secret': raw_password,
}
'form-0-question': self.question1.id,
'form-0-secret': raw_password, }
response = self.client.post(url, data)
self.assertEqual(response.status_code, 302)
answer = Answer.objects.get(user=self.user, question=self.question1)
self.assertNotEqual(answer.secret, raw_password)
self.assertNotEqual(answer.secret, '')
def test_setting_empty_answer_for_one_question(self):
"""
Check if the answer is not empty
"""
raw_password = ''
self.assertEqual(self.client.login(username=self.username,
password=self.password), True)
password=self.password), True)
url = reverse('sq_setup')
data = {
'form-TOTAL_FORMS': u'1',
data = {'form-TOTAL_FORMS': u'1',
'form-INITIAL_FORMS': u'0',
'form-MAX_NUM_FORMS': u'',
'form-0-question': self.question1.id,
'form-0-secret': raw_password,
}
'form-0-question': self.question1.id,
'form-0-secret': raw_password, }
response = self.client.post(url, data)
self.assertEqual(response.status_code, 200)
with self.assertRaises(Answer.DoesNotExist):
@ -90,4 +87,3 @@ class ConfigurationTest(SecretQuestionTest):
self.assertFalse(raw_password in response.content)
answer = Answer.objects.get(user=self.user, question=self.question1)
self.assertFalse(answer.secret in response.content)

21
secretquestions/tests/settings.py
View File

@ -4,17 +4,12 @@ SECRET_KEY = 'secret'
ROOT_URLCONF = 'secretquestions.tests.urls'
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': ':memory:',
}
}
DATABASES = {'default':
{'ENGINE': 'django.db.backends.sqlite3', 'NAME': ':memory:', }}
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.admin',
'registration',
'secretquestions',)
INSTALLED_APPS = ('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.admin',
'registration',
'secretquestions',)

7
secretquestions/tests/urls.py
View File

@ -5,7 +5,6 @@ from django.contrib import admin
admin.autodiscover()
urlpatterns = patterns('',
(r'^admin/(.*)', include(admin.site.urls)),
(r'^accounts/', include('registration.urls')),
(r'^secret/', include('secretquestions.urls')),
)
(r'^admin/(.*)', include(admin.site.urls)),
(r'^accounts/', include('registration.urls')),
(r'^secret/', include('secretquestions.urls')),)

6
secretquestions/urls.py
View File

@ -3,6 +3,6 @@
from django.conf.urls.defaults import patterns, url
urlpatterns = patterns('',
url(r'questions/setup$', 'secretquestions.views.setup_form',
name="sq_setup"),
)
url(r'questions/setup$',
'secretquestions.views.setup_form',
name="sq_setup"), )

11
secretquestions/views.py
View File

@ -20,13 +20,15 @@ from django.middleware.csrf import _get_new_csrf_key
from .forms import AnswerFormSet, UsernameForm, QuestionForm
from .conf import SQ_SESSION_KEY
@login_required
def setup_form(request):
if request.method == 'POST':
formset = AnswerFormSet(request.POST, user=request.user)
if formset.is_valid():
formset.save_all()
messages.info(request, _("Your secret answers were successfully saved."))
messages.info(request,
_("Your secret answers were successfully saved."))
return redirect(settings.LOGIN_REDIRECT_URL)
else:
formset = AnswerFormSet(user=request.user)
@ -37,7 +39,7 @@ def setup_form(request):
class SecretQuestionWizard(FormWizard):
__name__ = 'SecretQuestionWizard' # fix for debugtoolbar introspection
__name__ = 'SecretQuestionWizard' # fix for debugtoolbar introspection
def __init__(self, request):
self.user = None
@ -74,18 +76,17 @@ class SecretQuestionWizard(FormWizard):
return 'secretquestions/step.html'
def done(self, request, form_list):
for form in form_list:
if not form.is_valid():
return self.redirect
token = _get_new_csrf_key()
path = urlparse(self.redirect).path
params = parse_qs(urlparse(self.redirect).query, keep_blank_values=True)
params = parse_qs(urlparse(self.redirect).query,
keep_blank_values=True)
params[SQ_SESSION_KEY] = token
qs = urlencode(params)
url = "%s?%s" % (path, qs)
request.session[SQ_SESSION_KEY] = (token, path, datetime.now())
return redirect(url)