From c9b2e9bf36520c109e1119c44d429994362c9254 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 3 Feb 2015 09:32:06 +0100
Subject: [PATCH] Store requesting user on the request when successfull

Use is stored in request.secret_questions_user
---
 auf/django/secretquestions/decorators.py | 12 ++++++++++--
 auf/django/secretquestions/views.py      |  2 +-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/auf/django/secretquestions/decorators.py b/auf/django/secretquestions/decorators.py
index 7e16777..403756c 100644
--- a/auf/django/secretquestions/decorators.py
+++ b/auf/django/secretquestions/decorators.py
@@ -7,6 +7,12 @@ from django.shortcuts import redirect
 from django.utils.translation import ugettext as _
 
 from django.contrib import messages
+try:
+    from django.contrib.auth import get_user_model
+except ImportError:
+    from django.contrib.auth.models import User
+    def get_user_model():
+        return User
 
 from .views import SecretQuestionWizard
 from .conf import SQ_SESSION_KEY, SQ_TOKEN_TTL
@@ -17,10 +23,11 @@ def secret_questions_required(ttl=SQ_TOKEN_TTL):
     def _inner(view):
 
         def _wrapped(request, *args, **kwargs):
-            session_token, url, date = request.session.get(SQ_SESSION_KEY,
+            session_token, url, date, user_pk = request.session.get(SQ_SESSION_KEY,
                                                            (None,
                                                             None,
-                                                            datetime.now(),))
+                                                            datetime.now(),
+                                                            None))
             get_token = request.GET.get(SQ_SESSION_KEY, None)
             date_max = date + timedelta(seconds=ttl)
 
@@ -40,6 +47,7 @@ def secret_questions_required(ttl=SQ_TOKEN_TTL):
                 return redirect(clean_url)
 
             if session_token == get_token:
+                request.secret_questions_user = get_user_model().objects.get(pk=user_pk)
                 return view(request, *args, **kwargs)
 
             # should not be raised
diff --git a/auf/django/secretquestions/views.py b/auf/django/secretquestions/views.py
index e638095..c6ac394 100644
--- a/auf/django/secretquestions/views.py
+++ b/auf/django/secretquestions/views.py
@@ -90,7 +90,7 @@ class SecretQuestionWizard(FormWizard):
         params[SQ_SESSION_KEY] = token
         qs = urlencode(params)
         url = "%s?%s" % (path, qs)
-        request.session[SQ_SESSION_KEY] = (token, path, datetime.now())
+        request.session[SQ_SESSION_KEY] = (token, path, datetime.now(), self.user.pk)
 
         return redirect(url)