44 lines
1.5 KiB
Python
44 lines
1.5 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
from datetime import timedelta, datetime
|
|
import re
|
|
|
|
from django.shortcuts import redirect
|
|
from django.utils.translation import ugettext as _
|
|
|
|
from django.contrib import messages
|
|
|
|
from .views import SecretQuestionWizard
|
|
from .conf import SQ_SESSION_KEY, SQ_TOKEN_TTL
|
|
|
|
|
|
def secret_questions_required(view, ttl=SQ_TOKEN_TTL):
|
|
def _wrapped(request, *args, **kwargs):
|
|
session_token, url, date = request.session.get(SQ_SESSION_KEY,
|
|
(None,
|
|
None,
|
|
datetime.now()
|
|
))
|
|
get_token = request.GET.get(SQ_SESSION_KEY, None)
|
|
date_max = date + timedelta(seconds=ttl)
|
|
|
|
if session_token is None or get_token is None:
|
|
wiz = SecretQuestionWizard(request)
|
|
return wiz(request, *args, **kwargs)
|
|
|
|
if date_max < datetime.now() or \
|
|
not request.get_full_path().startswith(url):
|
|
if request.method == "POST":
|
|
messages.error(request, _("Your modifications were canceled."))
|
|
url = request.get_full_path()
|
|
regex_no_session_key = "(.*)%s=[a..z0..9]*(.*)" % SQ_SESSION_KEY
|
|
clean_url = re.sub(regex_no_session_key, "\\1", url)
|
|
return redirect(clean_url)
|
|
|
|
if session_token == get_token:
|
|
return view(request, *args, **kwargs)
|
|
|
|
raise Exception('SQ')
|
|
|
|
return _wrapped
|