misc: remove dead logged-in JSONP endpoint (#88195)
gitea/authentic/pipeline/head This commit looks good
Details
gitea/authentic/pipeline/head This commit looks good
Details
This commit is contained in:
parent
95701c5e76
commit
4dc8f6aab7
|
@ -177,7 +177,6 @@ default_settings = dict(
|
||||||
default=True, definition='Check username uniqueness on registration'
|
default=True, definition='Check username uniqueness on registration'
|
||||||
),
|
),
|
||||||
IDP_BACKENDS=(),
|
IDP_BACKENDS=(),
|
||||||
VALID_REFERERS=Setting(default=(), definition='List of prefix to match referers'),
|
|
||||||
A2_OPENED_SESSION_COOKIE_NAME=Setting(default='A2_OPENED_SESSION', definition='Authentic session open'),
|
A2_OPENED_SESSION_COOKIE_NAME=Setting(default='A2_OPENED_SESSION', definition='Authentic session open'),
|
||||||
A2_OPENED_SESSION_COOKIE_DOMAIN=Setting(default=None),
|
A2_OPENED_SESSION_COOKIE_DOMAIN=Setting(default=None),
|
||||||
A2_ATTRIBUTE_KINDS=Setting(default=(), definition='List of other attribute kinds'),
|
A2_ATTRIBUTE_KINDS=Setting(default=(), definition='List of other attribute kinds'),
|
||||||
|
|
|
@ -50,7 +50,6 @@ accounts_urlpatterns = [
|
||||||
views.ValidateDeletionView.as_view(),
|
views.ValidateDeletionView.as_view(),
|
||||||
name='validate_deletion',
|
name='validate_deletion',
|
||||||
),
|
),
|
||||||
path('logged-in/', views.logged_in, name='logged-in'),
|
|
||||||
path('edit/', views.edit_profile, name='profile_edit'),
|
path('edit/', views.edit_profile, name='profile_edit'),
|
||||||
path('edit/required/', views.edit_required_profile, name='profile_required_edit'),
|
path('edit/required/', views.edit_required_profile, name='profile_required_edit'),
|
||||||
re_path(r'^edit/(?P<scope>[-\w]+)/$', views.edit_profile, name='profile_edit_with_scope'),
|
re_path(r'^edit/(?P<scope>[-\w]+)/$', views.edit_profile, name='profile_edit_with_scope'),
|
||||||
|
|
|
@ -33,13 +33,7 @@ from django.db.models import Count
|
||||||
from django.db.models.query import Q
|
from django.db.models.query import Q
|
||||||
from django.db.transaction import atomic
|
from django.db.transaction import atomic
|
||||||
from django.forms import CharField
|
from django.forms import CharField
|
||||||
from django.http import (
|
from django.http import Http404, HttpResponseBadRequest, HttpResponseRedirect
|
||||||
Http404,
|
|
||||||
HttpResponse,
|
|
||||||
HttpResponseBadRequest,
|
|
||||||
HttpResponseForbidden,
|
|
||||||
HttpResponseRedirect,
|
|
||||||
)
|
|
||||||
from django.shortcuts import get_object_or_404, render
|
from django.shortcuts import get_object_or_404, render
|
||||||
from django.template import loader
|
from django.template import loader
|
||||||
from django.template.loader import render_to_string
|
from django.template.loader import render_to_string
|
||||||
|
@ -1074,30 +1068,6 @@ def login_password_profile(request, *args, **kwargs):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
class LoggedInView(View):
|
|
||||||
'''JSONP web service to detect if an user is logged'''
|
|
||||||
|
|
||||||
http_method_names = ['get']
|
|
||||||
|
|
||||||
def check_referrer(self):
|
|
||||||
'''Check if the given referer is authorized'''
|
|
||||||
referer = self.request.headers.get('Referer', '')
|
|
||||||
for valid_referer in app_settings.VALID_REFERERS:
|
|
||||||
if referer.startswith(valid_referer):
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
def get(self, request, *args, **kwargs):
|
|
||||||
if not self.check_referrer():
|
|
||||||
return HttpResponseForbidden()
|
|
||||||
callback = request.GET.get('callback')
|
|
||||||
content = f'{callback}({int(request.user.is_authenticated)})'
|
|
||||||
return HttpResponse(content, content_type='application/json')
|
|
||||||
|
|
||||||
|
|
||||||
logged_in = never_cache(LoggedInView.as_view())
|
|
||||||
|
|
||||||
|
|
||||||
def csrf_failure_view(request, reason=''):
|
def csrf_failure_view(request, reason=''):
|
||||||
messages.warning(request, _('The page is out of date, it was reloaded for you'))
|
messages.warning(request, _('The page is out of date, it was reloaded for you'))
|
||||||
return HttpResponseRedirect(request.get_full_path())
|
return HttpResponseRedirect(request.get_full_path())
|
||||||
|
|
Loading…
Reference in New Issue