forms: redirect to first form page on lost session (#8462)

2015-10-01 16:15:08 +02:00 · 2015-10-01 16:15:08 +02:00 · 123fc09698
parent f6b5a0f7e0
commit 123fc09698
2 changed files with 51 additions and 0 deletions
--- a/tests/test_form_pages.py
+++ b/tests/test_form_pages.py
@ -1308,3 +1308,38 @@ def test_form_map_multi_page(pub):
    data_id = formdef.data_class().select()[0].id
    data = formdef.data_class().get(data_id)
    assert data.data == {'1': '1.234;-1.234', '3': 'bar'}
+
+def test_form_middle_session_change(pub):
+    formdef = create_formdef()
+    formdef.fields = [fields.PageField(id='0', label='1st page', type='page'),
+            fields.StringField(id='1', label='string'),
+            fields.PageField(id='2', label='2nd page', type='page'),
+            fields.StringField(id='3', label='string 2')]
+    formdef.store()
+
+    app = get_app(pub)
+    resp = app.get('/test/')
+    resp.forms[0]['f1'] = 'foo'
+    assert resp.forms[0].fields['submit'][0].value_if_submitted() == 'Next'
+    resp = resp.forms[0].submit('submit')
+    assert resp.forms[0]['previous']
+    app.cookiejar.clear()
+    resp.forms[0]['f3'] = 'bar'
+    resp = resp.forms[0].submit('submit')
+    assert resp.location == 'http://example.net/test/'
+    resp = resp.follow()
+    assert 'Sorry, your session have been lost.' in resp.body
+
+    app = get_app(pub)
+    resp = app.get('/test/')
+    resp.forms[0]['f1'] = 'foo'
+    assert resp.forms[0].fields['submit'][0].value_if_submitted() == 'Next'
+    resp = resp.forms[0].submit('submit')
+    assert resp.forms[0]['previous']
+    resp.forms[0]['f3'] = 'bar'
+    resp = resp.forms[0].submit('submit')
+    assert 'Check values then click submit.' in resp.body
+    app.cookiejar.clear()
+    resp = resp.forms[0].submit('submit')
+    resp = resp.follow()
+    assert 'Sorry, your session have been lost.' in resp.body
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@ -415,6 +415,7 @@ class FormPage(Directory):

        self.html_top(self.formdef.name)
        r += self.form_side(0, page_no, log_detail=log_detail, data=data, editing=editing)
+        r += get_session().display_message()

        form.add_hidden('step', '0')
        form.add_hidden('page', page_no)
@ -483,6 +484,21 @@ class FormPage(Directory):

        session = get_session()

+        if get_request().form.get('magictoken'):
+            no_magic = object()
+            session_magic_token = session.get_by_magictoken(
+                    get_request().form.get('magictoken'), no_magic)
+            if session_magic_token is no_magic:
+                if (get_request().form.get('page') != '0' or
+                        get_request().form.get('step') != '0'):
+                    # the magictoken that has been submitted is not available
+                    # in the session and we're not on the first page of the
+                    # first step that means we probably lost the session in
+                    # mid-air.
+                    get_session().message = ('error',
+                            _('Sorry, your session have been lost.'))
+                    return redirect(self.formdef.get_url())
+
        existing_formdata = None
        if editing:
            existing_formdata = editing.data