misc: do not save initial draft for requests from applications (#49260)
This commit is contained in:
parent
4a3d2d6867
commit
ada843ca55
|
@ -13,7 +13,6 @@ AltaVista-Intranet
|
||||||
jan.gelin@av.com
|
jan.gelin@av.com
|
||||||
FAST-WebCrawler
|
FAST-WebCrawler
|
||||||
crawler@fast.no
|
crawler@fast.no
|
||||||
Wget
|
|
||||||
Acoon Robot
|
Acoon Robot
|
||||||
antibot
|
antibot
|
||||||
Atomz
|
Atomz
|
||||||
|
|
|
@ -2148,6 +2148,36 @@ def test_form_draft_with_date(pub):
|
||||||
assert '2012-02-12' in resp.text
|
assert '2012-02-12' in resp.text
|
||||||
|
|
||||||
|
|
||||||
|
def test_form_draft_from_prefill(pub):
|
||||||
|
formdef = create_formdef()
|
||||||
|
formdef.fields = [
|
||||||
|
fields.StringField(id='0', label='string'),
|
||||||
|
]
|
||||||
|
formdef.enable_tracking_codes = True
|
||||||
|
formdef.store()
|
||||||
|
formdef.data_class().wipe()
|
||||||
|
|
||||||
|
# no draft
|
||||||
|
resp = get_app(pub).get('/test/')
|
||||||
|
assert formdef.data_class().count() == 0
|
||||||
|
formdef.data_class().wipe()
|
||||||
|
|
||||||
|
# draft created if there's been some prefilled fields
|
||||||
|
formdef.fields[0].prefill = {'type': 'string', 'value': '{{request.GET.test|default:""}}'}
|
||||||
|
formdef.store()
|
||||||
|
resp = get_app(pub).get('/test/?test=hello')
|
||||||
|
assert formdef.data_class().count() == 1
|
||||||
|
formdef.data_class().wipe()
|
||||||
|
|
||||||
|
# unless the call was made from an application
|
||||||
|
resp = get_app(pub).get('/test/?test=hello', headers={'User-agent': 'python-requests/0'})
|
||||||
|
assert formdef.data_class().count() == 0
|
||||||
|
|
||||||
|
# or a bot
|
||||||
|
resp = get_app(pub).get('/test/?test=hello', headers={'User-agent': 'Googlebot'})
|
||||||
|
assert formdef.data_class().count() == 0
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize('tracking_code', [True, False])
|
@pytest.mark.parametrize('tracking_code', [True, False])
|
||||||
def test_form_direct_draft_access(pub, tracking_code):
|
def test_form_direct_draft_access(pub, tracking_code):
|
||||||
user = create_user(pub)
|
user = create_user(pub)
|
||||||
|
|
|
@ -43,7 +43,6 @@ from ..qommon import errors, get_cfg
|
||||||
from ..qommon import misc, get_logger
|
from ..qommon import misc, get_logger
|
||||||
from ..qommon import template
|
from ..qommon import template
|
||||||
from ..qommon.form import *
|
from ..qommon.form import *
|
||||||
from ..qommon.logger import BotFilter
|
|
||||||
from ..qommon import emails
|
from ..qommon import emails
|
||||||
|
|
||||||
from wcs.categories import Category
|
from wcs.categories import Category
|
||||||
|
@ -172,7 +171,7 @@ class TrackingCodeDirectory(Directory):
|
||||||
raise errors.TraversalError()
|
raise errors.TraversalError()
|
||||||
if formdata.formdef.enable_tracking_codes is False:
|
if formdata.formdef.enable_tracking_codes is False:
|
||||||
raise errors.TraversalError()
|
raise errors.TraversalError()
|
||||||
if BotFilter.is_bot():
|
if get_request().is_from_bot():
|
||||||
raise errors.AccessForbiddenError()
|
raise errors.AccessForbiddenError()
|
||||||
get_session().mark_anonymous_formdata(formdata)
|
get_session().mark_anonymous_formdata(formdata)
|
||||||
return redirect(formdata.get_url())
|
return redirect(formdata.get_url())
|
||||||
|
@ -466,7 +465,7 @@ class FormPage(Directory, FormTemplateMixin):
|
||||||
# include prefilled data
|
# include prefilled data
|
||||||
transient_formdata = self.get_transient_formdata()
|
transient_formdata = self.get_transient_formdata()
|
||||||
transient_formdata.data.update(self.formdef.get_data(form))
|
transient_formdata.data.update(self.formdef.get_data(form))
|
||||||
if self.has_draft_support():
|
if self.has_draft_support() and not (req.is_from_application() or req.is_from_bot()):
|
||||||
# save to get prefilling data in database
|
# save to get prefilling data in database
|
||||||
self.save_draft(form_data)
|
self.save_draft(form_data)
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -184,6 +184,18 @@ class HTTPRequest(quixote.http_request.HTTPRequest):
|
||||||
def is_in_frontoffice(self):
|
def is_in_frontoffice(self):
|
||||||
return not (self.is_in_backoffice() or self.is_api_url())
|
return not (self.is_in_backoffice() or self.is_api_url())
|
||||||
|
|
||||||
|
def is_from_bot(self):
|
||||||
|
from .logger import BotFilter
|
||||||
|
return BotFilter.is_bot(request=self)
|
||||||
|
|
||||||
|
def is_from_application(self):
|
||||||
|
# detect calls made from other applications or debug tools
|
||||||
|
# this is not to detect bots (is_from_bot above)
|
||||||
|
user_agent = self.get_environ('HTTP_USER_AGENT', '')
|
||||||
|
return (user_agent.startswith('python-requests') or
|
||||||
|
user_agent.startswith('curl') or
|
||||||
|
user_agent.startswith('Wget'))
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def META(self):
|
def META(self):
|
||||||
return self.environ
|
return self.environ
|
||||||
|
|
|
@ -52,10 +52,12 @@ class BotFilter(logging.Filter):
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def is_bot(cls):
|
def is_bot(cls, request=None):
|
||||||
|
if request is None:
|
||||||
|
request = get_request()
|
||||||
botfile = os.path.join(get_publisher().data_dir, 'webbots')
|
botfile = os.path.join(get_publisher().data_dir, 'webbots')
|
||||||
if os.path.exists(botfile) and get_request():
|
if request and os.path.exists(botfile):
|
||||||
user_agent = get_request().get_environ('HTTP_USER_AGENT', '')
|
user_agent = request.get_environ('HTTP_USER_AGENT', '')
|
||||||
with open(botfile) as fd:
|
with open(botfile) as fd:
|
||||||
for bot_ua_string in [x.strip() for x in fd.readlines()]:
|
for bot_ua_string in [x.strip() for x in fd.readlines()]:
|
||||||
if bot_ua_string in user_agent:
|
if bot_ua_string in user_agent:
|
||||||
|
|
Loading…
Reference in New Issue