entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 34 Releases Activity

workflows: prevent action replay (#86577) #1095

Merged
fpeters merged 1 commits from wip/86577-prevent-action-replay into main 2024-02-09 07:28:07 +01:00
Conversation 0 Commits 1 Files Changed 5 +55 -2
fpeters commented 2024-02-06 11:04:57 +01:00
Owner
Copy Link
No description provided.
fpeters force-pushed wip/86577-prevent-action-replay from 7274e667cb to c52a2c8fd2 2024-02-06 11:58:44 +01:00 Compare
fpeters force-pushed wip/86577-prevent-action-replay from c52a2c8fd2 to 034d3f2354 2024-02-06 14:07:21 +01:00 Compare
fpeters force-pushed wip/86577-prevent-action-replay from 034d3f2354 to 08d85319f5 2024-02-06 15:36:07 +01:00 Compare
fpeters changed title from WIP: workflows: prevent action replay (#86577) to workflows: prevent action replay (#86577) 2024-02-06 15:46:26 +01:00
fpeters reviewed 2024-02-06 15:48:44 +01:00
tests/backoffice_pages/test_all.py
@ -1692,0 +1702,4 @@
resp2 = resp.click(href='%s/' % number31.id)
resp3 = resp.click(href='%s/' % number31.id)
freezer.move_to(datetime.timedelta(seconds=10))
fpeters commented 2024-02-06 15:47:57 +01:00
Author
Owner
Copy Link

On se base sur le last_update_time pour détecter que le formdata a bougé et il est juste précis à la seconde, on avance donc dans le temps pour être sûr qu'une différente soit enregistrée.

On se base sur le last_update_time pour détecter que le formdata a bougé et il est juste précis à la seconde, on avance donc dans le temps pour être sûr qu'une différente soit enregistrée.
wcs/workflows.py
@ -2349,6 +2353,7 @@ class SerieOfActionsMixin:
def get_action_form(self, filled, user, displayed_fields=None):
form = Form(enctype='multipart/form-data', use_tokens=False)
form.attrs['id'] = 'wf-actions'
form.add_hidden('_ts', str(time.mktime(filled.last_update_time)))
fpeters commented 2024-02-06 15:48:20 +01:00
Author
Owner
Copy Link

On pose le timestamp dans le formulaire.

On pose le timestamp dans le formulaire.
wcs/workflows.py
@ -2395,2 +2400,4 @@
def handle_form(self, form, filled, user, evo):
if form.get('_ts') != str(time.mktime(filled.last_update_time)):
raise ReplayException()
fpeters commented 2024-02-06 15:48:41 +01:00
Author
Owner
Copy Link

Et quand le formulaire est envoyé, on vérifie que le timestamp correspond toujours.

Et quand le formulaire est envoyé, on vérifie que le timestamp correspond toujours.
lguerin approved these changes 2024-02-06 15:50:47 +01:00
fpeters merged commit e2d8aecc1c into main 2024-02-09 07:28:07 +01:00
fpeters deleted branch wip/86577-prevent-action-replay 2024-02-09 07:28:08 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
lguerin
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: entrouvert/wcs#1095
No description provided.
Delete Branch "wip/86577-prevent-action-replay"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?