misc: disable verification after tracking code, for the submitter (#64437)
This commit is contained in:
parent
033f80f2f2
commit
41ecc47858
|
@ -2062,6 +2062,41 @@ def test_form_tracking_code_email(pub, emails, nocache):
|
|||
assert resp.forms[1]['f0'].value == 'barfoo'
|
||||
|
||||
|
||||
def test_form_tracking_code_email_and_verification(pub, emails, nocache):
|
||||
formdef = create_formdef()
|
||||
formdef.fields = [
|
||||
fields.StringField(id='0', label='string1', required=False),
|
||||
fields.StringField(id='1', label='string2', required=False),
|
||||
fields.DateField(id='2', label='date', required=False),
|
||||
]
|
||||
formdef.enable_tracking_codes = True
|
||||
formdef.tracking_code_verify_fields = ['0', '1', '2']
|
||||
formdef.store()
|
||||
|
||||
app = get_app(pub)
|
||||
resp = app.get('/test/')
|
||||
resp.form['f0'] = 'barfoo'
|
||||
# autosave will be made using javascript in real world
|
||||
app.post('/test/autosave', params=resp.form.submit_fields())
|
||||
|
||||
tracking_code = get_displayed_tracking_code(resp)
|
||||
assert tracking_code is not None
|
||||
|
||||
resp = app.get('/test/code/%s/' % tracking_code)
|
||||
assert '<h2>Keep your tracking code</h2>' in resp.text
|
||||
resp.forms[0]['email'] = 'foo@localhost'
|
||||
resp = resp.forms[0].submit()
|
||||
assert emails.get('Tracking Code reminder')
|
||||
assert tracking_code in emails.get('Tracking Code reminder')['payload']
|
||||
assert resp.location == 'http://example.net/test/code/%s/load' % tracking_code
|
||||
|
||||
# returns to the form, without verification: formdata is mine
|
||||
resp = resp.follow()
|
||||
resp = resp.follow()
|
||||
resp = resp.follow()
|
||||
assert resp.forms[1]['f0'].value == 'barfoo'
|
||||
|
||||
|
||||
def test_form_tracking_code_email_antibot(pub, emails, nocache):
|
||||
formdef = create_formdef()
|
||||
formdef.data_class().wipe()
|
||||
|
|
|
@ -191,6 +191,9 @@ class TrackingCodeDirectory(Directory):
|
|||
if get_request().is_from_bot():
|
||||
raise errors.AccessForbiddenError()
|
||||
|
||||
if formdata.is_submitter(get_request().user):
|
||||
return redirect(formdata.get_url())
|
||||
|
||||
verify_fields = []
|
||||
for field in formdata.formdef.fields:
|
||||
if field.id in (formdata.formdef.tracking_code_verify_fields or []):
|
||||
|
|
Loading…
Reference in New Issue