fix #71: send user to sign in from context menu

2020-03-16 14:55:59 -05:00 · 2020-03-16 14:55:59 -05:00 · a6b6eb9445
--- a/.gitignore
+++ b/.gitignore
@ -4,4 +4,4 @@ node_modules
 package-lock.json
 env/
 __pycache__
-extension/web-ext-artifacts/
+web-ext-artifacts/
--- a/emails/views.py
+++ b/emails/views.py
@ -14,32 +14,38 @@ from django.shortcuts import redirect, render, get_object_or_404
 from django.views.decorators.csrf import csrf_exempt

 from .context_processors import relay_from_domain
-from .models import RelayAddress
+from .models import RelayAddress, Profile


@csrf_exempt
 def index(request):
-    if not request.user and not request.POST.get(api_token, False):
+    if (not request.user.is_authenticated and
+        not request.POST.get("api_token", False)
+       ):
        raise PermissionDenied
    if request.method == 'POST':
        return _index_POST(request)
    return redirect('profile')


+def _get_user_profile(request, api_token):
+    if not request.user.is_authenticated:
+        return Profile.objects.get(api_token=api_token)
+    return request.user.profile_set.first()
+
+
 #TODO: add csrf here? or make ids uuid so they can't be guessed?
 def _index_POST(request):
    api_token = request.POST.get('api_token', None)
    if not api_token:
        raise PermissionDenied
-    user_profile = request.user.profile_set.first()
-    if not str(api_token) == str(user_profile.api_token):
-        raise PermissionDenied
+    user_profile = _get_user_profile(request, api_token)
    if request.POST.get('method_override', None) == 'PUT':
        return _index_PUT(request)
    if request.POST.get('method_override', None) == 'DELETE':
        return _index_DELETE(request)

-    relay_address = RelayAddress.objects.create(user=request.user)
+    relay_address = RelayAddress.objects.create(user=user_profile.user)
    return_string = '%s@%s' % (
        relay_address.address, relay_from_domain(request)['RELAY_DOMAIN']
    )
--- a/extension/js/background.js
+++ b/extension/js/background.js
@ -1,3 +1,6 @@
+const RELAY_SITE_ORIGIN = "http://127.0.0.1:8000";
+
+
 browser.menus.create({
  id: "fx-private-relay-generate-alias",
  title: "Generate Email Alias",
@ -6,7 +9,13 @@ browser.menus.create({

 async function makeRelayAddressForTargetElement(info, tab) {
  const apiToken = await browser.storage.local.get("apiToken");
-  const newRelayAddressUrl = "http://127.0.0.1:8000/emails/";
+  if (!apiToken.apiToken) {
+    browser.tabs.create({
+      url: RELAY_SITE_ORIGIN,
+    });
+    return;
+  }
+  const newRelayAddressUrl = `${RELAY_SITE_ORIGIN}/emails/`;
  const newRelayAddressResponse = await fetch(newRelayAddressUrl, {
    method: "POST",
    headers: {