Modified boost2_confirm to require a POST request.

2011-02-20 01:03:17 +01:00 · 2011-02-20 01:03:17 +01:00 · ddc6398746
--- a/apps/mobile/templates/mobile/boost_step2.html
+++ b/apps/mobile/templates/mobile/boost_step2.html
@ -21,7 +21,7 @@
 	{{ csrf() }}
    <fieldset id="identifier" class="section">
        <div class="input-wrapper">
-            <input tabindex="1" type="text" name="identifier" value="{{ form.identifier.data }}" placeholder="Username or Email address" required>
+            <input tabindex="1" type="text" name="identifier" value="{{ form.identifier.data }}" placeholder="Username or Email address">
        </div>
 		{{ form.identifier.errors|safe }}
    </fieldset>
--- a/apps/mobile/templates/mobile/boost_step2_found.html
+++ b/apps/mobile/templates/mobile/boost_step2_found.html
@ -20,8 +20,12 @@
 		{{ parent }}
    </p>
 </div>
-<div class="buttons-wrapper">
-	<div class="button left-button"><a href="{{ url('mobile.home') }}">{{ _('Maybe later') }}</a></div>
-	<div class="button right-button"><a href="{{ url('mobile.boost2_confirm')|urlparams(parent=parent) }}">{{ _('Complete') }}</a></div>
-</div>
+<form action="{{ url('mobile.boost2_confirm') }}" method="POST">
+	{{ csrf() }}
+	<input type="hidden" name="parent" value="{{ parent }}">
+	<div class="buttons-wrapper">
+		<div class="button left-button"><a href="{{ url('mobile.home') }}">{{ _('Maybe later') }}</a></div>
+		<button ontouchstart="" class="right-button" type="submit">{{ _('Complete') }}</button>
+	</div>
+</form>
 {% endblock %}
--- a/apps/mobile/views.py
+++ b/apps/mobile/views.py
@ -1,15 +1,17 @@
-from spark.urlresolvers import reverse
-
 from django.http import HttpResponseRedirect

 import jingo

+from spark.urlresolvers import reverse
+from spark.decorators import post_required
+
 from users.models import User

 from .forms import BoostStep2Form
 from .decorators import login_required, logout_required


+
 def home(request):
    if request.user.is_authenticated():
        return jingo.render(request, 'mobile/myspark.html', {})
@ -33,8 +35,12 @@ def boost2(request):
    if request.method == 'POST':
        form = BoostStep2Form(request.user, request.POST)
        if form.is_valid():
-            return jingo.render(request, 'mobile/boost_step2_found.html',
+            if form.parent_username:
+                return jingo.render(request, 'mobile/boost_step2_found.html',
                                        {'parent': form.parent_username})
+            else: # User just checked the checkbox
+                return HttpResponseRedirect(reverse('mobile.home'))
+                
    else:
        form = BoostStep2Form(request.user)
    
@ -42,18 +48,16 @@ def boost2(request):


@login_required
+@post_required
 def boost2_confirm(request):
    """ Boost your Spark step 2/2 completion. """
-    parent = None
-    username = request.GET.get('parent')
-    
+    username = request.POST.get('parent')
    if username:
-        parent = User.objects.filter(username=username)
+        parent_user = User.objects.filter(username=username) 
+        if parent_user:
+            return HttpResponseRedirect(reverse('mobile.home'))
    
-    if parent:
-        return HttpResponseRedirect(reverse('mobile.home'))
-    else:
-        return jingo.render(request, 'spark/handlers/mobile/400.html', status=400)
+    return jingo.render(request, 'spark/handlers/mobile/400.html', status=400)


@login_required
--- a/apps/spark/decorators.py
+++ b/apps/spark/decorators.py
@ -4,7 +4,7 @@ from functools import wraps

 from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
-from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect, HttpResponseBadRequest
+from django.http import HttpResponse, HttpResponseForbidden, HttpResponseRedirect, HttpResponseBadRequest, HttpResponseNotAllowed
 from django.utils.decorators import available_attrs
 from django.utils.http import urlquote

@ -97,7 +97,7 @@ def post_required(f):
    @wraps(f)
    def wrapper(request, *args, **kw):
        if request.method != 'POST':
-            return http.HttpResponseNotAllowed(['POST'])
+            return HttpResponseNotAllowed(['POST'])
        else:
            return f(request, *args, **kw)
    return wrapper
--- a/apps/spark/templates/spark/handlers/mobile/400.html
+++ b/apps/spark/templates/spark/handlers/mobile/400.html
@ -1,6 +1,5 @@
 {% extends "mobile/page.html" %}
-{% set title = _('Spark! Boost your Spark') %}
-{% set body_id = 'boost' %}
+{% set title = _('Spark! Error') %}
 {% set pagetitle = _('Oops, your request was unsuccessful') %}
 {% set message = _("We couldn't perform your request. Perhaps because the action is no longer applicable or you tried to perform an invalid action.") %}

--- a/templates/mobile/page.html
+++ b/templates/mobile/page.html
@ -34,7 +34,7 @@
 	            <li><a href="{{ url('mobile.badges') }}">{{ _('Badges') }} <span>+11 new</span></a></li>
 	            <li><a href="{{ url('mobile.about') }}">{{ _('About Mozilla') }}</a></li>
 	        </ul>
-	        <a href="{{ url('users.mobile_logout') }}" id="logout">{{ _('Do you wanna log out ?') }}</a>
+	        <a href="{{ url('users.mobile_logout') }}" id="logout">{{ _('Do you wanna log out?') }}</a>
 	    </div>
 	</div> <!-- end menu wrapper -->
 	{% endif %}